diff options
| author | Quentin Gliech <quenting@element.io> | 2023-08-31 12:08:14 +0200 |
|---|---|---|
| committer | Jason Robinson <jasonr@element.io> | 2023-08-31 13:24:20 +0300 |
| commit | 9b40b33263e590c7a7842dc548faf2c8633939a4 (patch) | |
| tree | 1cca284aa5e22c13e58f56b654e4eae3de9101cc | |
| parent | Fix rare deadlock when using read/write locks (#16169) (diff) | |
| download | synapse-jaywink/v1.91.0-patches.tar.xz | |
Do not check for internal account lock for MSC3861 delegated auth jaywink/v1.91.0-patches
| -rw-r--r-- | changelog.d/16215.bugfix | 1 | ||||
| -rw-r--r-- | synapse/api/auth/msc3861_delegated.py | 11 |
2 files changed, 1 insertions, 11 deletions
diff --git a/changelog.d/16215.bugfix b/changelog.d/16215.bugfix new file mode 100644 index 0000000000..9247b0eda1 --- /dev/null +++ b/changelog.d/16215.bugfix @@ -0,0 +1 @@ +Fix a bug where admin tokens stopped working with MSC3861 auth delegation was enabled. \ No newline at end of file diff --git a/synapse/api/auth/msc3861_delegated.py b/synapse/api/auth/msc3861_delegated.py index 14cba50c90..3cf00dd539 100644 --- a/synapse/api/auth/msc3861_delegated.py +++ b/synapse/api/auth/msc3861_delegated.py @@ -282,17 +282,6 @@ class MSC3861DelegatedAuth(BaseAuth): "Impersonation not possible by a non admin user", ) - # Deny the request if the user account is locked. - if not allow_locked and await self.store.get_user_locked_status( - requester.user.to_string() - ): - raise AuthError( - 401, - "User account has been locked", - errcode=Codes.USER_LOCKED, - additional_fields={"soft_logout": True}, - ) - if not allow_guest and requester.is_guest: raise OAuthInsufficientScopeError([SCOPE_MATRIX_API]) |