Fix authedRequest including Authorization: Bearer undefined for password resets (#2822)

2025-07-31 15:24:23 +03:00 · 2022-10-31 17:08:35 +00:00
parent 6c475d9b54
commit 646b3a69fe
3 changed files with 24 additions and 12 deletions
--- a/spec/unit/http-api/fetch.spec.ts
+++ b/spec/unit/http-api/fetch.spec.ts
@ -220,4 +220,14 @@ describe("FetchHttpApi", () => {
            expect(api.authedRequest(Method.Get, "/path")).rejects.toThrow("Ye shall ask for consent"),
        ]);
    });
+
+    describe("authedRequest", () => {
+        it("should not include token if unset", () => {
+            const fetchFn = jest.fn();
+            const emitter = new TypedEventEmitter<HttpApiEvent, HttpApiEventHandlerMap>();
+            const api = new FetchHttpApi(emitter, { baseUrl, prefix, fetchFn });
+            api.authedRequest(Method.Post, "/account/password");
+            expect(fetchFn.mock.calls[0][1].headers.Authorization).toBeUndefined();
+        });
+    });
 });
--- a/src/client.ts
+++ b/src/client.ts
@ -8087,7 +8087,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
     * @return {module:http-api.MatrixError} Rejects: with an error response.
     */
    public setPassword(
-        authDict: any,
+        authDict: IAuthDict,
        newPassword: string,
        logoutDevices?: boolean,
    ): Promise<{}> {
--- a/src/http-api/fetch.ts
+++ b/src/http-api/fetch.ts
@ -143,18 +143,20 @@ export class FetchHttpApi<O extends IHttpOpts> {
    ): Promise<ResponseType<T, O>> {
        if (!queryParams) queryParams = {};

-        if (this.opts.useAuthorizationHeader) {
-            if (!opts.headers) {
-                opts.headers = {};
+        if (this.opts.accessToken) {
+            if (this.opts.useAuthorizationHeader) {
+                if (!opts.headers) {
+                    opts.headers = {};
+                }
+                if (!opts.headers.Authorization) {
+                    opts.headers.Authorization = "Bearer " + this.opts.accessToken;
+                }
+                if (queryParams.access_token) {
+                    delete queryParams.access_token;
+                }
+            } else if (!queryParams.access_token) {
+                queryParams.access_token = this.opts.accessToken;
            }
-            if (!opts.headers.Authorization) {
-                opts.headers.Authorization = "Bearer " + this.opts.accessToken;
-            }
-            if (queryParams.access_token) {
-                delete queryParams.access_token;
-            }
-        } else if (!queryParams.access_token) {
-            queryParams.access_token = this.opts.accessToken;
        }

        const requestPromise = this.request<T>(method, path, queryParams, body, opts);