prosody
19c814d4dd3a
plugins/mod_tokenauth.lua
Software / code / prosody
Comparison
plugins/mod_tokenauth.lua @ 13321:19c814d4dd3a
mod_tokenauth: Include more details in debug logs
Had a hard time following what was happening when it did not specify
which grant or token was being removed.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 12 Nov 2023 00:33:57 +0100 |
| parent | 13305:852a61c720d0 |
| child | 13356:bbbda8819331 |
comparison
equal
deleted
inserted
replaced
| 13320:23f95714c386 | 13321:19c814d4dd3a |
|---|---|
| 150 -- Invalidate grants from before last password change | 150 -- Invalidate grants from before last password change |
| 151 local account_info = usermanager.get_account_info(username, module.host); | 151 local account_info = usermanager.get_account_info(username, module.host); |
| 152 local password_updated_at = account_info and account_info.password_updated; | 152 local password_updated_at = account_info and account_info.password_updated; |
| 153 local now = os.time(); | 153 local now = os.time(); |
| 154 if password_updated_at and grant.created < password_updated_at then | 154 if password_updated_at and grant.created < password_updated_at then |
| 155 module:log("debug", "Token grant issued before last password change, invalidating it now"); | 155 module:log("debug", "Token grant %s of %s issued before last password change, invalidating it now", grant.id, username); |
| 156 token_store:set_key(username, grant.id, nil); | 156 token_store:set_key(username, grant.id, nil); |
| 157 return nil, "not-authorized"; | 157 return nil, "not-authorized"; |
| 158 elseif grant.expires and grant.expires < now then | 158 elseif grant.expires and grant.expires < now then |
| 159 module:log("debug", "Token grant expired, cleaning up"); | 159 module:log("debug", "Token grant %s of %s expired, cleaning up", grant.id, username); |
| 160 token_store:set_key(username, grant.id, nil); | 160 token_store:set_key(username, grant.id, nil); |
| 161 return nil, "expired"; | 161 return nil, "expired"; |
| 162 end | 162 end |
| 163 | 163 |
| 164 if not grant.tokens then | 164 if not grant.tokens then |
| 165 module:log("debug", "Token grant without tokens, cleaning up"); | 165 module:log("debug", "Token grant %s of %s without tokens, cleaning up", grant.id, username); |
| 166 token_store:set_key(username, grant.id, nil); | 166 token_store:set_key(username, grant.id, nil); |
| 167 return nil, "invalid"; | 167 return nil, "invalid"; |
| 168 end | 168 end |
| 169 | 169 |
| 170 local found_expired = false | 170 local found_expired = false |
| 171 for secret_hash, token_info in pairs(grant.tokens) do | 171 for secret_hash, token_info in pairs(grant.tokens) do |
| 172 if token_info.expires and token_info.expires < now then | 172 if token_info.expires and token_info.expires < now then |
| 173 module:log("debug", "Token has expired, cleaning it up"); | 173 module:log("debug", "Token %s of grant %s of %s has expired, cleaning it up", secret_hash:sub(-8), grant.id, username); |
| 174 grant.tokens[secret_hash] = nil; | 174 grant.tokens[secret_hash] = nil; |
| 175 found_expired = true; | 175 found_expired = true; |
| 176 end | 176 end |
| 177 end | 177 end |
| 178 | 178 |
| 179 if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime < now then | 179 if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime < now then |
| 180 module:log("debug", "Token grant has no tokens, discarding"); | 180 module:log("debug", "Token %s of %s grant has no tokens, discarding", grant.id, username); |
| 181 token_store:set_key(username, grant.id, nil); | 181 token_store:set_key(username, grant.id, nil); |
| 182 return nil, "expired"; | 182 return nil, "expired"; |
| 183 elseif found_expired then | 183 elseif found_expired then |
| 184 token_store:set_key(username, grant.id, grant); | 184 token_store:set_key(username, grant.id, grant); |
| 185 end | 185 end |
