From 8d70f69e621496796341eacf760918941728f0de Mon Sep 17 00:00:00 2001 From: Matthias Ahouansou Date: Sat, 30 Mar 2024 12:40:58 +0000 Subject: [PATCH] fix: reject /register requests when there is no token and the type is appservice --- src/api/client_server/account.rs | 10 +++++++++- src/api/client_server/session.rs | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/api/client_server/account.rs b/src/api/client_server/account.rs index d4529a40..9f98369b 100644 --- a/src/api/client_server/account.rs +++ b/src/api/client_server/account.rs @@ -3,7 +3,8 @@ use crate::{api::client_server, services, utils, Error, Result, Ruma}; use ruma::{ api::client::{ account::{ - change_password, deactivate, get_3pids, get_username_availability, register, + change_password, deactivate, get_3pids, get_username_availability, + register::{self, LoginType}, request_3pid_management_token_via_email, request_3pid_management_token_via_msisdn, whoami, ThirdPartyIdRemovalStatus, }, @@ -84,6 +85,13 @@ pub async fn register_route(body: Ruma) -> Result) -> Result { if !body.from_appservice { return Err(Error::BadRequest( - ErrorKind::Forbidden, - "Forbidden login type.", + ErrorKind::MissingToken, + "Missing appservice token.", )); }; if let Some(UserIdentifier::UserIdOrLocalpart(user_id)) = identifier {