mod_tokenauth: Invalidate tokens issued before most recent password change
This is a security improvement, to ensure that sessions authenticated using a
token (note: not currently possible in stock Prosody) are invalidated just
like password-authenticated sessions are.
-- COMPAT w/pre-0.9
local log = require "util.logger".init("net.httpserver");
local traceback = debug.traceback;
local _ENV = nil;
-- luacheck: std none
local function fail()
log("error", "Attempt to use legacy HTTP API. For more info see https://prosody.im/doc/developers/legacy_http");
log("error", "Legacy HTTP API usage, %s", traceback("", 2));
end
return {
new = fail;
new_from_config = fail;
set_default_handler = fail;
};