From bea73c765a5c3bfda50df67461771c1f3793030a Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Tue, 12 Sep 2023 10:44:51 -0400
Subject: [PATCH] Fix `user_id` query param breaking auth for non-appservices
 (#3196)

The `user_id` query param only has defined behavior when authenticating
with an `as_token`. For any other tokens, the presence of the parameter
should simply be ignored.

Fixes #1738

Signed-off-by: Tulir Asokan <tulir@maunium.net>
Co-authored-by: devonh <devon.dmytro@gmail.com>
---
 userapi/internal/user_api.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/userapi/internal/user_api.go b/userapi/internal/user_api.go
index 4305c13a9..4e3c2671a 100644
--- a/userapi/internal/user_api.go
+++ b/userapi/internal/user_api.go
@@ -563,12 +563,15 @@ func (a *UserInternalAPI) QueryAccountData(ctx context.Context, req *api.QueryAc
 func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error {
 	if req.AppServiceUserID != "" {
 		appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID)
-		if err != nil {
-			res.Err = err.Error()
-		}
-		res.Device = appServiceDevice
+		if err != nil || appServiceDevice != nil {
+			if err != nil {
+				res.Err = err.Error()
+			}
+			res.Device = appServiceDevice
 
-		return nil
+			return nil
+		}
+		// If the provided token wasn't an as_token (both err and appServiceDevice are nil), continue with normal auth.
 	}
 	device, err := a.DB.GetDeviceByAccessToken(ctx, req.AccessToken)
 	if err != nil {