diff options
| author | Rémi Bardon <remi@remibardon.name> | 2025-02-01 20:45:28 +0100 |
|---|---|---|
| committer | Rémi Bardon <remi@remibardon.name> | 2025-02-01 20:45:28 +0100 |
| commit | 9732b0f9d8f9a95ba82a854c8f24409e28ead136 (patch) | |
| tree | f52c04eda271db1decbe353ce08071ac4c437686 /plugins | |
| parent | 642c1c0ab51c3d0f130df19e3fd12ee3a28a7d5c (diff) | |
| download | prosody-9732b0f9d8f9a95ba82a854c8f24409e28ead136.tar.gz prosody-9732b0f9d8f9a95ba82a854c8f24409e28ead136.zip | |
mod_tokenauth: Fix expiry lasting one second too much
Because the code was using `< now` in a lot of places, things expiring at the current second
wouldn't be marked as expired. It isn't noticeable in real-world scenarios but I wanted to
create OAuth 2.0 tokens valid for 0 second in integration tests and it wasn't possible.
By using `<=` instead of `<`, we make sure tokens don't live a single millisecond more than
what they are supposed to.
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/mod_tokenauth.lua | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index 95b0f8d6..4760788b 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -133,7 +133,7 @@ local function clear_expired_grant_tokens(grant, now) now = now or os.time(); for secret, token_info in pairs(grant.tokens) do local expires = token_info.expires; - if expires and expires < now then + if expires and expires <= now then grant.tokens[secret] = nil; updated = true; end @@ -155,7 +155,7 @@ local function _get_validated_grant_info(username, grant) module:log("debug", "Token grant %s of %s issued before last password change, invalidating it now", grant.id, username); token_store:set_key(username, grant.id, nil); return nil, "not-authorized"; - elseif grant.expires and grant.expires < now then + elseif grant.expires and grant.expires <= now then module:log("debug", "Token grant %s of %s expired, cleaning up", grant.id, username); token_store:set_key(username, grant.id, nil); return nil, "expired"; @@ -169,14 +169,14 @@ local function _get_validated_grant_info(username, grant) local found_expired = false for secret_hash, token_info in pairs(grant.tokens) do - if token_info.expires and token_info.expires < now then + if token_info.expires and token_info.expires <= now then module:log("debug", "Token %s of grant %s of %s has expired, cleaning it up", secret_hash:sub(-8), grant.id, username); grant.tokens[secret_hash] = nil; found_expired = true; end end - if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime < now then + if not grant.expires and next(grant.tokens) == nil and grant.accessed + empty_grant_lifetime <= now then module:log("debug", "Token %s of %s grant has no tokens, discarding", grant.id, username); token_store:set_key(username, grant.id, nil); return nil, "expired"; @@ -212,7 +212,7 @@ local function _get_validated_token_info(token_id, token_user, token_host, token -- Check expiry local now = os.time(); - if token_info.expires and token_info.expires < now then + if token_info.expires and token_info.expires <= now then module:log("debug", "Token has expired, cleaning it up"); grant.tokens[secret_hash] = nil; token_store:set_key(token_user, token_id, grant); |