From f3d152eb1bb258c78931a3e4035b0d5fcf6392e1 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Wed, 1 Mar 2023 13:02:51 +0000
Subject: mod_tokenauth: Add some sanity checking of the new optional
 parameters

---
 plugins/mod_tokenauth.lua | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'plugins')

diff --git a/plugins/mod_tokenauth.lua b/plugins/mod_tokenauth.lua
index 5edf51fd..fa8020bc 100644
--- a/plugins/mod_tokenauth.lua
+++ b/plugins/mod_tokenauth.lua
@@ -25,6 +25,10 @@ function create_jid_token(actor_jid, token_jid, token_role, token_ttl, token_dat
 		return nil, "invalid-host";
 	end
 
+	if (token_data and type(token_data) ~= "table") or (token_purpose and type(token_purpose ~= "string")) then
+		return nil, "bad-request";
+	end
+
 	local token_info = {
 		owner = actor_jid;
 		created = os.time();
-- 
cgit v1.2.3