Software / code / prosody-modules
Changeset
5993:a0d77b427d50
mod_rest: Wrap mod_tokenauth errors
In some cases of expired or invalid tokens the error from
mod_tokenauth.get_token_session() was returned bare with status 200
instead of via the error formatting handler.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 21 Sep 2024 21:10:45 +0200 |
| parents | 5992:bdfb0ed56399 |
| children | 5994:1bb8b559f441 |
| files | mod_rest/mod_rest.lua |
| diffstat | 1 files changed, 11 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_rest/mod_rest.lua Fri Sep 20 18:47:59 2024 +0200 +++ b/mod_rest/mod_rest.lua Sat Sep 21 21:10:45 2024 +0200 @@ -51,6 +51,12 @@ size = { code = 413; type = "modify"; condition = "resource-constraint", text = "Payload too large" }; }); +local token_session_errors = errors.init("mod_tokenauth", { + ["internal-error"] = { code = 500; type = "wait"; condition = "internal-server-error" }; + ["invalid-token-format"] = { code = 403; type = "auth"; condition = "not-authorized"; text = "Credentials malformed" }; + ["not-authorized"] = { code = 403; type = "auth"; condition = "not-authorized"; text = "Credentials not accepted" }; +}); + local function check_credentials(request) -- > session | boolean, error local auth_type, auth_data = string.match(request.headers.authorization, "^(%S+)%s(.+)$"); auth_type = auth_type and auth_type:lower(); @@ -77,7 +83,11 @@ return { username = username; host = module.host }; elseif auth_type == "bearer" then if tokens.get_token_session then - return tokens.get_token_session(auth_data); + local token_session, err = tokens.get_token_session(auth_data); + if not token_session then + return false, token_session_errors.new(err or "not-authorized", { request = request }); + end + return token_session; else -- COMPAT w/0.12 local token_info = tokens.get_token_info(auth_data); if not token_info or not token_info.session then
