Fix user_id
query param breaking auth for non-appservices (#3196)
The `user_id` query param only has defined behavior when authenticating with an `as_token`. For any other tokens, the presence of the parameter should simply be ignored. Fixes #1738 Signed-off-by: Tulir Asokan <tulir@maunium.net> Co-authored-by: devonh <devon.dmytro@gmail.com>
This commit is contained in:
parent
478827459c
commit
bea73c765a
@ -563,12 +563,15 @@ func (a *UserInternalAPI) QueryAccountData(ctx context.Context, req *api.QueryAc
|
||||
func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error {
|
||||
if req.AppServiceUserID != "" {
|
||||
appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID)
|
||||
if err != nil {
|
||||
res.Err = err.Error()
|
||||
}
|
||||
res.Device = appServiceDevice
|
||||
if err != nil || appServiceDevice != nil {
|
||||
if err != nil {
|
||||
res.Err = err.Error()
|
||||
}
|
||||
res.Device = appServiceDevice
|
||||
|
||||
return nil
|
||||
return nil
|
||||
}
|
||||
// If the provided token wasn't an as_token (both err and appServiceDevice are nil), continue with normal auth.
|
||||
}
|
||||
device, err := a.DB.GetDeviceByAccessToken(ctx, req.AccessToken)
|
||||
if err != nil {
|
||||
|
Loading…
Reference in New Issue
Block a user