From 4d3ebc36203ffaf2079024335d4bb285f1c6a00e Mon Sep 17 00:00:00 2001
From: Patrick Cloke <patrickc@matrix.org>
Date: Thu, 7 May 2020 08:34:12 -0400
Subject: [PATCH] Disable validation that a UI authentication session has not
 been modified during a request cycle.

Partial backout of 1c1242acba9694a3a4b1eb3b14ec0bac11ee4ff8 (#7068)
---
 synapse/handlers/auth.py | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 7613e5b6ab..a167498add 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -329,18 +329,6 @@ class AuthHandler(BaseHandler):
                 # isn't arbitrary.
                 clientdict = session.clientdict
 
-            # Ensure that the queried operation does not vary between stages of
-            # the UI authentication session. This is done by generating a stable
-            # comparator based on the URI, method, and body (minus the auth dict)
-            # and storing it during the initial query. Subsequent queries ensure
-            # that this comparator has not changed.
-            comparator = (uri, method, clientdict)
-            if (session.uri, session.method, session.clientdict) != comparator:
-                raise SynapseError(
-                    403,
-                    "Requested operation has changed during the UI authentication session.",
-                )
-
         if not authdict:
             raise InteractiveAuthIncompleteError(
                 self._auth_dict_for_flows(flows, session.session_id)