Skip to content

fix(security): make token expiration "NEVER" case-insensitive#2459

Merged
tkurki merged 1 commit intoSignalK:masterfrom
dirkwa:fix-never-case-sensitive
Mar 19, 2026
Merged

fix(security): make token expiration "NEVER" case-insensitive#2459
tkurki merged 1 commit intoSignalK:masterfrom
dirkwa:fix-never-case-sensitive

Conversation

@dirkwa
Copy link
Contributor

@dirkwa dirkwa commented Mar 16, 2026
edited
Loading

Summary

When approving device access requests, entering "never" (lowercase) in the Authentication Timeout field silently fails — the token gets created with a literal expiration string instead of being treated as non-expiring.

Extracts an isNever() helper and uses it at all 5 expiration comparison sites in tokensecurity.ts for consistent, case-insensitive matching.

Fixes #1739

tkurki
tkurki reviewed Mar 19, 2026
View reviewed changes
Copy link
Member

@tkurki tkurki left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's extract isNever(theExpiration and use that for consistency.

@dirkwa dirkwa force-pushed the fix-never-case-sensitive branch from 86d9185 to 4ca32b7 Compare March 19, 2026 20:52
@tkurki tkurki added the fix label Mar 19, 2026
@tkurki tkurki merged commit bf15f1f into SignalK:master Mar 19, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tkurki tkurki tkurki left review comments

Assignees

No one assigned

Labels

fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

When approving client token requests, the timeout phrase "NEVER" is case sensitive

2 participants

@dirkwa @tkurki