From c17576a931e04c4762d86d6330861e2675e3521c Mon Sep 17 00:00:00 2001
From: Sam Whited <sam@samwhited.com>
Date: Fri, 26 Aug 2016 16:17:19 -0500
Subject: [PATCH] mod_auth_token: Don't timeout finished requests

---
 prosody-plugins/mod_auth_token.lua | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/prosody-plugins/mod_auth_token.lua b/prosody-plugins/mod_auth_token.lua
index c1ed87ac6..c7a187fbf 100644
--- a/prosody-plugins/mod_auth_token.lua
+++ b/prosody-plugins/mod_auth_token.lua
@@ -103,7 +103,15 @@ function get_public_key(keyId)
 		}, cb);
 		-- TODO: Is the done() call racey? Can we cancel this if the request
 		--       succeedes?
-		timer.add_task(http_timeout, function() http.destroy_request(request); done(); end);
+		local function cancel()
+			-- TODO: This check is racey. Not likely to be a problem, but we should
+			--       still stick a mutex on content / code at some point.
+			if code == nil then
+				http.destroy_request(request);
+				done();
+			end
+		end
+		timer.add_task(http_timeout, cancel);
 		wait();
 
 		if code == 200 or code == 204 then