Merge branch 'no-auth-ignore-token' into 'next'

fix: ignore access tokens where they are not needed

See merge request famedly/conduit!617
This commit is contained in:
Timo Kösters 2024-04-02 18:18:59 +00:00
commit 24e9c99d47

View file

@ -110,7 +110,8 @@ where
(
AuthScheme::AccessToken
| AuthScheme::AppserviceToken
| AuthScheme::AccessTokenOptional,
| AuthScheme::AccessTokenOptional
| AuthScheme::None,
Token::Appservice(info),
) => {
let user_id = query_params
@ -144,7 +145,7 @@ where
));
}
(
AuthScheme::AccessToken | AuthScheme::AccessTokenOptional,
AuthScheme::AccessToken | AuthScheme::AccessTokenOptional | AuthScheme::None,
Token::User((user_id, device_id)),
) => (Some(user_id), Some(device_id), None, false),
(AuthScheme::ServerSignatures, Token::None) => {
@ -259,13 +260,10 @@ where
| AuthScheme::AccessTokenOptional,
Token::None,
) => (None, None, None, false),
(
AuthScheme::ServerSignatures | AuthScheme::None,
Token::Appservice(_) | Token::User(_),
) => {
(AuthScheme::ServerSignatures, Token::Appservice(_) | Token::User(_)) => {
return Err(Error::BadRequest(
ErrorKind::Unauthorized,
"Access tokens should not be used on this endpoint.",
"Only server signatures should be used on this endpoint.",
));
}
(AuthScheme::AppserviceToken, Token::User(_)) => {