author | Jonas Schäfer <jonas@wielicki.name> |
Tue, 28 Mar 2023 21:25:54 +0200 | |
changeset 13010 | d943733c6d01 |
parent 13009 | 1167aaf1aa1f |
child 13011 | 534c055ec378 |
--- a/plugins/mod_tokenauth.lua Tue Mar 28 11:42:20 2023 +0200 +++ b/plugins/mod_tokenauth.lua Tue Mar 28 21:25:54 2023 +0200 @@ -174,7 +174,7 @@ -- Invalidate grants from before last password change local account_info = usermanager.get_account_info(token_user, module.host); local password_updated_at = account_info and account_info.password_updated; - if grant.created < password_updated_at and password_updated_at then + if password_updated_at and grant.created < password_updated_at then module:log("debug", "Token grant issued before last password change, invalidating it now"); token_store:set_key(token_user, token_id, nil); return nil, "not-authorized";