Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_tokenauth: Only check if expiry of expiring tokens
authorKim Alvefur <zash@zash.se>
Wed, 12 Apr 2023 10:21:32 +0200
changeset 13077 9e5802b45b9e
parent 13076 7fcf41b541e0
child 13078 794a5ad5495e
mod_tokenauth: Only check if expiry of expiring tokens Some tokens, e.g. OAuth2 refresh tokens, might not have their lifetime explicitly bounded here, but rather be bounded by the lifetime of something else, like the OAuth2 client. Open question: Would it be better to enforce a lifetime on all tokens?
plugins/mod_tokenauth.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_tokenauth.lua	Mon Apr 10 14:24:39 2023 +0200
+++ b/plugins/mod_tokenauth.lua	Wed Apr 12 10:21:32 2023 +0200
@@ -186,7 +186,7 @@
 
 	-- Check expiry
 	local now = os.time();
-	if token_info.expires < now then
+	if token_info.expires and token_info.expires < now then
 		module:log("debug", "Token has expired, cleaning it up");
 		grant.tokens[secret_hash] = nil;
 		token_store:set_key(token_user, token_id, grant);
prosody