fix: Return the correct error code for expired access tokens

src/service/appservice/mod.rs

@@ -67,7 +67,7 @@ impl crate::Service for Service {
 		for (id, registration) in appservices {
 			// During startup, resolve any token collisions in favour of appservices
 			// by logging out conflicting user devices
-			if let Some((user_id, device_id)) = self
+			if let Some((user_id, device_id, _)) = self
 				.services
 				.users
 				.find_from_token(&registration.as_token)

src/service/users/mod.rs

@@ -57,6 +57,12 @@ impl HashedPassword {
 	}
 }
 
+/// The status of an access token.
+pub enum AccessTokenStatus {
+	Valid,
+	Expired,
+}
+
 pub struct Service {
 	services: Services,
 	db: Data,
@@ -347,7 +353,10 @@ impl Service {
 	pub async fn count(&self) -> usize { self.db.userid_password.count().await }
 
 	/// Find out which user an access token belongs to.
-	pub async fn find_from_token(&self, token: &str) -> Option<(OwnedUserId, OwnedDeviceId)> {
+	pub async fn find_from_token(
+		&self,
+		token: &str,
+	) -> Option<(OwnedUserId, OwnedDeviceId, AccessTokenStatus)> {
 		let user = self
 			.db
 			.token_userdeviceid
@@ -357,11 +366,11 @@ impl Service {
 			.ok();
 
 		// Check if the token has expired
-		if let Some(user) = &user {
+		if let Some((user_id, device_id)) = user {
 			if let Some(expires) = self
 				.db
 				.userdeviceid_tokenexpires
-				.qry(user)
+				.qry(&(&user_id, &device_id))
 				.await
 				.deserialized::<u64>()
 				.ok()
@@ -372,12 +381,14 @@ impl Service {
 					.expect("expiry time should not overflow SystemTime");
 
 				if SystemTime::now() > expires_at {
-					return None;
+					return Some((user_id, device_id, AccessTokenStatus::Expired));
 				}
 			}
-		}
 
-		user
+			Some((user_id, device_id, AccessTokenStatus::Valid))
+		} else {
+			None
+		}
 	}
 
 	/// Returns an iterator over all users on this homeserver.