Don't check whether a 3pid is allowed to register during password reset (#8414)

* Don't check whether a 3pid is allowed to register during password reset

This endpoint should only deal with emails that have already been approved, and
are attached with user's account. There's no need to re-check them here.

* Changelog
This commit is contained in:
Andrew Morgan 2020-09-29 16:42:25 +01:00 committed by GitHub
commit e154f7ccb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 1 additions and 7 deletions

1
changelog.d/8414.bugfix Normal file
View File

@ -0,0 +1 @@
Remove unnecessary 3PID registration check when resetting password via an email address. Bug introduced in v0.34.0rc2.

View File

@ -96,13 +96,6 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
send_attempt = body["send_attempt"] send_attempt = body["send_attempt"]
next_link = body.get("next_link") # Optional param next_link = body.get("next_link") # Optional param
if not check_3pid_allowed(self.hs, "email", email):
raise SynapseError(
403,
"Your email domain is not authorized on this server",
Codes.THREEPID_DENIED,
)
if next_link: if next_link:
# Raise if the provided next_link value isn't valid # Raise if the provided next_link value isn't valid
assert_valid_next_link(self.hs, next_link) assert_valid_next_link(self.hs, next_link)