From 4b39d6d928a15354d3f0d3edc2eee5415f5f533b Mon Sep 17 00:00:00 2001 From: Duncan McClean Date: Wed, 3 Jun 2026 10:22:07 +0100 Subject: [PATCH 1/6] Add failing test for string elevated_session_duration config This test reproduces GitHub issue #14769 where env() returns a string value for STATAMIC_ELEVATED_SESSION_DURATION, causing Carbon's addMinutes() to throw a TypeError. Co-Authored-By: Claude Opus 4.5 --- tests/Auth/ElevatedSessionTest.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/Auth/ElevatedSessionTest.php b/tests/Auth/ElevatedSessionTest.php index 32b1324e9be..29e234ca13f 100644 --- a/tests/Auth/ElevatedSessionTest.php +++ b/tests/Auth/ElevatedSessionTest.php @@ -76,6 +76,26 @@ public function it_can_get_status_of_elevated_session() ]); } + #[Test] + public function it_handles_string_config_value_for_elevated_session_duration() + { + // This tests GitHub issue #14769 - when env() returns a string value + // for STATAMIC_ELEVATED_SESSION_DURATION, Carbon's addMinutes() should + // handle it gracefully without throwing a type error. + config(['statamic.users.elevated_session_duration' => '15']); + + $this + ->withElevatedSession(now()->subMinutes(5)) + ->actingAs($this->user) + ->get('/cp/elevated-session') + ->assertOk() + ->assertJson([ + 'elevated' => true, + 'expiry' => now()->addMinutes(10)->timestamp, + 'method' => 'password_confirmation', + ]); + } + #[Test] public function it_can_get_status_of_elevated_session_when_session_key_does_not_exist() { From a3d81f9ec9757ecb18a9b031c1e191e53fd28e0b Mon Sep 17 00:00:00 2001 From: Duncan McClean Date: Wed, 3 Jun 2026 10:22:23 +0100 Subject: [PATCH 2/6] Fix TypeError when elevated_session_duration is a string Cast the config value to int before passing to Carbon's addMinutes(), which requires int|float. This fixes the issue when users configure the value via env() which returns strings. Fixes #14769 Co-Authored-By: Claude Opus 4.5 --- src/Providers/AppServiceProvider.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Providers/AppServiceProvider.php b/src/Providers/AppServiceProvider.php index eb86a32e02a..4535147e5a6 100644 --- a/src/Providers/AppServiceProvider.php +++ b/src/Providers/AppServiceProvider.php @@ -357,7 +357,7 @@ private function registerElevatedSessionMacros() } return Carbon::createFromTimestamp($lastElevated) - ->addMinutes(config('statamic.users.elevated_session_duration', 15)) + ->addMinutes((int) config('statamic.users.elevated_session_duration', 15)) ->timestamp; }); From 32adc84e548d7e33a296032ff4409d0f7f3eb8c7 Mon Sep 17 00:00:00 2001 From: Duncan McClean Date: Wed, 3 Jun 2026 10:35:07 +0100 Subject: [PATCH 3/6] wip --- tests/Auth/ElevatedSessionTest.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/Auth/ElevatedSessionTest.php b/tests/Auth/ElevatedSessionTest.php index 29e234ca13f..611059fc368 100644 --- a/tests/Auth/ElevatedSessionTest.php +++ b/tests/Auth/ElevatedSessionTest.php @@ -76,12 +76,12 @@ public function it_can_get_status_of_elevated_session() ]); } + /** + * @see https://github.com/statamic/cms/pull/14771 + **/ #[Test] public function it_handles_string_config_value_for_elevated_session_duration() { - // This tests GitHub issue #14769 - when env() returns a string value - // for STATAMIC_ELEVATED_SESSION_DURATION, Carbon's addMinutes() should - // handle it gracefully without throwing a type error. config(['statamic.users.elevated_session_duration' => '15']); $this From e9eca310f2bb658f428d776a243f01e6c4559dae Mon Sep 17 00:00:00 2001 From: Duncan McClean Date: Wed, 3 Jun 2026 14:55:06 +0100 Subject: [PATCH 4/6] make it a float --- src/Providers/AppServiceProvider.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Providers/AppServiceProvider.php b/src/Providers/AppServiceProvider.php index 4535147e5a6..b9aa25e36ed 100644 --- a/src/Providers/AppServiceProvider.php +++ b/src/Providers/AppServiceProvider.php @@ -357,7 +357,7 @@ private function registerElevatedSessionMacros() } return Carbon::createFromTimestamp($lastElevated) - ->addMinutes((int) config('statamic.users.elevated_session_duration', 15)) + ->addMinutes((float) config('statamic.users.elevated_session_duration', 15)) ->timestamp; }); From e2fa75269789a101470c8048ef37baf8c69e783a Mon Sep 17 00:00:00 2001 From: Duncan McClean Date: Wed, 3 Jun 2026 14:58:53 +0100 Subject: [PATCH 5/6] use a float in the test too --- tests/Auth/ElevatedSessionTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Auth/ElevatedSessionTest.php b/tests/Auth/ElevatedSessionTest.php index 611059fc368..a194c77d146 100644 --- a/tests/Auth/ElevatedSessionTest.php +++ b/tests/Auth/ElevatedSessionTest.php @@ -82,7 +82,7 @@ public function it_can_get_status_of_elevated_session() #[Test] public function it_handles_string_config_value_for_elevated_session_duration() { - config(['statamic.users.elevated_session_duration' => '15']); + config(['statamic.users.elevated_session_duration' => '15.5']); $this ->withElevatedSession(now()->subMinutes(5)) From 08cc60db64e5d40ab519a45642e4e2ae3502ee50 Mon Sep 17 00:00:00 2001 From: Duncan McClean Date: Wed, 3 Jun 2026 15:01:48 +0100 Subject: [PATCH 6/6] this needs to change too --- tests/Auth/ElevatedSessionTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Auth/ElevatedSessionTest.php b/tests/Auth/ElevatedSessionTest.php index a194c77d146..ae83c518ccf 100644 --- a/tests/Auth/ElevatedSessionTest.php +++ b/tests/Auth/ElevatedSessionTest.php @@ -91,7 +91,7 @@ public function it_handles_string_config_value_for_elevated_session_duration() ->assertOk() ->assertJson([ 'elevated' => true, - 'expiry' => now()->addMinutes(10)->timestamp, + 'expiry' => now()->addMinutes(10.5)->timestamp, 'method' => 'password_confirmation', ]); }