diff options
author | Kim Alvefur <zash@zash.se> | 2023-05-07 20:33:03 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2023-05-07 20:33:03 +0200 |
commit | 98d5a50eb6f0183bcce937fa2d18019e2c6006bd (patch) | |
tree | d0bbe8def7e44a1ee08e05f4510b1105fc85dce7 | |
parent | 2b25fcb73270575573ac27723385ea0ebe6a5a48 (diff) | |
download | prosody-98d5a50eb6f0183bcce937fa2d18019e2c6006bd.tar.gz prosody-98d5a50eb6f0183bcce937fa2d18019e2c6006bd.zip |
mod_tokenauth: Return error instead of session for token without role
Such a session triggers errors in module:may or other places since it is
generally expected that a session must have a role.
-rw-r--r-- | plugins/mod_tokenauth.lua | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index ccd06155..4f0e6c54 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -252,12 +252,14 @@ function get_token_session(token, resource) local token_info, err = _get_validated_token_info(token_id, token_user, token_host, token_secret); if not token_info then return nil, err; end + local role = select_role(token_user, token_host, token_info.role); + if not role then return nil, "not-authorized"; end return { username = token_user; host = token_host; resource = token_info.resource or resource or generate_identifier(); - role = select_role(token_user, token_host, token_info.role); + role = role; }; end |