Fix user_id query param breaking auth for non-appservices (#3196)

The `user_id` query param only has defined behavior when authenticating
with an `as_token`. For any other tokens, the presence of the parameter
should simply be ignored.

Fixes #1738

Signed-off-by: Tulir Asokan <tulir@maunium.net>
Co-authored-by: devonh <devon.dmytro@gmail.com>
This commit is contained in:
Tulir Asokan 2023-09-12 10:44:51 -04:00 committed by GitHub
parent 478827459c
commit bea73c765a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -563,12 +563,15 @@ func (a *UserInternalAPI) QueryAccountData(ctx context.Context, req *api.QueryAc
func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error { func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error {
if req.AppServiceUserID != "" { if req.AppServiceUserID != "" {
appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID) appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID)
if err != nil { if err != nil || appServiceDevice != nil {
res.Err = err.Error() if err != nil {
} res.Err = err.Error()
res.Device = appServiceDevice }
res.Device = appServiceDevice
return nil return nil
}
// If the provided token wasn't an as_token (both err and appServiceDevice are nil), continue with normal auth.
} }
device, err := a.DB.GetDeviceByAccessToken(ctx, req.AccessToken) device, err := a.DB.GetDeviceByAccessToken(ctx, req.AccessToken)
if err != nil { if err != nil {