Comparison

plugins/mod_tokenauth.lua @ 12980:6ebad8e16b3b

mod_tokenauth: Track last access time (last time a token was used)
author Matthew Wild <mwild1@gmail.com>
date Fri, 24 Mar 2023 12:59:47 +0000
parent 12977:74b9e05af71e
child 12996:e8716515405e
comparison
equal deleted inserted replaced
12979:fbbf4f0db8f0 12980:6ebad8e16b3b
5 local random = require "prosody.util.random"; 5 local random = require "prosody.util.random";
6 local usermanager = require "prosody.core.usermanager"; 6 local usermanager = require "prosody.core.usermanager";
7 local generate_identifier = require "prosody.util.id".short; 7 local generate_identifier = require "prosody.util.id".short;
8 8
9 local token_store = module:open_store("auth_tokens", "map"); 9 local token_store = module:open_store("auth_tokens", "map");
10
11 local access_time_granularity = module:get_option_number("token_auth_access_time_granularity", 60);
10 12
11 local function select_role(username, host, role) 13 local function select_role(username, host, role)
12 if role then 14 if role then
13 return prosody.hosts[host].authz.get_role_by_name(role); 15 return prosody.hosts[host].authz.get_role_by_name(role);
14 end 16 end
31 return nil, "bad-request"; 33 return nil, "bad-request";
32 end 34 end
33 35
34 local token_id = id.short(); 36 local token_id = id.short();
35 37
38 local now = os.time();
39
36 local token_info = { 40 local token_info = {
37 id = token_id; 41 id = token_id;
38 42
39 owner = actor_jid; 43 owner = actor_jid;
40 created = os.time(); 44 created = now;
41 expires = token_ttl and (os.time() + token_ttl) or nil; 45 expires = token_ttl and (now + token_ttl) or nil;
46 accessed = now;
42 jid = token_jid; 47 jid = token_jid;
43 purpose = token_purpose; 48 purpose = token_purpose;
44 49
45 resource = token_resource; 50 resource = token_resource;
46 role = token_role; 51 role = token_role;
90 return nil, "not-authorized"; 95 return nil, "not-authorized";
91 end 96 end
92 97
93 local token_info = token.token_info; 98 local token_info = token.token_info;
94 99
95 if token_info.expires and token_info.expires < os.time() then 100 local now = os.time();
101 if token_info.expires and token_info.expires < now then
96 token_store:set(token_user, token_id, nil); 102 token_store:set(token_user, token_id, nil);
97 return nil, "not-authorized"; 103 return nil, "not-authorized";
98 end 104 end
99 105
100 local account_info = usermanager.get_account_info(token_user, module.host); 106 local account_info = usermanager.get_account_info(token_user, module.host);
101 local password_updated_at = account_info and account_info.password_updated; 107 local password_updated_at = account_info and account_info.password_updated;
102 if password_updated_at and password_updated_at > token_info.created then 108 if password_updated_at and password_updated_at > token_info.created then
103 token_store:set(token_user, token_id, nil); 109 token_store:set(token_user, token_id, nil);
104 return nil, "not-authorized"; 110 return nil, "not-authorized";
111 end
112
113 local last_accessed = token_info.accessed;
114 if not last_accessed or (now - last_accessed) > access_time_granularity then
115 token_info.accessed = now;
116 token_store:set(token_user, token_id, token_info);
105 end 117 end
106 118
107 return token_info 119 return token_info
108 end 120 end
109 121