summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorAndrew Morgan <andrew@amorgan.xyz>2020-09-28 18:41:20 +0100
committerAndrew Morgan <andrew@amorgan.xyz>2020-09-28 18:41:20 +0100
commit5858093815cb5258c46dfdee9e36f76bae2aa928 (patch)
tree47210a6102e25db5d02dee2dc52f1aa5b6ea95e9 /synapse
parentMerge remote-tracking branch 'origin/release-v1.20.1' into bbz/info-mainline-... (diff)
downloadsynapse-5858093815cb5258c46dfdee9e36f76bae2aa928.tar.xz
Don't check whether a 3pid is allowed to register during password reset github/anoa/info-mainline-no-check-password-reset-backport anoa/info-mainline-no-check-password-reset-backport
This check was preventing people from resetting their passwords unless they
already had a pending invite to that email address, which makes no sense.
Diffstat (limited to 'synapse')
-rw-r--r--synapse/rest/client/v2_alpha/account.py7
1 files changed, 0 insertions, 7 deletions
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py

index cad3f9bbb7..a206b75541 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -91,13 +91,6 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
         send_attempt = body["send_attempt"]
         next_link = body.get("next_link")  # Optional param
 
-        if not await check_3pid_allowed(self.hs, "email", email):
-            raise SynapseError(
-                403,
-                "Your email domain is not authorized on this server",
-                Codes.THREEPID_DENIED,
-            )
-
         # The email will be sent to the stored address.
         # This avoids a potential account hijack by requesting a password reset to
         # an email address which is controlled by the attacker but which, after
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-04-11 11:41:19 +0000