Make the AS login method call Auth.get_user_by_req for checking the AS token.

changelog.d/13094.misc

@@ -0,0 +1 @@
+Make the AS login method call `Auth.get_user_by_req` for checking the AS token.

synapse/rest/client/login.py

@@ -28,7 +28,7 @@
 
 from typing_extensions import TypedDict
 
-from synapse.api.errors import Codes, LoginError, SynapseError
+from synapse.api.errors import Codes, InvalidClientTokenError, LoginError, SynapseError
 from synapse.api.ratelimiting import Ratelimiter
 from synapse.api.urls import CLIENT_API_PREFIX
 from synapse.appservice import ApplicationService
@@ -172,7 +172,13 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]:
 
  try:
  if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE:
- appservice = self.auth.get_appservice_by_req(request)
+ requester = await self.auth.get_user_by_req(request)
+ appservice = requester.app_service
+
+ if appservice is None:
+ raise InvalidClientTokenError(
+ "This login method is only valid for application services"
+ )
 
  if appservice.is_rate_limited():
  await self._address_ratelimiter.ratelimit(