From bea73c765a5c3bfda50df67461771c1f3793030a Mon Sep 17 00:00:00 2001 From: Tulir Asokan Date: Tue, 12 Sep 2023 10:44:51 -0400 Subject: [PATCH] Fix `user_id` query param breaking auth for non-appservices (#3196) The `user_id` query param only has defined behavior when authenticating with an `as_token`. For any other tokens, the presence of the parameter should simply be ignored. Fixes #1738 Signed-off-by: Tulir Asokan Co-authored-by: devonh --- userapi/internal/user_api.go | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/userapi/internal/user_api.go b/userapi/internal/user_api.go index 4305c13a..4e3c2671 100644 --- a/userapi/internal/user_api.go +++ b/userapi/internal/user_api.go @@ -563,12 +563,15 @@ func (a *UserInternalAPI) QueryAccountData(ctx context.Context, req *api.QueryAc func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error { if req.AppServiceUserID != "" { appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID) - if err != nil { - res.Err = err.Error() - } - res.Device = appServiceDevice + if err != nil || appServiceDevice != nil { + if err != nil { + res.Err = err.Error() + } + res.Device = appServiceDevice - return nil + return nil + } + // If the provided token wasn't an as_token (both err and appServiceDevice are nil), continue with normal auth. } device, err := a.DB.GetDeviceByAccessToken(ctx, req.AccessToken) if err != nil {