Fix `user_id` query param breaking auth for non-appservices (#3196)

The `user_id` query param only has defined behavior when authenticating with an `as_token`. For any other tokens, the presence of the parameter should simply be ignored. Fixes #1738 Signed-off-by: Tulir Asokan <tulir@maunium.net> Co-authored-by: devonh <devon.dmytro@gmail.com>
author: Tulir Asokan <tulir@maunium.net> 2023-09-12 10:44:51 -0400
committer: GitHub <noreply@github.com> 2023-09-12 14:44:51 +0000
commit: bea73c765a5c3bfda50df67461771c1f3793030a (patch)
tree: 5b2283fc5ffbf9afbc9dd83e5e37d6a7e2b56d9c /userapi
parent: 478827459c5d09062bc965d25007c0b81bcf2ba8 (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/userapi/internal/user_api.go b/userapi/internal/user_api.go
index 4305c13a..4e3c2671 100644
--- a/userapi/internal/user_api.go
+++ b/userapi/internal/user_api.go
@@ -563,12 +563,15 @@ func (a *UserInternalAPI) QueryAccountData(ctx context.Context, req *api.QueryAc
 func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error {
 	if req.AppServiceUserID != "" {
 		appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID)
-		if err != nil {
-			res.Err = err.Error()
-		}
-		res.Device = appServiceDevice
+		if err != nil || appServiceDevice != nil {
+			if err != nil {
+				res.Err = err.Error()
+			}
+			res.Device = appServiceDevice
 
-		return nil
+			return nil
+		}
+		// If the provided token wasn't an as_token (both err and appServiceDevice are nil), continue with normal auth.
 	}
 	device, err := a.DB.GetDeviceByAccessToken(ctx, req.AccessToken)
 	if err != nil {
author	Tulir Asokan <tulir@maunium.net>	2023-09-12 10:44:51 -0400
committer	GitHub <noreply@github.com>	2023-09-12 14:44:51 +0000
commit	bea73c765a5c3bfda50df67461771c1f3793030a (patch)
tree	5b2283fc5ffbf9afbc9dd83e5e37d6a7e2b56d9c /userapi
parent	478827459c5d09062bc965d25007c0b81bcf2ba8 (diff)