aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-05-07 20:33:03 +0200
committerKim Alvefur <zash@zash.se>2023-05-07 20:33:03 +0200
commit98d5a50eb6f0183bcce937fa2d18019e2c6006bd (patch)
treed0bbe8def7e44a1ee08e05f4510b1105fc85dce7
parent2b25fcb73270575573ac27723385ea0ebe6a5a48 (diff)
downloadprosody-98d5a50eb6f0183bcce937fa2d18019e2c6006bd.tar.gz
prosody-98d5a50eb6f0183bcce937fa2d18019e2c6006bd.zip
mod_tokenauth: Return error instead of session for token without role
Such a session triggers errors in module:may or other places since it is generally expected that a session must have a role.
-rw-r--r--plugins/mod_tokenauth.lua4
1 files changed, 3 insertions, 1 deletions
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua
index ccd06155..4f0e6c54 100644
--- a/plugins/mod_tokenauth.lua
+++ b/plugins/mod_tokenauth.lua
@@ -252,12 +252,14 @@ function get_token_session(token, resource)
local token_info, err = _get_validated_token_info(token_id, token_user, token_host, token_secret);
if not token_info then return nil, err; end
+ local role = select_role(token_user, token_host, token_info.role);
+ if not role then return nil, "not-authorized"; end
return {
username = token_user;
host = token_host;
resource = token_info.resource or resource or generate_identifier();
- role = select_role(token_user, token_host, token_info.role);
+ role = role;
};
end