prosody
8535a6105919
plugins/mod_tokenauth.lua
Software / code / prosody
Comparison
plugins/mod_tokenauth.lua @ 13272:8535a6105919
mod_tokenauth: Clear expired tokens on grant retrieval
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 09 Oct 2023 20:28:37 +0200 |
| parent | 13271:56c1d2498d66 |
| child | 13273:a1c927323f06 |
comparison
equal
deleted
inserted
replaced
| 13271:56c1d2498d66 | 13272:8535a6105919 |
|---|---|
| 147 if not grant or not grant.created then return nil; end | 147 if not grant or not grant.created then return nil; end |
| 148 | 148 |
| 149 -- Invalidate grants from before last password change | 149 -- Invalidate grants from before last password change |
| 150 local account_info = usermanager.get_account_info(username, module.host); | 150 local account_info = usermanager.get_account_info(username, module.host); |
| 151 local password_updated_at = account_info and account_info.password_updated; | 151 local password_updated_at = account_info and account_info.password_updated; |
| 152 local now = os.time(); | |
| 152 if password_updated_at and grant.created < password_updated_at then | 153 if password_updated_at and grant.created < password_updated_at then |
| 153 module:log("debug", "Token grant issued before last password change, invalidating it now"); | 154 module:log("debug", "Token grant issued before last password change, invalidating it now"); |
| 154 token_store:set_key(username, grant.id, nil); | 155 token_store:set_key(username, grant.id, nil); |
| 155 return nil, "not-authorized"; | 156 return nil, "not-authorized"; |
| 156 elseif grant.expires and grant.expires < os.time() then | 157 elseif grant.expires and grant.expires < now then |
| 157 module:log("debug", "Token grant expired, cleaning up"); | 158 module:log("debug", "Token grant expired, cleaning up"); |
| 158 token_store:set_key(username, grant.id, nil); | 159 token_store:set_key(username, grant.id, nil); |
| 159 return nil, "expired"; | 160 return nil, "expired"; |
| 160 end | 161 end |
| 161 | 162 |
| 162 if not grant.tokens then | 163 if not grant.tokens then |
| 163 module:log("debug", "Token grant without tokens, cleaning up"); | 164 module:log("debug", "Token grant without tokens, cleaning up"); |
| 164 token_store:set_key(username, grant.id, nil); | 165 token_store:set_key(username, grant.id, nil); |
| 165 return nil, "invalid"; | 166 return nil, "invalid"; |
| 167 end | |
| 168 for secret_hash, token_info in pairs(grant.tokens) do | |
| 169 if token_info.expires and token_info.expires < now then | |
| 170 module:log("debug", "Token has expired, cleaning it up"); | |
| 171 grant.tokens[secret_hash] = nil; | |
| 172 end | |
| 166 end | 173 end |
| 167 return grant; | 174 return grant; |
| 168 end | 175 end |
| 169 | 176 |
| 170 local function _get_validated_token_info(token_id, token_user, token_host, token_secret) | 177 local function _get_validated_token_info(token_id, token_user, token_host, token_secret) |
