mod_tokenauth: Fix saving grants after clearing expired tokens
Previously the whole grant was deleted if it found one expired toke,
which was not indented.
--- a/plugins/mod_tokenauth.lua Sat Nov 04 17:12:01 2023 +0100
+++ b/plugins/mod_tokenauth.lua Sun Nov 05 16:10:40 2023 +0100
@@ -166,22 +166,22 @@
token_store:set_key(username, grant.id, nil);
return nil, "invalid";
end
+
+ local found_expired = false
for secret_hash, token_info in pairs(grant.tokens) do
- local found_expired = false
if token_info.expires and token_info.expires < now then
module:log("debug", "Token has expired, cleaning it up");
grant.tokens[secret_hash] = nil;
found_expired = true;
end
- if found_expired then
- token_store:set_key(username, grant.id, nil);
- end
end
if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime < now then
module:log("debug", "Token grant has no tokens, discarding");
token_store:set_key(username, grant.id, nil);
return nil, "expired";
+ elseif found_expired then
+ token_store:set_key(username, grant.id, grant);
end
return grant;