Don't check whether a 3pid is allowed to register during password reset

This endpoint should only deal with emails that have already been approved, and are attached with user's account. There's no need to re-check them here.
2020-09-28 18:46:59 +01:00 · 2020-09-28 18:46:59 +01:00 · d4605d1f16
parent bd380d942f
commit d4605d1f16
1 changed files with 0 additions and 7 deletions
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@ -96,13 +96,6 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
        send_attempt = body["send_attempt"]
        next_link = body.get("next_link")  # Optional param

-        if not check_3pid_allowed(self.hs, "email", email):
-            raise SynapseError(
-                403,
-                "Your email domain is not authorized on this server",
-                Codes.THREEPID_DENIED,
-            )
-
        # Raise if the provided next_link value isn't valid
        assert_valid_next_link(self.hs, next_link)