Make VerifyAccessToken private, let VerifyUserFromRequest return the

APwhitehat · APwhitehat · commit 5bcaddf8e9de · 2018-04-20T21:16:10.000+05:30
device if present

Signed-off-by: Anant Prakash &lt;anantprakashjsr@gmail.com&gt;
diff --git a/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go b/src/github.com/matrix-org/dendrite/clientapi/auth/auth.go
@@ -49,25 +49,26 @@ type AccountDatabase interface {
 }
 
 // VerifyUserFromRequest authenticates the HTTP request,
-// on success returns UserID of the requester.
+// on success returns UserID, Device of the requester.
 // Finds local user or an application service user.
+// Note: For an AS user, Device is not present.
 // On failure returns an JSON error response which can be sent to the client.
 func VerifyUserFromRequest(
 	req *http.Request, accountDB AccountDatabase, deviceDB DeviceDatabase,
 	applicationServices []config.ApplicationService,
-) (string, *util.JSONResponse) {
+) (string, *authtypes.Device, *util.JSONResponse) {
 	// Try to find local user from device database
-	dev, devErr := VerifyAccessToken(req, deviceDB)
+	dev, devErr := verifyAccessToken(req, deviceDB)
 
 	if devErr == nil {
-		return dev.UserID, nil
+		return dev.UserID, dev, nil
 	}
 
 	// Try to find the Application Service user
 	token, err := extractAccessToken(req)
 
 	if err != nil {
-		return "", &util.JSONResponse{
+		return "", nil, &util.JSONResponse{
 			Code: http.StatusUnauthorized,
 			JSON: jsonerror.MissingToken(err.Error()),
 		}
@@ -87,7 +88,7 @@ func VerifyUserFromRequest(
 		localpart, err := userutil.ParseUsernameParam(userID, nil)
 
 		if err != nil {
-			return "", &util.JSONResponse{
+			return "", nil, &util.JSONResponse{
 				Code: http.StatusBadRequest,
 				JSON: jsonerror.InvalidUsername(err.Error()),
 			}
@@ -98,25 +99,25 @@ func VerifyUserFromRequest(
 
 		// Verify that account exists & appServiceID matches
 		if accountErr == nil && account.AppServiceID == appService.ID {
-			return userID, nil
+			return userID, nil, nil
 		}
 
-		return "", &util.JSONResponse{
+		return "", nil, &util.JSONResponse{
 			Code: http.StatusForbidden,
 			JSON: jsonerror.Forbidden("Application service has not registered this user"),
 		}
 	}
 
-	return "", &util.JSONResponse{
+	return "", nil, &util.JSONResponse{
 		Code: http.StatusUnauthorized,
 		JSON: jsonerror.UnknownToken("Unrecognized access token"),
 	}
 }
 
-// VerifyAccessToken verifies that an access token was supplied in the given HTTP request
+// verifyAccessToken verifies that an access token was supplied in the given HTTP request
 // and returns the device it corresponds to. Returns resErr (an error response which can be
 // sent to the client) if the token is invalid or there was a problem querying the database.
-func VerifyAccessToken(req *http.Request, deviceDB DeviceDatabase) (device *authtypes.Device, resErr *util.JSONResponse) {
+func verifyAccessToken(req *http.Request, deviceDB DeviceDatabase) (device *authtypes.Device, resErr *util.JSONResponse) {
 	token, err := extractAccessToken(req)
 	if err != nil {
 		resErr = &util.JSONResponse{
diff --git a/src/github.com/matrix-org/dendrite/common/httpapi.go b/src/github.com/matrix-org/dendrite/common/httpapi.go
@@ -19,17 +19,12 @@ func MakeAuthAPI(
 	metricsName string, accountDB auth.AccountDatabase, deviceDB auth.DeviceDatabase,
 	appServices []config.ApplicationService, f func(*http.Request, string, *authtypes.Device) util.JSONResponse) http.Handler {
 	h := func(req *http.Request) util.JSONResponse {
-		user, userErr := auth.VerifyUserFromRequest(req, accountDB, deviceDB, appServices)
+		user, device, err := auth.VerifyUserFromRequest(req, accountDB, deviceDB, appServices)
 
-		if userErr != nil {
-			return *userErr
-		}
-		device, resErr := auth.VerifyAccessToken(req, deviceDB)
-
-		// AS virtual users do not have a device in database
-		if resErr != nil {
-			return f(req, user, nil)
+		if err != nil {
+			return *err
 		}
+		// device is nil for AS virtual users, as they do not have a device in database
 		return f(req, user, device)
 	}
 	return MakeExternalAPI(metricsName, h)
