element-hq · reivilibre · Oct 13, 2025 · Oct 8, 2025 · Oct 8, 2025 · Oct 13, 2025
@@ -0,0 +1 @@
+Allow using [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) behavior without the opt-in registration flag. Contributed by @tulir @ Beeper.
@@ -112,7 +112,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
             else:
                 raise e
 
-        if requester.app_service and requester.app_service.msc4190_device_management:
+        if requester.app_service:
             # MSC4190 can skip UIA for this endpoint
             pass
         else:
@@ -192,7 +192,7 @@ async def on_DELETE(
             else:
                 raise
 
-        if requester.app_service and requester.app_service.msc4190_device_management:
+        if requester.app_service:
             # MSC4190 allows appservices to delete devices through this endpoint without UIA
             # It's also allowed with MSC3861 enabled
             pass
@@ -227,7 +227,7 @@ async def on_PUT(
         body = parse_and_validate_json_object_from_request(request, self.PutBody)
 
         # MSC4190 allows appservices to create devices through this endpoint
-        if requester.app_service and requester.app_service.msc4190_device_management:
+        if requester.app_service:
             created = await self.device_handler.upsert_device(
                 user_id=requester.user.to_string(),
                 device_id=device_id,

@@ -543,15 +543,11 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
         if not keys_are_different:
             return 200, {}
 
-        # MSC4190 can skip UIA for replacing cross-signing keys as well.
-        is_appservice_with_msc4190 = (
-            requester.app_service and requester.app_service.msc4190_device_management
-        )
-
         # The keys are different; is x-signing set up? If no, then this is first-time
         # setup, and that is allowed without UIA, per MSC3967.
         # If yes, then we need to authenticate the change.
-        if is_cross_signing_setup and not is_appservice_with_msc4190:
+        # MSC4190 can skip UIA for replacing cross-signing keys as well.
+        if is_cross_signing_setup and not requester.app_service:
             # With MSC3861, UIA is not possible. Instead, the auth service has to
             # explicitly mark the master key as replaceable.
             if self.hs.config.mas.enabled:

@@ -533,16 +533,6 @@ def test_PUT_device(self) -> None:
         )
         self.assertEqual(channel.code, 200, channel.json_body)
 
-        # On the regular service, that API should not allow for the
-        # creation of new devices.
-        channel = self.make_request(
-            "PUT",
-            "/_matrix/client/v3/devices/AABBCCDD?user_id=@bob:test",
-            content={"display_name": "Bob's device"},
-            access_token=self.pre_msc_service.token,
-        )
-        self.assertEqual(channel.code, 404, channel.json_body)
-
     def test_DELETE_device(self) -> None:
         self.register_appservice_user(
             "alice", self.msc4190_service.token, inhibit_login=True
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Allow using [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) behavior without the opt-in registration flag. Contributed by @tulir @ Beeper.