Software / code / prosody
Changeset
13272:8535a6105919
mod_tokenauth: Clear expired tokens on grant retrieval
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 09 Oct 2023 20:28:37 +0200 |
| parents | 13271:56c1d2498d66 |
| children | 13273:a1c927323f06 |
| files | plugins/mod_tokenauth.lua |
| diffstat | 1 files changed, 8 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_tokenauth.lua Mon Oct 09 20:26:30 2023 +0200 +++ b/plugins/mod_tokenauth.lua Mon Oct 09 20:28:37 2023 +0200 @@ -149,11 +149,12 @@ -- Invalidate grants from before last password change local account_info = usermanager.get_account_info(username, module.host); local password_updated_at = account_info and account_info.password_updated; + local now = os.time(); if password_updated_at and grant.created < password_updated_at then module:log("debug", "Token grant issued before last password change, invalidating it now"); token_store:set_key(username, grant.id, nil); return nil, "not-authorized"; - elseif grant.expires and grant.expires < os.time() then + elseif grant.expires and grant.expires < now then module:log("debug", "Token grant expired, cleaning up"); token_store:set_key(username, grant.id, nil); return nil, "expired"; @@ -164,6 +165,12 @@ token_store:set_key(username, grant.id, nil); return nil, "invalid"; end + for secret_hash, token_info in pairs(grant.tokens) do + if token_info.expires and token_info.expires < now then + module:log("debug", "Token has expired, cleaning it up"); + grant.tokens[secret_hash] = nil; + end + end return grant; end
