fix(core): Correctly parse numeric sessionDuration and verificationTokenDuration values (#3080)

packages/core/src/service/helpers/verification-token-generator/verification-token-generator.ts

@@ -28,11 +28,16 @@ export class VerificationTokenGenerator {
      * as specified in the VendureConfig.
      */
     verifyVerificationToken(token: string): boolean {
-        const duration = ms(this.configService.authOptions.verificationTokenDuration as string);
+        const { verificationTokenDuration } = this.configService.authOptions;
+        const verificationTokenDurationInMs =
+            typeof verificationTokenDuration === 'string'
+                ? ms(verificationTokenDuration)
+                : verificationTokenDuration;
+
         const [generatedOn] = token.split('_');
         const dateString = Buffer.from(generatedOn, 'base64').toString();
         const date = new Date(dateString);
         const elapsed = +new Date() - +date;
-        return elapsed < duration;
+        return elapsed < verificationTokenDurationInMs;
     }
 }

packages/core/src/service/services/session.service.ts

@@ -37,7 +37,11 @@ export class SessionService implements EntitySubscriberInterface {
         private orderService: OrderService,
     ) {
         this.sessionCacheStrategy = this.configService.authOptions.sessionCacheStrategy;
-        this.sessionDurationInMs = ms(this.configService.authOptions.sessionDuration as string);
+
+        const { sessionDuration } = this.configService.authOptions;
+        this.sessionDurationInMs =
+            typeof sessionDuration === 'string' ? ms(sessionDuration) : sessionDuration;
+
         // This allows us to register this class as a TypeORM Subscriber while also allowing
         // the injection on dependencies. See https://docs.nestjs.com/techniques/database#subscribers
         this.connection.rawConnection.subscribers.push(this);