Do not check for internal account lock for MSC3861 delegated auth

author: Quentin Gliech <quenting@element.io> 2023-08-31 12:08:14 +0200
committer: Hugh Nimmo-Smith <hughns@element.io> 2023-09-04 12:17:20 +0100
commit: 921f29a8578a10da19b4f1b21f9495127b8dc497 (patch)
tree: 60179131a3f992a8f8b807dbe702ec775ae89e82
parent: 1.91.0 (diff)
download: synapse-921f29a8578a10da19b4f1b21f9495127b8dc497.tar.xz
2 files changed, 1 insertions, 11 deletions
diff --git a/changelog.d/16215.bugfix b/changelog.d/16215.bugfix
new file mode 100644
index 0000000000..9247b0eda1
--- /dev/null
+++ b/changelog.d/16215.bugfix
@@ -0,0 +1 @@
+Fix a bug where admin tokens stopped working with MSC3861 auth delegation was enabled.
\ No newline at end of file
diff --git a/synapse/api/auth/msc3861_delegated.py b/synapse/api/auth/msc3861_delegated.py
index 14cba50c90..3cf00dd539 100644
--- a/synapse/api/auth/msc3861_delegated.py
+++ b/synapse/api/auth/msc3861_delegated.py
@@ -282,17 +282,6 @@ class MSC3861DelegatedAuth(BaseAuth):
                             "Impersonation not possible by a non admin user",
                         )
 
-            # Deny the request if the user account is locked.
-            if not allow_locked and await self.store.get_user_locked_status(
-                requester.user.to_string()
-            ):
-                raise AuthError(
-                    401,
-                    "User account has been locked",
-                    errcode=Codes.USER_LOCKED,
-                    additional_fields={"soft_logout": True},
-                )
-
         if not allow_guest and requester.is_guest:
             raise OAuthInsufficientScopeError([SCOPE_MATRIX_API])
author	Quentin Gliech <quenting@element.io>	2023-08-31 12:08:14 +0200
committer	Hugh Nimmo-Smith <hughns@element.io>	2023-09-04 12:17:20 +0100
commit	921f29a8578a10da19b4f1b21f9495127b8dc497 (patch)
tree	60179131a3f992a8f8b807dbe702ec775ae89e82
parent	1.91.0 (diff)
download	synapse-921f29a8578a10da19b4f1b21f9495127b8dc497.tar.xz