[Backport staging] Fix authedRequest including Authorization: Bearer undefined for password resets (matrix-org#2829)

RiotRobot · t3chguy · web-flow · commit 545a74364d39 · 2022-10-31T17:14:06.000Z
Co-authored-by: Michael Telatynski &lt;7t3chguy@gmail.com&gt;
diff --git a/spec/unit/http-api/fetch.spec.ts b/spec/unit/http-api/fetch.spec.ts
@@ -220,4 +220,14 @@ describe("FetchHttpApi", () => {
             expect(api.authedRequest(Method.Get, "/path")).rejects.toThrow("Ye shall ask for consent"),
         ]);
     });
+
+    describe("authedRequest", () => {
+        it("should not include token if unset", () => {
+            const fetchFn = jest.fn();
+            const emitter = new TypedEventEmitter<HttpApiEvent, HttpApiEventHandlerMap>();
+            const api = new FetchHttpApi(emitter, { baseUrl, prefix, fetchFn });
+            api.authedRequest(Method.Post, "/account/password");
+            expect(fetchFn.mock.calls[0][1].headers.Authorization).toBeUndefined();
+        });
+    });
 });
diff --git a/src/client.ts b/src/client.ts
@@ -7875,7 +7875,7 @@ export class MatrixClient extends TypedEventEmitter<EmittedEvents, ClientEventHa
      * @return {module:http-api.MatrixError} Rejects: with an error response.
      */
     public setPassword(
-        authDict: any,
+        authDict: IAuthDict,
         newPassword: string,
         logoutDevices?: boolean,
     ): Promise<{}> {
diff --git a/src/http-api/fetch.ts b/src/http-api/fetch.ts
@@ -143,18 +143,20 @@ export class FetchHttpApi<O extends IHttpOpts> {
     ): Promise<ResponseType<T, O>> {
         if (!queryParams) queryParams = {};
 
-        if (this.opts.useAuthorizationHeader) {
-            if (!opts.headers) {
-                opts.headers = {};
+        if (this.opts.accessToken) {
+            if (this.opts.useAuthorizationHeader) {
+                if (!opts.headers) {
+                    opts.headers = {};
+                }
+                if (!opts.headers.Authorization) {
+                    opts.headers.Authorization = "Bearer " + this.opts.accessToken;
+                }
+                if (queryParams.access_token) {
+                    delete queryParams.access_token;
+                }
+            } else if (!queryParams.access_token) {
+                queryParams.access_token = this.opts.accessToken;
             }
-            if (!opts.headers.Authorization) {
-                opts.headers.Authorization = "Bearer " + this.opts.accessToken;
-            }
-            if (queryParams.access_token) {
-                delete queryParams.access_token;
-            }
-        } else if (!queryParams.access_token) {
-            queryParams.access_token = this.opts.accessToken;
         }
 
         const requestPromise = this.request<T>(method, path, queryParams, body, opts);
