From 124b4fa3026401f75738734edd174bd90d66bf7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= Date: Tue, 28 Mar 2023 21:25:54 +0200 Subject: mod_tokenauth: fix traceback if password has never been changed By checking the password_updated_at for non-nilness before using it, we avoid a nasty crash :-). --- plugins/mod_tokenauth.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index 5703f4a4..94ecf1ec 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -174,7 +174,7 @@ local function _get_validated_token_info(token_id, token_user, token_host, token -- Invalidate grants from before last password change local account_info = usermanager.get_account_info(token_user, module.host); local password_updated_at = account_info and account_info.password_updated; - if grant.created < password_updated_at and password_updated_at then + if password_updated_at and grant.created < password_updated_at then module:log("debug", "Token grant issued before last password change, invalidating it now"); token_store:set_key(token_user, token_id, nil); return nil, "not-authorized"; -- cgit v1.2.3