From 6be984efc8af2db37fbff05a3267199e6295ed9f Mon Sep 17 00:00:00 2001
From: Benoit Marty <benoit@matrix.org>
Date: Mon, 9 Oct 2023 20:36:49 +0200
Subject: [PATCH] Do not restore session with invalid token.

---
 .../matrix/api/auth/MatrixAuthenticationService.kt          | 5 +++++
 .../matrix/impl/auth/RustMatrixAuthenticationService.kt     | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/auth/MatrixAuthenticationService.kt b/libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/auth/MatrixAuthenticationService.kt
index 981ee028b2..501b40508e 100644
--- a/libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/auth/MatrixAuthenticationService.kt
+++ b/libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/auth/MatrixAuthenticationService.kt
@@ -25,6 +25,11 @@ import kotlinx.coroutines.flow.StateFlow
 interface MatrixAuthenticationService {
     fun loggedInStateFlow(): Flow<LoggedInState>
     suspend fun getLatestSessionId(): SessionId?
+
+    /**
+     * Restore a session from a [sessionId].
+     * Do not restore anything it the access token is not valid anymore.
+     */
     suspend fun restoreSession(sessionId: SessionId): Result<MatrixClient>
     fun getHomeserverDetails(): StateFlow<MatrixHomeServerDetails?>
     suspend fun setHomeserver(homeserver: String): Result<Unit>
diff --git a/libraries/matrix/impl/src/main/kotlin/io/element/android/libraries/matrix/impl/auth/RustMatrixAuthenticationService.kt b/libraries/matrix/impl/src/main/kotlin/io/element/android/libraries/matrix/impl/auth/RustMatrixAuthenticationService.kt
index a0d924e945..033a5f6073 100644
--- a/libraries/matrix/impl/src/main/kotlin/io/element/android/libraries/matrix/impl/auth/RustMatrixAuthenticationService.kt
+++ b/libraries/matrix/impl/src/main/kotlin/io/element/android/libraries/matrix/impl/auth/RustMatrixAuthenticationService.kt
@@ -76,7 +76,11 @@ class RustMatrixAuthenticationService @Inject constructor(
         runCatching {
             val sessionData = sessionStore.getSession(sessionId.value)
             if (sessionData != null) {
-                rustMatrixClientFactory.create(sessionData)
+                if (sessionData.isTokenValid) {
+                    rustMatrixClientFactory.create(sessionData)
+                } else {
+                    error("Token is not valid")
+                }
             } else {
                 error("No session to restore with id $sessionId")
             }