prosody
2e04d54fb013
plugins/mod_tokenauth.lua
Software / code / prosody
Comparison
plugins/mod_tokenauth.lua @ 13246:2e04d54fb013
mod_tokenauth: Fix revoking a single token without revoking whole grant
This appears to have been a copy-paste of the grant revocation function,
or maybe the other way around. Either way, it deleted the whole grant
instead of the individual token as might be expected.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 23 Jul 2023 02:54:49 +0200 |
| parent | 13209:c8d949cf6b09 |
| child | 13271:56c1d2498d66 |
comparison
equal
deleted
inserted
replaced
| 13245:ffe4adbd2af9 | 13246:2e04d54fb013 |
|---|---|
| 263 role = role; | 263 role = role; |
| 264 }; | 264 }; |
| 265 end | 265 end |
| 266 | 266 |
| 267 function revoke_token(token) | 267 function revoke_token(token) |
| 268 local token_id, token_user, token_host = parse_token(token); | 268 local grant_id, token_user, token_host, token_secret = parse_token(token); |
| 269 if not token_id then | 269 if not grant_id then |
| 270 module:log("warn", "Failed to verify access token: %s", token_user); | 270 module:log("warn", "Failed to verify access token: %s", token_user); |
| 271 return nil, "invalid-token-format"; | 271 return nil, "invalid-token-format"; |
| 272 end | 272 end |
| 273 if token_host ~= module.host then | 273 if token_host ~= module.host then |
| 274 return nil, "invalid-host"; | 274 return nil, "invalid-host"; |
| 275 end | 275 end |
| 276 local ok, err = token_store:set_key(token_user, token_id, nil); | 276 local grant, err = _get_validated_grant_info(token_user, grant_id); |
| 277 if not grant then return grant, err; end | |
| 278 local secret_hash = "sha256:"..hashes.sha256(token_secret, true); | |
| 279 local token_info = grant.tokens[secret_hash]; | |
| 280 if not grant or not token_info then | |
| 281 return nil, "item-not-found"; | |
| 282 end | |
| 283 grant.tokens[secret_hash] = nil; | |
| 284 local ok, err = token_store:set_key(token_user, grant_id, grant); | |
| 277 if not ok then | 285 if not ok then |
| 278 return nil, err; | 286 return nil, err; |
| 279 end | 287 end |
| 280 module:fire_event("token-grant-revoked", { id = token_id, username = token_user, host = token_host }); | 288 module:fire_event("token-revoked", { |
| 289 grant_id = grant_id; | |
| 290 grant = grant; | |
| 291 info = token_info; | |
| 292 username = token_user; | |
| 293 host = token_host; | |
| 294 }); | |
| 281 return true; | 295 return true; |
| 282 end | 296 end |
| 283 | 297 |
| 284 function revoke_grant(username, grant_id) | 298 function revoke_grant(username, grant_id) |
| 285 local ok, err = token_store:set_key(username, grant_id, nil); | 299 local ok, err = token_store:set_key(username, grant_id, nil); |
