Fix user_id query param breaking auth for non-appservices (#3196)

The `user_id` query param only has defined behavior when authenticating
with an `as_token`. For any other tokens, the presence of the parameter
should simply be ignored.

Fixes #1738

Signed-off-by: Tulir Asokan <tulir@maunium.net>
Co-authored-by: devonh <devon.dmytro@gmail.com>
This commit is contained in:
Tulir Asokan 2023-09-12 10:44:51 -04:00 committed by GitHub
parent 478827459c
commit bea73c765a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -563,6 +563,7 @@ func (a *UserInternalAPI) QueryAccountData(ctx context.Context, req *api.QueryAc
func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error { func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error {
if req.AppServiceUserID != "" { if req.AppServiceUserID != "" {
appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID) appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID)
if err != nil || appServiceDevice != nil {
if err != nil { if err != nil {
res.Err = err.Error() res.Err = err.Error()
} }
@ -570,6 +571,8 @@ func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAc
return nil return nil
} }
// If the provided token wasn't an as_token (both err and appServiceDevice are nil), continue with normal auth.
}
device, err := a.DB.GetDeviceByAccessToken(ctx, req.AccessToken) device, err := a.DB.GetDeviceByAccessToken(ctx, req.AccessToken)
if err != nil { if err != nil {
if err == sql.ErrNoRows { if err == sql.ErrNoRows {