Fix user_id query param breaking auth for non-appservices (#3196)

The `user_id` query param only has defined behavior when authenticating with an `as_token`. For any other tokens, the presence of the parameter should simply be ignored. Fixes #1738 Signed-off-by: Tulir Asokan <tulir@maunium.net> Co-authored-by: devonh <devon.dmytro@gmail.com>
2024-06-28 01:08:30 +02:00 · 2023-09-12 10:44:51 -04:00 · 2023-09-12 10:44:51 -04:00 · bea73c765a
parent 478827459c
commit bea73c765a
1 changed files with 8 additions and 5 deletions
--- a/userapi/internal/user_api.go
+++ b/userapi/internal/user_api.go
@ -563,12 +563,15 @@ func (a *UserInternalAPI) QueryAccountData(ctx context.Context, req *api.QueryAc
 func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error {
 	if req.AppServiceUserID != "" {
 		appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID)
-		if err != nil {
-			res.Err = err.Error()
-		}
-		res.Device = appServiceDevice
+		if err != nil || appServiceDevice != nil {
+			if err != nil {
+				res.Err = err.Error()
+			}
+			res.Device = appServiceDevice

-		return nil
+			return nil
+		}
+		// If the provided token wasn't an as_token (both err and appServiceDevice are nil), continue with normal auth.
 	}
 	device, err := a.DB.GetDeviceByAccessToken(ctx, req.AccessToken)
 	if err != nil {