fix(appservices): don't use identity assertion on account management endpoints

This commit is contained in:
Matthias Ahouansou 2024-04-15 19:13:10 +01:00
parent 7f63948db9
commit 54e0e2a14c
No known key found for this signature in database

View file

@ -108,10 +108,7 @@ where
))
}
(
AuthScheme::AccessToken
| AuthScheme::AppserviceToken
| AuthScheme::AccessTokenOptional
| AuthScheme::None,
AuthScheme::AccessToken | AuthScheme::AccessTokenOptional,
Token::Appservice(info),
) => {
let user_id = query_params
@ -138,6 +135,9 @@ where
// TODO: Check if appservice is allowed to be that user
(Some(user_id), None, None, true)
}
(AuthScheme::None | AuthScheme::AppserviceToken, Token::Appservice(_)) => {
(None, None, None, true)
}
(AuthScheme::AccessToken, Token::None) => {
return Err(Error::BadRequest(
ErrorKind::MissingToken,