From 5425a43ba6443e2bfd31a09737aae152f5009580 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 21 Oct 2023 12:33:55 +0200
Subject: mod_tokenauth: Save grant after removing expired tokens

Ensures the periodic cleanup really does remove expired tokens.
---
 plugins/mod_tokenauth.lua | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua
index d4a30a96..6034071a 100644
--- a/plugins/mod_tokenauth.lua
+++ b/plugins/mod_tokenauth.lua
@@ -167,9 +167,14 @@ local function _get_validated_grant_info(username, grant)
 		return nil, "invalid";
 	end
 	for secret_hash, token_info in pairs(grant.tokens) do
+		local found_expired = false
 		if token_info.expires and token_info.expires < now then
 			module:log("debug", "Token has expired, cleaning it up");
 			grant.tokens[secret_hash] = nil;
+			found_expired = true;
+		end
+		if found_expired then
+			token_store:set_key(username, grant.id, nil);
 		end
 	end
 
-- 
cgit v1.2.3