# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1697884435 -7200
# Node ID 5db61e0dfc62c55d2e8e27f0450a94123264b749
# Parent  ddfe07041fc515bb4a7a2fa3ef88185875589b38
mod_tokenauth: Save grant after removing expired tokens

Ensures the periodic cleanup really does remove expired tokens.

diff -r ddfe07041fc5 -r 5db61e0dfc62 plugins/mod_tokenauth.lua
--- a/plugins/mod_tokenauth.lua	Mon Oct 09 20:31:35 2023 +0200
+++ b/plugins/mod_tokenauth.lua	Sat Oct 21 12:33:55 2023 +0200
@@ -167,9 +167,14 @@
 		return nil, "invalid";
 	end
 	for secret_hash, token_info in pairs(grant.tokens) do
+		local found_expired = false
 		if token_info.expires and token_info.expires < now then
 			module:log("debug", "Token has expired, cleaning it up");
 			grant.tokens[secret_hash] = nil;
+			found_expired = true;
+		end
+		if found_expired then
+			token_store:set_key(username, grant.id, nil);
 		end
 	end