Fix authedRequest including Authorization: Bearer undefined for password resets (#2822)

spec/unit/http-api/fetch.spec.ts

@@ -220,4 +220,14 @@ describe("FetchHttpApi", () => {
             expect(api.authedRequest(Method.Get, "/path")).rejects.toThrow("Ye shall ask for consent"),
         ]);
     });
+
+    describe("authedRequest", () => {
+        it("should not include token if unset", () => {
+            const fetchFn = jest.fn();
+            const emitter = new TypedEventEmitter<HttpApiEvent, HttpApiEventHandlerMap>();
+            const api = new FetchHttpApi(emitter, { baseUrl, prefix, fetchFn });
+            api.authedRequest(Method.Post, "/account/password");
+            expect(fetchFn.mock.calls[0][1].headers.Authorization).toBeUndefined();
+        });
+    });
 });

src/client.ts

@@ -8087,7 +8087,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @return {module:http-api.MatrixError} Rejects: with an error response.
      */
     public setPassword(
-        authDict: any,
+        authDict: IAuthDict,
         newPassword: string,
         logoutDevices?: boolean,
     ): Promise<{}> {

src/http-api/fetch.ts

@@ -143,6 +143,7 @@ export class FetchHttpApi<O extends IHttpOpts> {
     ): Promise<ResponseType<T, O>> {
         if (!queryParams) queryParams = {};
 
+        if (this.opts.accessToken) {
             if (this.opts.useAuthorizationHeader) {
                 if (!opts.headers) {
                     opts.headers = {};
@@ -156,6 +157,7 @@ export class FetchHttpApi<O extends IHttpOpts> {
             } else if (!queryParams.access_token) {
                 queryParams.access_token = this.opts.accessToken;
             }
+        }
 
         const requestPromise = this.request<T>(method, path, queryParams, body, opts);