Ensure appservices have their devices checked (#554)
The regular device check will return the device for the appservice's bot user instead of going through the user_id branch. The check has been moved to below the user_id check to ensure the right virtual user's device is chosen.
This commit is contained in:
parent
5d2d0484d1
commit
f8f9965cc5
|
@ -65,12 +65,6 @@ type Data struct {
|
||||||
func VerifyUserFromRequest(
|
func VerifyUserFromRequest(
|
||||||
req *http.Request, data Data,
|
req *http.Request, data Data,
|
||||||
) (*authtypes.Device, *util.JSONResponse) {
|
) (*authtypes.Device, *util.JSONResponse) {
|
||||||
// Try to find local user from device database
|
|
||||||
dev, devErr := verifyAccessToken(req, data.DeviceDB)
|
|
||||||
if devErr == nil {
|
|
||||||
return dev, verifyUserParameters(req)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Try to find the Application Service user
|
// Try to find the Application Service user
|
||||||
token, err := ExtractAccessToken(req)
|
token, err := ExtractAccessToken(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -128,6 +122,12 @@ func VerifyUserFromRequest(
|
||||||
return &dev, nil
|
return &dev, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Try to find local user from device database
|
||||||
|
dev, devErr := verifyAccessToken(req, data.DeviceDB)
|
||||||
|
if devErr == nil {
|
||||||
|
return dev, verifyUserParameters(req)
|
||||||
|
}
|
||||||
|
|
||||||
return nil, &util.JSONResponse{
|
return nil, &util.JSONResponse{
|
||||||
Code: http.StatusUnauthorized,
|
Code: http.StatusUnauthorized,
|
||||||
JSON: jsonerror.UnknownToken("Unrecognized access token"),
|
JSON: jsonerror.UnknownToken("Unrecognized access token"),
|
||||||
|
|
Loading…
Reference in a new issue