Don't check whether a 3pid is allowed to register during password reset

This check was preventing people from resetting their passwords unless they already had a pending invite to that email address, which makes no sense.
matrix-org · Sep 28, 2020 · 5858093 · 5858093
1 parent 1fa060e
commit 5858093
Showing 1 changed file with 0 additions and 7 deletions.
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py
@@ -91,13 +91,6 @@ async def on_POST(self, request):
         send_attempt = body["send_attempt"]
         next_link = body.get("next_link")  # Optional param
 
-        if not await check_3pid_allowed(self.hs, "email", email):
-            raise SynapseError(
-                403,
-                "Your email domain is not authorized on this server",
-                Codes.THREEPID_DENIED,
-            )
-
         # The email will be sent to the stored address.
         # This avoids a potential account hijack by requesting a password reset to
         # an email address which is controlled by the attacker but which, after