# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1683484383 -7200
# Node ID 65d2ff6e674ea3b5bdaf6edd035a67c05b4b998d
# Parent  6771acb8e857a216563bc6c72833e871ba3378a8
mod_tokenauth: Return error instead of session for token without role

Such a session triggers errors in module:may or other places since it is
generally expected that a session must have a role.

diff -r 6771acb8e857 -r 65d2ff6e674e plugins/mod_tokenauth.lua
--- a/plugins/mod_tokenauth.lua	Sun May 07 13:13:42 2023 +0200
+++ b/plugins/mod_tokenauth.lua	Sun May 07 20:33:03 2023 +0200
@@ -252,12 +252,14 @@
 	local token_info, err = _get_validated_token_info(token_id, token_user, token_host, token_secret);
 	if not token_info then return nil, err; end
 
+	local role = select_role(token_user, token_host, token_info.role);
+	if not role then return nil, "not-authorized"; end
 	return {
 		username = token_user;
 		host = token_host;
 		resource = token_info.resource or resource or generate_identifier();
 
-		role = select_role(token_user, token_host, token_info.role);
+		role = role;
 	};
 end