Do not check for internal account lock for MSC3861 delegated auth

2023-08-31 12:08:14 +02:00 · 2023-08-31 12:08:14 +02:00 · 9b40b33263
parent 18279631e9
commit 9b40b33263
2 changed files with 1 additions and 11 deletions
--- a/changelog.d/16215.bugfix
+++ b/changelog.d/16215.bugfix
@ -0,0 +1 @@
+Fix a bug where admin tokens stopped working with MSC3861 auth delegation was enabled.
--- a/synapse/api/auth/msc3861_delegated.py
+++ b/synapse/api/auth/msc3861_delegated.py
@ -282,17 +282,6 @@ class MSC3861DelegatedAuth(BaseAuth):
                            "Impersonation not possible by a non admin user",
                        )

-            # Deny the request if the user account is locked.
-            if not allow_locked and await self.store.get_user_locked_status(
-                requester.user.to_string()
-            ):
-                raise AuthError(
-                    401,
-                    "User account has been locked",
-                    errcode=Codes.USER_LOCKED,
-                    additional_fields={"soft_logout": True},
-                )
-
        if not allow_guest and requester.is_guest:
            raise OAuthInsufficientScopeError([SCOPE_MATRIX_API])
				`@ -0,0 +1 @@`
				`Fix a bug where admin tokens stopped working with MSC3861 auth delegation was enabled.`