Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_tokenauth: fix traceback if password has never been changed
authorJonas Schäfer <jonas@wielicki.name>
Tue, 28 Mar 2023 21:25:54 +0200
changeset 13010 d943733c6d01
parent 13009 1167aaf1aa1f
child 13011 534c055ec378
mod_tokenauth: fix traceback if password has never been changed By checking the password_updated_at for non-nilness before using it, we avoid a nasty crash :-).
plugins/mod_tokenauth.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_tokenauth.lua	Tue Mar 28 11:42:20 2023 +0200
+++ b/plugins/mod_tokenauth.lua	Tue Mar 28 21:25:54 2023 +0200
@@ -174,7 +174,7 @@
 	-- Invalidate grants from before last password change
 	local account_info = usermanager.get_account_info(token_user, module.host);
 	local password_updated_at = account_info and account_info.password_updated;
-	if grant.created < password_updated_at and password_updated_at then
+	if password_updated_at and grant.created < password_updated_at then
 		module:log("debug", "Token grant issued before last password change, invalidating it now");
 		token_store:set_key(token_user, token_id, nil);
 		return nil, "not-authorized";
prosody