# HG changeset patch # User Jonas Schäfer <jonas@wielicki.name> # Date 1680031554 -7200 # Node ID d943733c6d01090881094f7ebb4fa67b8c8cba2b # Parent 1167aaf1aa1fe9de17cb8ceac004d5d5473ec98f mod_tokenauth: fix traceback if password has never been changed By checking the password_updated_at for non-nilness before using it, we avoid a nasty crash :-). diff -r 1167aaf1aa1f -r d943733c6d01 plugins/mod_tokenauth.lua --- a/plugins/mod_tokenauth.lua Tue Mar 28 11:42:20 2023 +0200 +++ b/plugins/mod_tokenauth.lua Tue Mar 28 21:25:54 2023 +0200 @@ -174,7 +174,7 @@ -- Invalidate grants from before last password change local account_info = usermanager.get_account_info(token_user, module.host); local password_updated_at = account_info and account_info.password_updated; - if grant.created < password_updated_at and password_updated_at then + if password_updated_at and grant.created < password_updated_at then module:log("debug", "Token grant issued before last password change, invalidating it now"); token_store:set_key(token_user, token_id, nil); return nil, "not-authorized";