From 9be59bd83f0590af01940f0d8f7a824ebbaf08c5 Mon Sep 17 00:00:00 2001
From: Viktor Egorov <viktor.egorov-extern@cloudogu.com>
Date: Fri, 7 Mar 2025 12:01:57 +0100
Subject: [PATCH] Assert minimum JWT expiration time

---
 .../main/java/sonia/scm/security/JwtAccessTokenBuilder.java   | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilder.java b/scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilder.java
index 4158e8ebbb..b1dfc4c01c 100644
--- a/scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilder.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilder.java
@@ -173,6 +173,10 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
     // add scope to custom claims
     Scopes.toClaims(customClaims, scope);
 
+    if (expiresIn < 1) {
+      expiresIn = 1;
+    }
+
     Instant now = clock.instant();
     long expiration = expiresInUnit.toMillis(expiresIn);