Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_tokenauth: Clear expired tokens on grant retrieval
authorKim Alvefur <zash@zash.se>
Mon, 09 Oct 2023 20:28:37 +0200
changeset 13276 8535a6105919
parent 13275 56c1d2498d66
child 13277 a1c927323f06
mod_tokenauth: Clear expired tokens on grant retrieval
plugins/mod_tokenauth.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_tokenauth.lua	Mon Oct 09 20:26:30 2023 +0200
+++ b/plugins/mod_tokenauth.lua	Mon Oct 09 20:28:37 2023 +0200
@@ -149,11 +149,12 @@
 	-- Invalidate grants from before last password change
 	local account_info = usermanager.get_account_info(username, module.host);
 	local password_updated_at = account_info and account_info.password_updated;
+	local now = os.time();
 	if password_updated_at and grant.created < password_updated_at then
 		module:log("debug", "Token grant issued before last password change, invalidating it now");
 		token_store:set_key(username, grant.id, nil);
 		return nil, "not-authorized";
-	elseif grant.expires and grant.expires < os.time() then
+	elseif grant.expires and grant.expires < now then
 		module:log("debug", "Token grant expired, cleaning up");
 		token_store:set_key(username, grant.id, nil);
 		return nil, "expired";
@@ -164,6 +165,12 @@
 		token_store:set_key(username, grant.id, nil);
 		return nil, "invalid";
 	end
+	for secret_hash, token_info in pairs(grant.tokens) do
+		if token_info.expires and token_info.expires < now then
+			module:log("debug", "Token has expired, cleaning it up");
+			grant.tokens[secret_hash] = nil;
+		end
+	end
 	return grant;
 end
prosody