From f8f9965cc574e21b04d6e8f848cb1c56923a1179 Mon Sep 17 00:00:00 2001
From: Travis Ralston <travpc@gmail.com>
Date: Thu, 21 Mar 2019 08:48:21 -0600
Subject: [PATCH] Ensure appservices have their devices checked (#554)

The regular device check will return the device for the appservice's bot user instead of going through the user_id branch. The check has been moved to below the user_id check to ensure the right virtual user's device is chosen.
---
 .../matrix-org/dendrite/clientapi/auth/auth.go       | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go b/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go
index a5a9b2bf..00943fb8 100644
--- a/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go
+++ b/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go
@@ -65,12 +65,6 @@ type Data struct {
 func VerifyUserFromRequest(
 	req *http.Request, data Data,
 ) (*authtypes.Device, *util.JSONResponse) {
-	// Try to find local user from device database
-	dev, devErr := verifyAccessToken(req, data.DeviceDB)
-	if devErr == nil {
-		return dev, verifyUserParameters(req)
-	}
-
 	// Try to find the Application Service user
 	token, err := ExtractAccessToken(req)
 	if err != nil {
@@ -128,6 +122,12 @@ func VerifyUserFromRequest(
 		return &dev, nil
 	}
 
+	// Try to find local user from device database
+	dev, devErr := verifyAccessToken(req, data.DeviceDB)
+	if devErr == nil {
+		return dev, verifyUserParameters(req)
+	}
+
 	return nil, &util.JSONResponse{
 		Code: http.StatusUnauthorized,
 		JSON: jsonerror.UnknownToken("Unrecognized access token"),