From d4605d1f16b5d71c72dbf07b1ffeaa81c0cb87a9 Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Mon, 28 Sep 2020 18:46:59 +0100
Subject: [PATCH 1/2] Don't check whether a 3pid is allowed to register during
 password reset

This endpoint should only deal with emails that have already been approved, and
are attached with user's account. There's no need to re-check them here.
---
 synapse/rest/client/v2_alpha/account.py | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py
index c3ce0f625..ed0d0772f 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -96,13 +96,6 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
         send_attempt = body["send_attempt"]
         next_link = body.get("next_link")  # Optional param
 
-        if not check_3pid_allowed(self.hs, "email", email):
-            raise SynapseError(
-                403,
-                "Your email domain is not authorized on this server",
-                Codes.THREEPID_DENIED,
-            )
-
         # Raise if the provided next_link value isn't valid
         assert_valid_next_link(self.hs, next_link)
 

From fe443acaee36900757d79dbf7d2fb5629df38e3c Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Mon, 28 Sep 2020 18:51:41 +0100
Subject: [PATCH 2/2] Changelog

---
 changelog.d/8414.bugfix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/8414.bugfix

diff --git a/changelog.d/8414.bugfix b/changelog.d/8414.bugfix
new file mode 100644
index 000000000..315876e89
--- /dev/null
+++ b/changelog.d/8414.bugfix
@@ -0,0 +1 @@
+Remove unnecessary 3PID registration check when resetting password via an email address. Bug introduced in v0.34.0rc2.
\ No newline at end of file