mod_tokenauth: Only check if expiry of expiring tokens

Some tokens, e.g. OAuth2 refresh tokens, might not have their lifetime explicitly bounded here, but rather be bounded by the lifetime of something else, like the OAuth2 client. Open question: Would it be better to enforce a lifetime on all tokens?
author: Kim Alvefur <zash@zash.se> 2023-04-12 10:21:32 +0200
committer: Kim Alvefur <zash@zash.se> 2023-04-12 10:21:32 +0200
commit: 816d0819f2065caa10dd95915157b3fb3b17f477 (patch)
tree: 8e6fc85998317919af127f0c1343106b1b798274 /plugins/mod_tokenauth.lua
parent: 2fc0c66f0123970ea3f8fdc3a460e8000eaaa1c2 (diff)
download: prosody-816d0819f2065caa10dd95915157b3fb3b17f477.tar.gz
prosody-816d0819f2065caa10dd95915157b3fb3b17f477.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua
index 1403047b..240e9fbd 100644
--- a/plugins/mod_tokenauth.lua
+++ b/plugins/mod_tokenauth.lua
@@ -186,7 +186,7 @@ local function _get_validated_token_info(token_id, token_user, token_host, token
 
 	-- Check expiry
 	local now = os.time();
-	if token_info.expires < now then
+	if token_info.expires and token_info.expires < now then
 		module:log("debug", "Token has expired, cleaning it up");
 		grant.tokens[secret_hash] = nil;
 		token_store:set_key(token_user, token_id, grant);
author	Kim Alvefur <zash@zash.se>	2023-04-12 10:21:32 +0200
committer	Kim Alvefur <zash@zash.se>	2023-04-12 10:21:32 +0200
commit	816d0819f2065caa10dd95915157b3fb3b17f477 (patch)
tree	8e6fc85998317919af127f0c1343106b1b798274 /plugins/mod_tokenauth.lua
parent	2fc0c66f0123970ea3f8fdc3a460e8000eaaa1c2 (diff)
download	prosody-816d0819f2065caa10dd95915157b3fb3b17f477.tar.gz prosody-816d0819f2065caa10dd95915157b3fb3b17f477.zip