FIX #26991 TIME 00:30 fix passwordValidity when no PasswordLastChange

d66705d5 · Jerome Boucher · d9f84dbb · d66705d5
Verified Commit d66705d5 authored 11 months ago by Jerome Boucher
--- a/src/bundle/auth/Controller/userAuthentication.php
+++ b/src/bundle/auth/Controller/userAuthentication.php
@@ -236,7 +236,8 @@ class userAuthentication
    private function verifyValidity($userAccount, $userLogin)
    {
        if ($this->securityPolicy['passwordValidity'] && $this->securityPolicy["passwordValidity"] != 0) {
-            $diff = ($userLogin->lastLogin->getTimestamp() - $userAccount->passwordLastChange->getTimestamp());
+            $userPasswordLastChange = $userAccount->passwordLastChange->getTimestamp() ?? 0;
+            $diff = ($userLogin->lastLogin->getTimestamp() - $userPasswordLastChange);
            // (timestamp de dernier login - timestamp de dernier chgt mdp) / durée de la session
            if ($diff > $this->securityPolicy['passwordValidity']) {
                throw \laabs::newException('auth/userPasswordValidityExpiredRequestException');