From 124b4fa3026401f75738734edd174bd90d66bf7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20Sch=C3=A4fer?= <jonas@wielicki.name>
Date: Tue, 28 Mar 2023 21:25:54 +0200
Subject: mod_tokenauth: fix traceback if password has never been changed

By checking the password_updated_at for non-nilness before using it,
we avoid a nasty crash :-).
---
 plugins/mod_tokenauth.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua
index 5703f4a4..94ecf1ec 100644
--- a/plugins/mod_tokenauth.lua
+++ b/plugins/mod_tokenauth.lua
@@ -174,7 +174,7 @@ local function _get_validated_token_info(token_id, token_user, token_host, token
 	-- Invalidate grants from before last password change
 	local account_info = usermanager.get_account_info(token_user, module.host);
 	local password_updated_at = account_info and account_info.password_updated;
-	if grant.created < password_updated_at and password_updated_at then
+	if password_updated_at and grant.created < password_updated_at then
 		module:log("debug", "Token grant issued before last password change, invalidating it now");
 		token_store:set_key(token_user, token_id, nil);
 		return nil, "not-authorized";
-- 
cgit v1.2.3