prosody
94462d8f2fa9

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

13638:94462d8f2fa9

mod_tokenauth: Fix expiry lasting one second too much Because the code was using `< now` in a lot of places, things expiring at the current second wouldn't be marked as expired. It isn't noticeable in real-world scenarios but I wanted to create OAuth 2.0 tokens valid for 0 second in integration tests and it wasn't possible. By using `<=` instead of `<`, we make sure tokens don't live a single millisecond more than what they are supposed to.
author Rémi Bardon <remi@remibardon.name>
date Sat, 01 Feb 2025 20:45:28 +0100
parents 13637:c9e11007f10d
children 13639:94f77a1994dc
files plugins/mod_tokenauth.lua
diffstat 1 files changed, 5 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_tokenauth.lua	Tue Jan 28 09:18:18 2025 +0000
+++ b/plugins/mod_tokenauth.lua	Sat Feb 01 20:45:28 2025 +0100
@@ -133,7 +133,7 @@
 	now = now or os.time();
 	for secret, token_info in pairs(grant.tokens) do
 		local expires = token_info.expires;
-		if expires and expires < now then
+		if expires and expires <= now then
 			grant.tokens[secret] = nil;
 			updated = true;
 		end
@@ -155,7 +155,7 @@
 		module:log("debug", "Token grant %s of %s issued before last password change, invalidating it now", grant.id, username);
 		token_store:set_key(username, grant.id, nil);
 		return nil, "not-authorized";
-	elseif grant.expires and grant.expires < now then
+	elseif grant.expires and grant.expires <= now then
 		module:log("debug", "Token grant %s of %s expired, cleaning up", grant.id, username);
 		token_store:set_key(username, grant.id, nil);
 		return nil, "expired";
@@ -169,14 +169,14 @@
 
 	local found_expired = false
 	for secret_hash, token_info in pairs(grant.tokens) do
-		if token_info.expires and token_info.expires < now then
+		if token_info.expires and token_info.expires <= now then
 			module:log("debug", "Token %s of grant %s of %s has expired, cleaning it up", secret_hash:sub(-8), grant.id, username);
 			grant.tokens[secret_hash] = nil;
 			found_expired = true;
 		end
 	end
 
-	if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime < now then
+	if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime <= now then
 		module:log("debug", "Token %s of %s grant has no tokens, discarding", grant.id, username);
 		token_store:set_key(username, grant.id, nil);
 		return nil, "expired";
@@ -212,7 +212,7 @@
 
 	-- Check expiry
 	local now = os.time();
-	if token_info.expires and token_info.expires < now then
+	if token_info.expires and token_info.expires <= now then
 		module:log("debug", "Token has expired, cleaning it up");
 		grant.tokens[secret_hash] = nil;
 		token_store:set_key(token_user, token_id, grant);