only allow auth token to be sent through header

This commit is contained in:
Edward Shen 2019-08-20 20:04:13 -04:00
parent 676f88c843
commit d7f6063325
Signed by: edward
GPG key ID: F350507060ED6C90

View file

@ -54,7 +54,6 @@ pub struct Client {
access_token: Option<String>,
mxid: Option<String>,
default_492_wait_ms: u64,
use_auth_header: bool,
reqwest_client: reqwest_client,
}
@ -64,7 +63,6 @@ impl Client {
access_token: Option<String>,
mxid: Option<String>,
default_492_wait_ms: Option<u64>,
use_auth_header: Option<bool>,
) -> Result<Self, MatrixParseError> {
let url = Url::parse(homeserver_url)?;
if url.scheme().is_empty() {
@ -76,7 +74,6 @@ impl Client {
access_token,
mxid,
default_492_wait_ms: default_492_wait_ms.unwrap_or_else(|| 5000),
use_auth_header: use_auth_header.unwrap_or_else(|| true),
reqwest_client: reqwest_client::new(),
})
}
@ -86,7 +83,7 @@ impl Client {
///
/// The header will automatically be populated with a user agent and have
/// the content type set to `application/json`. If a token was provided, it
/// will be used as a bearer auth header or as a query.
/// will be used for the Authorization header.
///
/// This is a blocking, synchronous send. If the response from the
/// homeserver indicates that too many requests were sent, it will attempt
@ -123,11 +120,7 @@ impl Client {
}
if let Some(token) = &self.access_token {
if self.use_auth_header {
request = request.bearer_auth(token);
} else {
query_params.insert("access_token".to_string(), token.to_string());
}
request = request.bearer_auth(token);
}
if let Some(id) = &self.mxid {
@ -168,6 +161,7 @@ impl Client {
}
}
/// Helper method for sending query-based requests.
fn send_query(
&self,
method: MatrixHTTPMethod,