# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1680029111 -7200
# Node ID cc89c97befe7e5e8cd82f537e6bec2c578c91311
# Parent  0566a71a7076b8f8c7535b2357d8a6588bce2f9d
mod_http_admin_api: Tweak token session to please module:may()

module:may() checks for type == "c2s", but mod_tokenauth does not
currently include that or most common session properties.

Fixes a traceback resulting from a different code path where
module:may() tries to index event.stanza, which does not exist for http
events.

diff -r 0566a71a7076 -r cc89c97befe7 mod_http_admin_api/mod_http_admin_api.lua
--- a/mod_http_admin_api/mod_http_admin_api.lua	Tue Mar 28 12:43:05 2023 +0100
+++ b/mod_http_admin_api/mod_http_admin_api.lua	Tue Mar 28 20:45:11 2023 +0200
@@ -48,6 +48,9 @@
 			event.response.headers.authorization = www_authenticate_header;
 			return false, 401;
 		end
+		-- FIXME this should probably live in mod_tokenauth or similar
+		session.type = "c2s";
+		session.full_jid = jid.join(session.username, session.host, session.resource);
 		event.session = session;
 		if not module:may(":access-admin-api", event) then
 			return false, 403;