prosody
65d2ff6e674e

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

13098:65d2ff6e674e

mod_tokenauth: Return error instead of session for token without role Such a session triggers errors in module:may or other places since it is generally expected that a session must have a role.
author Kim Alvefur <zash@zash.se>
date Sun, 07 May 2023 20:33:03 +0200
parents 13097:6771acb8e857
children 13099:a1ba503610ed
files plugins/mod_tokenauth.lua
diffstat 1 files changed, 3 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_tokenauth.lua	Sun May 07 13:13:42 2023 +0200
+++ b/plugins/mod_tokenauth.lua	Sun May 07 20:33:03 2023 +0200
@@ -252,12 +252,14 @@
 	local token_info, err = _get_validated_token_info(token_id, token_user, token_host, token_secret);
 	if not token_info then return nil, err; end
 
+	local role = select_role(token_user, token_host, token_info.role);
+	if not role then return nil, "not-authorized"; end
 	return {
 		username = token_user;
 		host = token_host;
 		resource = token_info.resource or resource or generate_identifier();
 
-		role = select_role(token_user, token_host, token_info.role);
+		role = role;
 	};
 end