diff options
| author | Quentin Gliech <quenting@element.io> | 2023-08-31 12:08:14 +0200 |
|---|---|---|
| committer | Hugh Nimmo-Smith <hughns@element.io> | 2023-09-04 12:17:20 +0100 |
| commit | 921f29a8578a10da19b4f1b21f9495127b8dc497 (patch) | |
| tree | 60179131a3f992a8f8b807dbe702ec775ae89e82 | |
| parent | 1.91.0 (diff) | |
| download | synapse-921f29a8578a10da19b4f1b21f9495127b8dc497.tar.xz | |
Do not check for internal account lock for MSC3861 delegated auth
| -rw-r--r-- | changelog.d/16215.bugfix | 1 | ||||
| -rw-r--r-- | synapse/api/auth/msc3861_delegated.py | 11 |
2 files changed, 1 insertions, 11 deletions
diff --git a/changelog.d/16215.bugfix b/changelog.d/16215.bugfix new file mode 100644 index 0000000000..9247b0eda1 --- /dev/null +++ b/changelog.d/16215.bugfix @@ -0,0 +1 @@ +Fix a bug where admin tokens stopped working with MSC3861 auth delegation was enabled. \ No newline at end of file diff --git a/synapse/api/auth/msc3861_delegated.py b/synapse/api/auth/msc3861_delegated.py index 14cba50c90..3cf00dd539 100644 --- a/synapse/api/auth/msc3861_delegated.py +++ b/synapse/api/auth/msc3861_delegated.py @@ -282,17 +282,6 @@ class MSC3861DelegatedAuth(BaseAuth): "Impersonation not possible by a non admin user", ) - # Deny the request if the user account is locked. - if not allow_locked and await self.store.get_user_locked_status( - requester.user.to_string() - ): - raise AuthError( - 401, - "User account has been locked", - errcode=Codes.USER_LOCKED, - additional_fields={"soft_logout": True}, - ) - if not allow_guest and requester.is_guest: raise OAuthInsufficientScopeError([SCOPE_MATRIX_API]) |