Skip to content

fix(ui): expire steward tokens with malformed exp#11098

Merged
lalalune merged 1 commit into
developfrom
fix/steward-token-exp-type
Jul 2, 2026
Merged

fix(ui): expire steward tokens with malformed exp#11098
lalalune merged 1 commit into
developfrom
fix/steward-token-exp-type

Conversation

@lalalune

@lalalune lalalune commented Jul 2, 2026

Copy link
Copy Markdown
Member

Summary

  • Treat Steward JWTs with non-numeric or non-finite exp claims as expired
  • Add regression coverage so malformed truthy exp values cannot survive the 401 keep-path

Evidence

  • bun run --cwd packages/ui test -- src/cloud/shell/StewardProviderShared.test.ts src/cloud/shell/StewardProviderRuntime.test.tsx src/cloud/public-pages/pages/auth/email-callback-page.test.tsx
  • bunx biome check packages/ui/src/cloud/shell/StewardProviderShared.ts packages/ui/src/cloud/shell/StewardProviderShared.test.ts
  • bun run --cwd packages/ui typecheck
  • bun run --cwd packages/app audit:app passed 349 captures on the reviewed patch: broken=0, needs-work=0

Follow-up from review of #11067.

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: edc4e85d-d11c-4181-81d0-233f255020ec

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/steward-token-exp-type

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@greptile-apps greptile-apps Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your trial has ended. Reactivate Greptile to resume code reviews.

@lalalune lalalune merged commit c2cd1f4 into develop Jul 2, 2026
31 of 60 checks passed
@lalalune lalalune deleted the fix/steward-token-exp-type branch July 2, 2026 02:58
@lalalune

lalalune commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

QA review: strict-numeric exp check is correct per JWT NumericDate (a string exp is malformed and must not survive the 401 keep-path). Ran StewardProviderShared.test.ts on the PR head in an isolated worktree: 8/8 pass including the new regression test.

@claude

claude Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Claude encountered an error —— View job


I'll analyze this and get back to you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant