comparison mod_http_admin_api/mod_http_admin_api.lua @ 5283:cc89c97befe7

mod_http_admin_api: Tweak token session to please module:may() module:may() checks for type == "c2s", but mod_tokenauth does not currently include that or most common session properties. Fixes a traceback resulting from a different code path where module:may() tries to index event.stanza, which does not exist for http events.
author Kim Alvefur <zash@zash.se>
date Tue, 28 Mar 2023 20:45:11 +0200
parents d68348323406
children 5178c13deb78
comparison
equal deleted inserted replaced
5282:0566a71a7076 5283:cc89c97befe7
46 local session = check_credentials(event.request); 46 local session = check_credentials(event.request);
47 if not session then 47 if not session then
48 event.response.headers.authorization = www_authenticate_header; 48 event.response.headers.authorization = www_authenticate_header;
49 return false, 401; 49 return false, 401;
50 end 50 end
51 -- FIXME this should probably live in mod_tokenauth or similar
52 session.type = "c2s";
53 session.full_jid = jid.join(session.username, session.host, session.resource);
51 event.session = session; 54 event.session = session;
52 if not module:may(":access-admin-api", event) then 55 if not module:may(":access-admin-api", event) then
53 return false, 403; 56 return false, 403;
54 end 57 end
55 return true; 58 return true;