Don't check whether a 3pid is allowed to register during password reset (#8414)

* Don't check whether a 3pid is allowed to register during password reset This endpoint should only deal with emails that have already been approved, and are attached with user's account. There's no need to re-check them here. * Changelog
4 years ago · e154f7ccb5
parent b1433bf231 f43c66d23b
commit e154f7ccb5
2 changed files with 1 additions and 7 deletions
--- a/changelog.d/8414.bugfix
+++ b/changelog.d/8414.bugfix
@ -0,0 +1 @@
+Remove unnecessary 3PID registration check when resetting password via an email address. Bug introduced in v0.34.0rc2.
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@ -96,13 +96,6 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
        send_attempt = body["send_attempt"]
        next_link = body.get("next_link")  # Optional param

-        if not check_3pid_allowed(self.hs, "email", email):
-            raise SynapseError(
-                403,
-                "Your email domain is not authorized on this server",
-                Codes.THREEPID_DENIED,
-            )
-
        if next_link:
            # Raise if the provided next_link value isn't valid
            assert_valid_next_link(self.hs, next_link)
				`@ -0,0 +1 @@`
				`Remove unnecessary 3PID registration check when resetting password via an email address. Bug introduced in v0.34.0rc2.`