diff options
| -rw-r--r-- | changelog.d/16215.bugfix | 1 | ||||
| -rw-r--r-- | synapse/api/auth/msc3861_delegated.py | 11 |
2 files changed, 1 insertions, 11 deletions
diff --git a/changelog.d/16215.bugfix b/changelog.d/16215.bugfix new file mode 100644 index 0000000000..9247b0eda1 --- /dev/null +++ b/changelog.d/16215.bugfix @@ -0,0 +1 @@ +Fix a bug where admin tokens stopped working with MSC3861 auth delegation was enabled. \ No newline at end of file diff --git a/synapse/api/auth/msc3861_delegated.py b/synapse/api/auth/msc3861_delegated.py index 14cba50c90..3cf00dd539 100644 --- a/synapse/api/auth/msc3861_delegated.py +++ b/synapse/api/auth/msc3861_delegated.py @@ -282,17 +282,6 @@ class MSC3861DelegatedAuth(BaseAuth): "Impersonation not possible by a non admin user", ) - # Deny the request if the user account is locked. - if not allow_locked and await self.store.get_user_locked_status( - requester.user.to_string() - ): - raise AuthError( - 401, - "User account has been locked", - errcode=Codes.USER_LOCKED, - additional_fields={"soft_logout": True}, - ) - if not allow_guest and requester.is_guest: raise OAuthInsufficientScopeError([SCOPE_MATRIX_API]) |