1 files changed, 9 insertions, 4 deletions

diff --git a/synapse/api/auth.py b/synapse/api/auth.py

index 1071a0576e..c6660fe687 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -190,7 +190,7 @@ class Auth:
 
             access_token = self.get_access_token_from_request(request)
 
-            user_id, app_service = await self._get_appservice_user_id(request)
+            user_id, app_service = self._get_appservice_user_id(request)
             if user_id:
                 request.authenticated_entity = user_id
                 opentracing.set_tag("authenticated_entity", user_id)
@@ -259,10 +259,11 @@ class Auth:
         except KeyError:
             raise MissingClientTokenError()
 
-    async def _get_appservice_user_id(self, request):
+    def _get_appservice_user_id(self, request):
         app_service = self.store.get_app_service_by_token(
             self.get_access_token_from_request(request)
         )
+
         if app_service is None:
             return None, None
 
@@ -280,8 +281,12 @@ class Auth:
 
         if not app_service.is_interested_in_user(user_id):
             raise AuthError(403, "Application service cannot masquerade as this user.")
-        if not (await self.store.get_user_by_id(user_id)):
-            raise AuthError(403, "Application service has not registered this user")
+        # Let ASes manipulate nonexistent users (e.g. to shadow-register them)
+        # if not (yield self.store.get_user_by_id(user_id)):
+        #     raise AuthError(
+        #         403,
+        #         "Application service has not registered this user"
+        #     )
         return user_id, app_service
 
     async def get_user_by_access_token(