Merge pull request #119 from matrix-org/babolivier/auth_shadow

Fix divergence with mainline in the auth code
matrix-org · Jan 14, 2022 · d1fedca · d1fedca
2 parents df3111d + 124b6ad
commit d1fedca
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
@@ -268,20 +268,18 @@ async def validate_appservice_can_control_user_id(
                 403,
                 "Application service cannot masquerade as this user (%s)." % user_id,
             )
-        # Let ASes manipulate nonexistent users (e.g. to shadow-register them)
         # Check to make sure the user is already registered on the homeserver
-        # elif not (await self.store.get_user_by_id(user_id)):
-        #     raise AuthError(
-        #         403, "Application service has not registered this user (%s)" % user_id
-        #     )
+        elif not (await self.store.get_user_by_id(user_id)):
+            raise AuthError(
+                403, "Application service has not registered this user (%s)" % user_id
+            )
 
     async def _get_appservice_user_id(
         self, request: Request
     ) -> Tuple[Optional[str], Optional[ApplicationService]]:
         app_service = self.store.get_app_service_by_token(
             self.get_access_token_from_request(request)
         )
-
         if app_service is None:
             return None, None