From f8f9965cc574e21b04d6e8f848cb1c56923a1179 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Thu, 21 Mar 2019 08:48:21 -0600 Subject: [PATCH] Ensure appservices have their devices checked (#554) The regular device check will return the device for the appservice's bot user instead of going through the user_id branch. The check has been moved to below the user_id check to ensure the right virtual user's device is chosen. --- .../matrix-org/dendrite/clientapi/auth/auth.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go b/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go index a5a9b2bf..00943fb8 100644 --- a/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go +++ b/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go @@ -65,12 +65,6 @@ type Data struct { func VerifyUserFromRequest( req *http.Request, data Data, ) (*authtypes.Device, *util.JSONResponse) { - // Try to find local user from device database - dev, devErr := verifyAccessToken(req, data.DeviceDB) - if devErr == nil { - return dev, verifyUserParameters(req) - } - // Try to find the Application Service user token, err := ExtractAccessToken(req) if err != nil { @@ -128,6 +122,12 @@ func VerifyUserFromRequest( return &dev, nil } + // Try to find local user from device database + dev, devErr := verifyAccessToken(req, data.DeviceDB) + if devErr == nil { + return dev, verifyUserParameters(req) + } + return nil, &util.JSONResponse{ Code: http.StatusUnauthorized, JSON: jsonerror.UnknownToken("Unrecognized access token"),