# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1665068439 -3600
# Node ID 19113f232423db83ba25d70ed1bffb7d82a6fc8e
# Parent  126aefd2c4c631ecc93f3fccdd60ac9306eeb6f3
mod_tokenauth: Remove expired tokens from storage

diff -r 126aefd2c4c6 -r 19113f232423 plugins/mod_tokenauth.lua
--- a/plugins/mod_tokenauth.lua	Thu Oct 06 15:59:07 2022 +0100
+++ b/plugins/mod_tokenauth.lua	Thu Oct 06 16:00:39 2022 +0100
@@ -65,12 +65,14 @@
 	end
 
 	if token_info.expires and token_info.expires < os.time() then
+		token_store:set(token_user, token_id, nil);
 		return nil, "not-authorized";
 	end
 
 	local account_info = usermanager.get_account_info(token_user, module.host);
 	local password_updated_at = account_info and account_info.password_updated;
 	if password_updated_at and password_updated_at > token_info.created then
+		token_store:set(token_user, token_id, nil);
 		return nil, "not-authorized";
 	end