From 5425a43ba6443e2bfd31a09737aae152f5009580 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 21 Oct 2023 12:33:55 +0200 Subject: mod_tokenauth: Save grant after removing expired tokens Ensures the periodic cleanup really does remove expired tokens. --- plugins/mod_tokenauth.lua | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'plugins') diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua index d4a30a96..6034071a 100644 --- a/plugins/mod_tokenauth.lua +++ b/plugins/mod_tokenauth.lua @@ -167,9 +167,14 @@ local function _get_validated_grant_info(username, grant) return nil, "invalid"; end for secret_hash, token_info in pairs(grant.tokens) do + local found_expired = false if token_info.expires and token_info.expires < now then module:log("debug", "Token has expired, cleaning it up"); grant.tokens[secret_hash] = nil; + found_expired = true; + end + if found_expired then + token_store:set_key(username, grant.id, nil); end end -- cgit v1.2.3