mod_tokenauth: fix traceback if password has never been changed

By checking the password_updated_at for non-nilness before using it, we avoid a nasty crash :-).
author: Jonas Schäfer <jonas@wielicki.name> 2023-03-28 21:25:54 +0200
committer: Jonas Schäfer <jonas@wielicki.name> 2023-03-28 21:25:54 +0200
commit: 124b4fa3026401f75738734edd174bd90d66bf7c (patch)
tree: edef63c992aad93e6cd3b6e448afd30b756c5a01 /plugins/mod_tokenauth.lua
parent: 9305f475250df547e7be4599632020334d15ada4 (diff)
download: prosody-124b4fa3026401f75738734edd174bd90d66bf7c.tar.gz
prosody-124b4fa3026401f75738734edd174bd90d66bf7c.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua
index 5703f4a4..94ecf1ec 100644
--- a/plugins/mod_tokenauth.lua
+++ b/plugins/mod_tokenauth.lua
@@ -174,7 +174,7 @@ local function _get_validated_token_info(token_id, token_user, token_host, token
 	-- Invalidate grants from before last password change
 	local account_info = usermanager.get_account_info(token_user, module.host);
 	local password_updated_at = account_info and account_info.password_updated;
-	if grant.created < password_updated_at and password_updated_at then
+	if password_updated_at and grant.created < password_updated_at then
 		module:log("debug", "Token grant issued before last password change, invalidating it now");
 		token_store:set_key(token_user, token_id, nil);
 		return nil, "not-authorized";
author	Jonas Schäfer <jonas@wielicki.name>	2023-03-28 21:25:54 +0200
committer	Jonas Schäfer <jonas@wielicki.name>	2023-03-28 21:25:54 +0200
commit	124b4fa3026401f75738734edd174bd90d66bf7c (patch)
tree	edef63c992aad93e6cd3b6e448afd30b756c5a01 /plugins/mod_tokenauth.lua
parent	9305f475250df547e7be4599632020334d15ada4 (diff)
download	prosody-124b4fa3026401f75738734edd174bd90d66bf7c.tar.gz prosody-124b4fa3026401f75738734edd174bd90d66bf7c.zip