changeset 5283:cc89c97befe7

mod_http_admin_api: Tweak token session to please module:may() module:may() checks for type == "c2s", but mod_tokenauth does not currently include that or most common session properties. Fixes a traceback resulting from a different code path where module:may() tries to index event.stanza, which does not exist for http events.
author Kim Alvefur <zash@zash.se>
date Tue, 28 Mar 2023 20:45:11 +0200
parents 0566a71a7076
children 5178c13deb78
files mod_http_admin_api/mod_http_admin_api.lua
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_admin_api/mod_http_admin_api.lua	Tue Mar 28 12:43:05 2023 +0100
+++ b/mod_http_admin_api/mod_http_admin_api.lua	Tue Mar 28 20:45:11 2023 +0200
@@ -48,6 +48,9 @@
 			event.response.headers.authorization = www_authenticate_header;
 			return false, 401;
 		end
+		-- FIXME this should probably live in mod_tokenauth or similar
+		session.type = "c2s";
+		session.full_jid = jid.join(session.username, session.host, session.resource);
 		event.session = session;
 		if not module:may(":access-admin-api", event) then
 			return false, 403;