Do not check for internal account lock for MSC3861 delegated auth

matrix-org · Aug 31, 2023 · 842b43c · 842b43c
1 parent 1827963
commit 842b43c
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 11 deletions.
diff --git a/changelog.d/16215.bugfix b/changelog.d/16215.bugfix
@@ -0,0 +1 @@
+Fix a bug where admin tokens stopped working with MSC3861 auth delegation was enabled.
diff --git a/synapse/api/auth/msc3861_delegated.py b/synapse/api/auth/msc3861_delegated.py
@@ -282,17 +282,6 @@ async def get_user_by_req(
                             "Impersonation not possible by a non admin user",
                         )
 
-            # Deny the request if the user account is locked.
-            if not allow_locked and await self.store.get_user_locked_status(
-                requester.user.to_string()
-            ):
-                raise AuthError(
-                    401,
-                    "User account has been locked",
-                    errcode=Codes.USER_LOCKED,
-                    additional_fields={"soft_logout": True},
-                )
-
         if not allow_guest and requester.is_guest:
             raise OAuthInsufficientScopeError([SCOPE_MATRIX_API])
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Fix a bug where admin tokens stopped working with MSC3861 auth delegation was enabled.