fix: check get origins and projectID only for tokens with clientID (#2378)

2024-12-13 11:34:26 +00:00 · 2021-09-16 10:07:48 +02:00 · 2021-09-16 10:07:48 +02:00 · f39ff13acb
commit f39ff13acb
parent db3526df48
1 changed files with 7 additions and 3 deletions
--- a/internal/api/authz/context.go
+++ b/internal/api/authz/context.go
@ -73,10 +73,14 @@ func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID string, t *To
 	if err != nil {
 		return CtxData{}, err
 	}
-	projectID, origins, err := t.ProjectIDAndOriginsByClientID(ctx, clientID)
+	var projectID string
 	var origins []string
 	if clientID != "" {
 		projectID, origins, err = t.ProjectIDAndOriginsByClientID(ctx, clientID)
 		if err != nil {
 			return CtxData{}, errors.ThrowPermissionDenied(err, "AUTH-GHpw2", "could not read projectid by clientid")
 		}
 	}
 	if err := checkOrigin(ctx, origins); err != nil {
 		return CtxData{}, err
 	}