fix(appservices): don't use identity assertion on account management endpoints

2 years ago · 54e0e2a14c
1 changed files with 4 additions and 4 deletions
--- a/src/api/ruma_wrapper/axum.rs
+++ b/src/api/ruma_wrapper/axum.rs
@ -108,10 +108,7 @@ where
                    ))
                }
                (
-                    AuthScheme::AccessToken
-                    | AuthScheme::AppserviceToken
-                    | AuthScheme::AccessTokenOptional
-                    | AuthScheme::None,
+                    AuthScheme::AccessToken | AuthScheme::AccessTokenOptional,
                    Token::Appservice(info),
                ) => {
                    let user_id = query_params
@ -138,6 +135,9 @@ where
                    // TODO: Check if appservice is allowed to be that user
                    (Some(user_id), None, None, true)
                }
+                (AuthScheme::None | AuthScheme::AppserviceToken, Token::Appservice(_)) => {
+                    (None, None, None, true)
+                }
                (AuthScheme::AccessToken, Token::None) => {
                    return Err(Error::BadRequest(
                        ErrorKind::MissingToken,