diff options
| author | Kim Alvefur <zash@zash.se> | 2023-10-09 20:28:37 +0200 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2023-10-09 20:28:37 +0200 |
| commit | 9d47a1a9efb7b3b9cb56644ef29132f50e14651d (patch) | |
| tree | aa65555cbaea13f4b537e86671ceb4ea509f6fe2 /plugins | |
| parent | 4df58bc22f231c504b55ae5e4d8f1942734a14f7 (diff) | |
| download | prosody-9d47a1a9efb7b3b9cb56644ef29132f50e14651d.tar.gz prosody-9d47a1a9efb7b3b9cb56644ef29132f50e14651d.zip | |
mod_tokenauth: Clear expired tokens on grant retrieval
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/mod_tokenauth.lua | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index 6c94e34f..220f6b87 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -149,11 +149,12 @@ local function _get_validated_grant_info(username, grant) -- Invalidate grants from before last password change local account_info = usermanager.get_account_info(username, module.host); local password_updated_at = account_info and account_info.password_updated; + local now = os.time(); if password_updated_at and grant.created < password_updated_at then module:log("debug", "Token grant issued before last password change, invalidating it now"); token_store:set_key(username, grant.id, nil); return nil, "not-authorized"; - elseif grant.expires and grant.expires < os.time() then + elseif grant.expires and grant.expires < now then module:log("debug", "Token grant expired, cleaning up"); token_store:set_key(username, grant.id, nil); return nil, "expired"; @@ -164,6 +165,12 @@ local function _get_validated_grant_info(username, grant) token_store:set_key(username, grant.id, nil); return nil, "invalid"; end + for secret_hash, token_info in pairs(grant.tokens) do + if token_info.expires and token_info.expires < now then + module:log("debug", "Token has expired, cleaning it up"); + grant.tokens[secret_hash] = nil; + end + end return grant; end |