mod_tokenauth: Invalidate tokens issued before most recent password change
This is a security improvement, to ensure that sessions authenticated using a
token (note: not currently possible in stock Prosody) are invalidated just
like password-authenticated sessions are.
Welcome hackers!
This project accepts and *encourages* contributions. If you would like to get
involved you can join us on our mailing list and discussion rooms. More
information on these at https://prosody.im/discuss
Patches are welcome, though before sending we would appreciate if you read
docs/coding_style.md for guidelines on how to format your code, and other tips.
Documentation for developers can be found at https://prosody.im/doc/developers
Have fun :)