mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 21:57:45 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_tokenauth: Clear expired tokens on grant retrieval

Browse source
This commit is contained in:
Kim Alvefur 2023-10-09 20:28:37 +02:00
parent 4df58bc22f
commit 9d47a1a9ef
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
plugins/mod_tokenauth.lua
View file

@ -149,11 +149,12 @@ local function _get_validated_grant_info(username, grant)
-- Invalidate grants from before last password change
local account_info = usermanager.get_account_info(username, module.host);
local password_updated_at = account_info and account_info.password_updated;
local now = os.time();
if password_updated_at and grant.created < password_updated_at then
module:log("debug", "Token grant issued before last password change, invalidating it now");
token_store:set_key(username, grant.id, nil);
return nil, "not-authorized";
elseif grant.expires and grant.expires < os.time() then
elseif grant.expires and grant.expires < now then
module:log("debug", "Token grant expired, cleaning up");
token_store:set_key(username, grant.id, nil);
return nil, "expired";
@ -164,6 +165,12 @@ local function _get_validated_grant_info(username, grant)
token_store:set_key(username, grant.id, nil);
return nil, "invalid";
end
for secret_hash, token_info in pairs(grant.tokens) do
if token_info.expires and token_info.expires < now then
module:log("debug", "Token has expired, cleaning it up");
grant.tokens[secret_hash] = nil;
end
end
return grant;
end