prosody
65d2ff6e674e
plugins/mod_tokenauth.lua
Software / code / prosody
Comparison
plugins/mod_tokenauth.lua @ 13098:65d2ff6e674e
mod_tokenauth: Return error instead of session for token without role
Such a session triggers errors in module:may or other places since it is
generally expected that a session must have a role.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 07 May 2023 20:33:03 +0200 |
| parent | 13074:794a5ad5495e |
| child | 13099:a1ba503610ed |
comparison
equal
deleted
inserted
replaced
| 13097:6771acb8e857 | 13098:65d2ff6e674e |
|---|---|
| 250 end | 250 end |
| 251 | 251 |
| 252 local token_info, err = _get_validated_token_info(token_id, token_user, token_host, token_secret); | 252 local token_info, err = _get_validated_token_info(token_id, token_user, token_host, token_secret); |
| 253 if not token_info then return nil, err; end | 253 if not token_info then return nil, err; end |
| 254 | 254 |
| 255 local role = select_role(token_user, token_host, token_info.role); | |
| 256 if not role then return nil, "not-authorized"; end | |
| 255 return { | 257 return { |
| 256 username = token_user; | 258 username = token_user; |
| 257 host = token_host; | 259 host = token_host; |
| 258 resource = token_info.resource or resource or generate_identifier(); | 260 resource = token_info.resource or resource or generate_identifier(); |
| 259 | 261 |
| 260 role = select_role(token_user, token_host, token_info.role); | 262 role = role; |
| 261 }; | 263 }; |
| 262 end | 264 end |
| 263 | 265 |
| 264 function revoke_token(token) | 266 function revoke_token(token) |
| 265 local token_id, token_user, token_host = parse_token(token); | 267 local token_id, token_user, token_host = parse_token(token); |
