mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 05:37:39 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_tokenauth: Fix expiry lasting one second too much

Browse source 
Because the code was using `< now` in a lot of places, things expiring at the current second
wouldn't be marked as expired. It isn't noticeable in real-world scenarios but I wanted to
create OAuth 2.0 tokens valid for 0 second in integration tests and it wasn't possible.

By using `<=` instead of `<`, we make sure tokens don't live a single millisecond more than
what they are supposed to.
This commit is contained in:
Rémi Bardon 2025-02-01 20:45:28 +01:00
parent 642c1c0ab5
commit 9732b0f9d8
1 changed files with 5 additions and 5 deletions

10
plugins/mod_tokenauth.lua
View file

@ -133,7 +133,7 @@ local function clear_expired_grant_tokens(grant, now)
now = now or os.time();
for secret, token_info in pairs(grant.tokens) do
local expires = token_info.expires;
if expires and expires < now then
if expires and expires <= now then
grant.tokens[secret] = nil;
updated = true;
end
@ -155,7 +155,7 @@ local function _get_validated_grant_info(username, grant)
module:log("debug", "Token grant %s of %s issued before last password change, invalidating it now", grant.id, username);
token_store:set_key(username, grant.id, nil);
return nil, "not-authorized";
elseif grant.expires and grant.expires < now then
elseif grant.expires and grant.expires <= now then
module:log("debug", "Token grant %s of %s expired, cleaning up", grant.id, username);
token_store:set_key(username, grant.id, nil);
return nil, "expired";
@ -169,14 +169,14 @@ local function _get_validated_grant_info(username, grant)
local found_expired = false
for secret_hash, token_info in pairs(grant.tokens) do
if token_info.expires and token_info.expires < now then
if token_info.expires and token_info.expires <= now then
module:log("debug", "Token %s of grant %s of %s has expired, cleaning it up", secret_hash:sub(-8), grant.id, username);
grant.tokens[secret_hash] = nil;
found_expired = true;
end
end
if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime < now then
if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime <= now then
module:log("debug", "Token %s of %s grant has no tokens, discarding", grant.id, username);
token_store:set_key(username, grant.id, nil);
return nil, "expired";
@ -212,7 +212,7 @@ local function _get_validated_token_info(token_id, token_user, token_host, token
-- Check expiry
local now = os.time();
if token_info.expires and token_info.expires < now then
if token_info.expires and token_info.expires <= now then
module:log("debug", "Token has expired, cleaning it up");
grant.tokens[secret_hash] = nil;
token_store:set_key(token_user, token_id, grant);