Don't check whether a 3pid is allowed to register during password reset

This check was preventing people from resetting their passwords unless they already had a pending invite to that email address, which makes no sense.
2020-09-28 18:41:20 +01:00
parent 1fa060e8de
commit 5858093815
1 changed files with 0 additions and 7 deletions
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -91,13 +91,6 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
        send_attempt = body["send_attempt"]
        next_link = body.get("next_link")  # Optional param

-        if not await check_3pid_allowed(self.hs, "email", email):
-            raise SynapseError(
-                403,
-                "Your email domain is not authorized on this server",
-                Codes.THREEPID_DENIED,
-            )
-
        # The email will be sent to the stored address.
        # This avoids a potential account hijack by requesting a password reset to
        # an email address which is controlled by the attacker but which, after