Mercurial > prosody-modules

comparison mod_sasl2_fast/mod_sasl2_fast.lua @ 5084:dda2af7ed02f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_sasl2_fast: Add more debug logging
author Matthew Wild <mwild1@gmail.com>
date Mon, 07 Nov 2022 10:21:42 +0000
parents 4837232474ca
children 745c7f4cca40
comparison
equal deleted inserted replaced
5083:4837232474ca 5084:dda2af7ed02f
45 if token and token.mechanism == mechanism then 45 if token and token.mechanism == mechanism then
46 local expected_hash = hmac_f(token.secret, "Initiator"..cb_data); 46 local expected_hash = hmac_f(token.secret, "Initiator"..cb_data);
47 if hash.equals(expected_hash, token_hash) then 47 if hash.equals(expected_hash, token_hash) then
48 local current_time = now(); 48 local current_time = now();
49 if token.expires_at < current_time then 49 if token.expires_at < current_time then
50 log("debug", "Token found, but it has expired (%ds ago). Cleaning up...", current_time - token.expires_at);
50 token_store:set(username, key, nil); 51 token_store:set(username, key, nil);
51 return nil, "credentials-expired"; 52 return nil, "credentials-expired";
52 end 53 end
53 if not tried_current_token and not invalidate then 54 if not tried_current_token and not invalidate then
54 -- The new token is becoming the current token 55 -- The new token is becoming the current token
59 end 60 end
60 local rotation_needed; 61 local rotation_needed;
61 if invalidate then 62 if invalidate then
62 token_store:set(username, key, nil); 63 token_store:set(username, key, nil);
63 elseif current_time - token.issued_at > fast_token_min_ttl then 64 elseif current_time - token.issued_at > fast_token_min_ttl then
65 log("debug", "FAST token due for rotation (age: %d)", current_time - token.issued_at);
64 rotation_needed = true; 66 rotation_needed = true;
65 end 67 end
66 return true, username, hmac_f(token.secret, "Responder"..cb_data), rotation_needed; 68 return true, username, hmac_f(token.secret, "Responder"..cb_data), rotation_needed;
67 end 69 end
68 end 70 end