prosody-modules: mod_sasl2_fast/mod_sasl2

comparison mod_sasl2_fast/mod_sasl2_fast.lua @ 5285:8e1f1eb00b58

mod_sasl2_fast: Fix harmless off-by-one error (invalidates existing tokens!) Problem: This was causing the key to become "<token>--cur" instead of the expected "<token>-cur". As the same key was used by the code to both set and get, it still worked. Rationale for change: Although it worked, it's unintended, inconsistent and messy. It increases the chances of future bugs due to the unexpected format. Side-effects of change: Existing '--cur' entries will not be checked after this change, and therefore existing FAST clients will fail to authenticate until they attempt password auth and obtain a new FAST token. Existing '--cur' entries in storage will not be cleaned up by this commit, but this is considered a minor issue, and okay for the relatively few FAST deployments.

author	Matthew Wild <mwild1@gmail.com>
date	Wed, 29 Mar 2023 16:12:15 +0100
parents	0566a71a7076
children	a91adc164566

comparison

equal deleted inserted replaced

-:5178c13deb78
+:8e1f1eb00b58
 					end
 					if not tried_current_token and not invalidate then
 						-- The new token is becoming the current token
 						token_store:set_keys(username, {
 							[key] = token_store.remove;
-							[key:sub(1, -4).."-cur"] = token;
+							[key:sub(1, -5).."-cur"] = token;
 						});
 					end
 					local rotation_needed;
 					if invalidate then
 						token_store:set(username, key, nil);
 			end
 			if not tried_current_token then
 				log("debug", "Trying next token...");
 				-- Try again with the current token instead
 				tried_current_token = true;
-				key = key:sub(1, -4).."-cur";
+				key = key:sub(1, -5).."-cur";
 			else
 				log("debug", "No matching %s token found for %s/%s", mechanism, username, key);
 				return nil;
 			end
 		until false;

Mercurial > prosody-modules

comparison mod_sasl2_fast/mod_sasl2_fast.lua @ 5285:8e1f1eb00b58