--- a/plugins/mod_tokenauth.lua Mon Oct 09 20:26:30 2023 +0200
+++ b/plugins/mod_tokenauth.lua Mon Oct 09 20:28:37 2023 +0200
@@ -149,11 +149,12 @@
-- Invalidate grants from before last password change
local account_info = usermanager.get_account_info(username, module.host);
local password_updated_at = account_info and account_info.password_updated;
+ local now = os.time();
if password_updated_at and grant.created < password_updated_at then
module:log("debug", "Token grant issued before last password change, invalidating it now");
token_store:set_key(username, grant.id, nil);
return nil, "not-authorized";
- elseif grant.expires and grant.expires < os.time() then
+ elseif grant.expires and grant.expires < now then
module:log("debug", "Token grant expired, cleaning up");
token_store:set_key(username, grant.id, nil);
return nil, "expired";
@@ -164,6 +165,12 @@
token_store:set_key(username, grant.id, nil);
return nil, "invalid";
end
+ for secret_hash, token_info in pairs(grant.tokens) do
+ if token_info.expires and token_info.expires < now then
+ module:log("debug", "Token has expired, cleaning it up");
+ grant.tokens[secret_hash] = nil;
+ end
+ end
return grant;
end