Mercurial > prosody-modules
comparison mod_http_admin_api/mod_http_admin_api.lua @ 5283:cc89c97befe7
mod_http_admin_api: Tweak token session to please module:may()
module:may() checks for type == "c2s", but mod_tokenauth does not
currently include that or most common session properties.
Fixes a traceback resulting from a different code path where
module:may() tries to index event.stanza, which does not exist for http
events.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 28 Mar 2023 20:45:11 +0200 |
| parents | d68348323406 |
| children | 5178c13deb78 |
comparison
equal
deleted
inserted
replaced
| 5282:0566a71a7076 | 5283:cc89c97befe7 |
|---|---|
| 46 local session = check_credentials(event.request); | 46 local session = check_credentials(event.request); |
| 47 if not session then | 47 if not session then |
| 48 event.response.headers.authorization = www_authenticate_header; | 48 event.response.headers.authorization = www_authenticate_header; |
| 49 return false, 401; | 49 return false, 401; |
| 50 end | 50 end |
| 51 -- FIXME this should probably live in mod_tokenauth or similar | |
| 52 session.type = "c2s"; | |
| 53 session.full_jid = jid.join(session.username, session.host, session.resource); | |
| 51 event.session = session; | 54 event.session = session; |
| 52 if not module:may(":access-admin-api", event) then | 55 if not module:may(":access-admin-api", event) then |
| 53 return false, 403; | 56 return false, 403; |
| 54 end | 57 end |
| 55 return true; | 58 return true; |