Software /
code /
prosody-modules
Changeset
5213:dc0f502c12f1
mod_http_oauth2: Fix authorization code logic
I have no idea what it did before or if it even worked.
RFC 6749 section 4.1.2 says:
> A maximum authorization code lifetime of 10 minutes is RECOMMENDED.
So this should prevent use of codes older than 10 minutes and remove
them from the cache some time after they expire.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 06 Mar 2023 16:49:43 +0100 |
parents | 5212:3235b8bd1e55 |
children | 5214:d5492bc861f6 |
files | mod_http_oauth2/mod_http_oauth2.lua |
diffstat | 1 files changed, 7 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua Mon Mar 06 15:55:11 2023 +0100 +++ b/mod_http_oauth2/mod_http_oauth2.lua Mon Mar 06 16:49:43 2023 +0100 @@ -90,18 +90,20 @@ return usermanager.get_user_role(username, module.host).name; end -local function code_expires_in(code) - return os.difftime(os.time(), code.issued); +local function code_expires_in(code) --> number, seconds until code expires + return os.difftime(code.expires, os.time()); end -local function code_expired(code) - return code_expires_in(code) > 120; +local function code_expired(code) --> boolean, true: has expired, false: still valid + return code_expires_in(code) < 0; end local codes = cache.new(10000, function (_, code) return code_expired(code) end); +-- Periodically clear out unredeemed codes. Does not need to be exact, expired +-- codes are rejected if tried. Mostly just to keep memory usage in check. module:add_timer(900, function() local k, code = codes:tail(); while code and code_expired(code) do @@ -176,7 +178,7 @@ local code = uuid.generate(); local ok = codes:set(params.client_id .. "#" .. code, { - issued = os.time(); + expires = os.time() + 600; granted_jid = granted_jid; granted_scopes = granted_scopes; });