ling/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-28 15:01:34 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
hermes-agent/tests/gateway/test_unauthorized_dm_behavior.py

493 lines
16 KiB
Python
Raw Permalink Normal View History

feat: support ignoring unauthorized gateway DMs (#1919) Add unauthorized_dm_behavior config (pair|ignore) with global default and per-platform override. WhatsApp can silently drop unknown DMs instead of sending pairing codes. Adapted config bridging to work with gw_data dict (pre-construction) rather than config object. Dropped implementation plan document. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
2026-03-18 04:06:08 -07:00
from types import SimpleNamespace
from unittest.mock import AsyncMock, MagicMock
import pytest
from gateway.config import GatewayConfig, Platform, PlatformConfig
from gateway.platforms.base import MessageEvent
from gateway.session import SessionSource
def _clear_auth_env(monkeypatch) -> None:
for key in (
"TELEGRAM_ALLOWED_USERS",
feat: allow Telegram chat allowlists for groups and forums (#15027) * feat: allow Telegram chat allowlists for groups and forums * chore: map web3blind noreply email for release attribution --------- Co-authored-by: web3blind <web3blind@users.noreply.github.com>
2026-04-24 21:23:14 +07:00
"TELEGRAM_GROUP_ALLOWED_USERS",
feat: support ignoring unauthorized gateway DMs (#1919) Add unauthorized_dm_behavior config (pair|ignore) with global default and per-platform override. WhatsApp can silently drop unknown DMs instead of sending pairing codes. Adapted config bridging to work with gw_data dict (pre-construction) rather than config object. Dropped implementation plan document. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
2026-03-18 04:06:08 -07:00
"DISCORD_ALLOWED_USERS",
"WHATSAPP_ALLOWED_USERS",
"SLACK_ALLOWED_USERS",
"SIGNAL_ALLOWED_USERS",
"EMAIL_ALLOWED_USERS",
"SMS_ALLOWED_USERS",
"MATTERMOST_ALLOWED_USERS",
"MATRIX_ALLOWED_USERS",
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847) Adds WeCom as a gateway platform adapter using the AI Bot WebSocket gateway for real-time bidirectional communication. No public endpoint or new pip dependencies needed (uses existing aiohttp + httpx). Features: - WebSocket persistent connection with auto-reconnect (exponential backoff) - DM and group messaging with configurable access policies - Media upload/download with AES decryption for encrypted attachments - Markdown rendering, quote context preservation - Proactive + passive reply message modes - Chunked media upload pipeline (512KB chunks) Cherry-picked from PR #1898 by EvilRan with: - Moved to current main (PR was 300 commits behind) - Skipped base.py regressions (reply_to additions are good but belong in a separate PR since they affect all platforms) - Fixed test assertions to match current base class send() signature (reply_to=None kwarg now explicit) - All 16 integration points added surgically to current main - No new pip dependencies (aiohttp + httpx already installed) Fixes #1898 Co-authored-by: EvilRan <EvilRan@users.noreply.github.com>
2026-03-29 21:29:13 -07:00
"DINGTALK_ALLOWED_USERS", "FEISHU_ALLOWED_USERS", "WECOM_ALLOWED_USERS",
fix(gateway): honor QQ_GROUP_ALLOWED_USERS in runner auth
2026-04-15 20:06:35 +07:00
"QQ_ALLOWED_USERS", "QQ_GROUP_ALLOWED_USERS",
feat: support ignoring unauthorized gateway DMs (#1919) Add unauthorized_dm_behavior config (pair|ignore) with global default and per-platform override. WhatsApp can silently drop unknown DMs instead of sending pairing codes. Adapted config bridging to work with gw_data dict (pre-construction) rather than config object. Dropped implementation plan document. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
2026-03-18 04:06:08 -07:00
"GATEWAY_ALLOWED_USERS",
"TELEGRAM_ALLOW_ALL_USERS",
"DISCORD_ALLOW_ALL_USERS",
"WHATSAPP_ALLOW_ALL_USERS",
"SLACK_ALLOW_ALL_USERS",
"SIGNAL_ALLOW_ALL_USERS",
"EMAIL_ALLOW_ALL_USERS",
"SMS_ALLOW_ALL_USERS",
"MATTERMOST_ALLOW_ALL_USERS",
"MATRIX_ALLOW_ALL_USERS",
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847) Adds WeCom as a gateway platform adapter using the AI Bot WebSocket gateway for real-time bidirectional communication. No public endpoint or new pip dependencies needed (uses existing aiohttp + httpx). Features: - WebSocket persistent connection with auto-reconnect (exponential backoff) - DM and group messaging with configurable access policies - Media upload/download with AES decryption for encrypted attachments - Markdown rendering, quote context preservation - Proactive + passive reply message modes - Chunked media upload pipeline (512KB chunks) Cherry-picked from PR #1898 by EvilRan with: - Moved to current main (PR was 300 commits behind) - Skipped base.py regressions (reply_to additions are good but belong in a separate PR since they affect all platforms) - Fixed test assertions to match current base class send() signature (reply_to=None kwarg now explicit) - All 16 integration points added surgically to current main - No new pip dependencies (aiohttp + httpx already installed) Fixes #1898 Co-authored-by: EvilRan <EvilRan@users.noreply.github.com>
2026-03-29 21:29:13 -07:00
"DINGTALK_ALLOW_ALL_USERS", "FEISHU_ALLOW_ALL_USERS", "WECOM_ALLOW_ALL_USERS",
fix(gateway): honor QQ_GROUP_ALLOWED_USERS in runner auth
2026-04-15 20:06:35 +07:00
"QQ_ALLOW_ALL_USERS",
feat: support ignoring unauthorized gateway DMs (#1919) Add unauthorized_dm_behavior config (pair|ignore) with global default and per-platform override. WhatsApp can silently drop unknown DMs instead of sending pairing codes. Adapted config bridging to work with gw_data dict (pre-construction) rather than config object. Dropped implementation plan document. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
2026-03-18 04:06:08 -07:00
"GATEWAY_ALLOW_ALL_USERS",
):
monkeypatch.delenv(key, raising=False)
def _make_event(platform: Platform, user_id: str, chat_id: str) -> MessageEvent:
return MessageEvent(
text="hello",
message_id="m1",
source=SessionSource(
platform=platform,
user_id=user_id,
chat_id=chat_id,
user_name="tester",
chat_type="dm",
),
)
def _make_runner(platform: Platform, config: GatewayConfig):
from gateway.run import GatewayRunner
runner = object.__new__(GatewayRunner)
runner.config = config
adapter = SimpleNamespace(send=AsyncMock())
runner.adapters = {platform: adapter}
runner.pairing_store = MagicMock()
runner.pairing_store.is_approved.return_value = False
fix: rate-limit pairing rejection messages to prevent spam (#4081) * fix: rate-limit pairing rejection messages to prevent spam When generate_code() returns None (rate limited or max pending), the "Too many pairing requests" message was sent on every subsequent DM with no cooldown. A user sending 30 messages would get 30 rejection replies — reported as potential hack on WhatsApp. Now check _is_rate_limited() before any pairing response, and record rate limit after sending a rejection. Subsequent messages from the same user are silently ignored until the rate limit window expires. * test: add coverage for pairing response rate limiting Follow-up to cherry-picked PR #4042 — adds tests verifying: - Rate-limited users get silently ignored (no response sent) - Rejection messages record rate limit for subsequent suppression --------- Co-authored-by: 0xbyt4 <35742124+0xbyt4@users.noreply.github.com>
2026-03-30 16:48:00 -07:00
runner.pairing_store._is_rate_limited.return_value = False
fix(gateway): silence pairing codes when a user allowlist is configured (#9337) When SIGNAL_ALLOWED_USERS (or any platform-specific or global allowlist) is set, the gateway was still sending automated pairing-code messages to every unauthorized sender. This forced pairing-code spam onto personal contacts of anyone running Hermes on a primary personal account with a whitelist, and exposed information about the bot's existence. Root cause ---------- _get_unauthorized_dm_behavior() fell through to the global default ('pair') even when an explicit allowlist was configured. An allowlist signals that the operator has deliberately restricted access; offering pairing codes to unknown senders contradicts that intent. Fix --- Extend _get_unauthorized_dm_behavior() to inspect the active per-platform and global allowlist env vars. When any allowlist is set and the operator has not written an explicit per-platform unauthorized_dm_behavior override, the method now returns 'ignore' instead of 'pair'. Resolution order (highest → lowest priority): 1. Explicit per-platform unauthorized_dm_behavior in config — always wins. 2. Explicit global unauthorized_dm_behavior != 'pair' in config — wins. 3. Any platform or global allowlist env var present → 'ignore'. 4. No allowlist, no override → 'pair' (open-gateway default preserved). This fixes the spam for Signal, Telegram, WhatsApp, Slack, and all other platforms with per-platform allowlist env vars. Testing ------- 6 new tests added to tests/gateway/test_unauthorized_dm_behavior.py: - test_signal_with_allowlist_ignores_unauthorized_dm (primary #9337 case) - test_telegram_with_allowlist_ignores_unauthorized_dm (same for Telegram) - test_global_allowlist_ignores_unauthorized_dm (GATEWAY_ALLOWED_USERS) - test_no_allowlist_still_pairs_by_default (open-gateway regression guard) - test_explicit_pair_config_overrides_allowlist_default (operator opt-in) - test_get_unauthorized_dm_behavior_no_allowlist_returns_pair (unit) All 15 tests in the file pass. Fixes #9337
2026-04-14 01:01:55 -03:00
# Attributes required by _handle_message for the authorized-user path
runner._running_agents = {}
runner._running_agents_ts = {}
runner._update_prompts = {}
runner.hooks = SimpleNamespace(dispatch=AsyncMock(return_value=None))
runner._sessions = {}
feat: support ignoring unauthorized gateway DMs (#1919) Add unauthorized_dm_behavior config (pair|ignore) with global default and per-platform override. WhatsApp can silently drop unknown DMs instead of sending pairing codes. Adapted config bridging to work with gw_data dict (pre-construction) rather than config object. Dropped implementation plan document. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
2026-03-18 04:06:08 -07:00
return runner, adapter
fix(whatsapp): resolve LID↔phone aliases in allowlist matching (#3830) WhatsApp DMs can arrive with LID sender IDs even when WHATSAPP_ALLOWED_USERS is configured with phone numbers. The allowlist check now reads bridge session mapping files (lid-mapping-*.json) to resolve phone↔LID aliases, matching users regardless of which identifier format the message uses. Both the Python gateway (_is_user_authorized) and the Node bridge (allowlist.js) now share the same mapping-file-based resolution logic. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
2026-03-29 18:21:50 -07:00
def test_whatsapp_lid_user_matches_phone_allowlist_via_session_mapping(monkeypatch, tmp_path):
_clear_auth_env(monkeypatch)
monkeypatch.setenv("WHATSAPP_ALLOWED_USERS", "15550000001")
refactor(gateway): extract WhatsApp identity helpers into shared module Follow-up to the canonical-identity session-key fix: pull the JID/LID normalize/expand/canonical helpers into gateway/whatsapp_identity.py instead of living in two places. gateway/session.py (session-key build) and gateway/run.py (authorisation allowlist) now both import from the shared module, so the two resolution paths can't drift apart. Also switches the auth path from module-level _hermes_home (cached at import time) to dynamic get_hermes_home() lookup, which matches the session-key path and correctly reflects HERMES_HOME env overrides. The lone test that monkeypatched gateway.run._hermes_home for the WhatsApp auth path is updated to set HERMES_HOME env var instead; all other tests that monkeypatch _hermes_home for unrelated paths (update, restart drain, shutdown marker, etc.) still work — the module-level _hermes_home is untouched.
2026-04-24 07:42:00 -07:00
monkeypatch.setenv("HERMES_HOME", str(tmp_path))
fix(whatsapp): resolve LID↔phone aliases in allowlist matching (#3830) WhatsApp DMs can arrive with LID sender IDs even when WHATSAPP_ALLOWED_USERS is configured with phone numbers. The allowlist check now reads bridge session mapping files (lid-mapping-*.json) to resolve phone↔LID aliases, matching users regardless of which identifier format the message uses. Both the Python gateway (_is_user_authorized) and the Node bridge (allowlist.js) now share the same mapping-file-based resolution logic. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
2026-03-29 18:21:50 -07:00
session_dir = tmp_path / "whatsapp" / "session"
session_dir.mkdir(parents=True)
(session_dir / "lid-mapping-15550000001.json").write_text('"900000000000001"', encoding="utf-8")
(session_dir / "lid-mapping-900000000000001_reverse.json").write_text('"15550000001"', encoding="utf-8")
runner, _adapter = _make_runner(
Platform.WHATSAPP,
GatewayConfig(platforms={Platform.WHATSAPP: PlatformConfig(enabled=True)}),
)
source = SessionSource(
platform=Platform.WHATSAPP,
user_id="900000000000001@lid",
chat_id="900000000000001@lid",
user_name="tester",
chat_type="dm",
)
assert runner._is_user_authorized(source) is True
feat: support * wildcard in platform allowlists and improve WhatsApp docs * docs: clarify WhatsApp allowlist behavior and document WHATSAPP_ALLOW_ALL_USERS - Add WHATSAPP_ALLOW_ALL_USERS and WHATSAPP_DEBUG to env vars reference - Warn that * is not a wildcard and silently blocks all messages - Show WHATSAPP_ALLOWED_USERS as optional, not required - Update troubleshooting with the * trap and debug mode tip - Fix Security section to mention the allow-all alternative Prompted by a user report in Discord where WHATSAPP_ALLOWED_USERS=* caused all incoming messages to be silently dropped at the bridge level. * feat: support * wildcard in platform allowlists Follow the precedent set by SIGNAL_GROUP_ALLOWED_USERS which already supports * as an allow-all wildcard. Bridge (allowlist.js): matchesAllowedUser() now checks for * in the allowedUsers set before iterating sender aliases. Gateway (run.py): _is_authorized() checks for * in allowed_ids after parsing the allowlist. This is generic — works for all platforms, not just WhatsApp. Updated docs to document * as a supported value instead of warning against it. Added WHATSAPP_ALLOW_ALL_USERS and WHATSAPP_DEBUG to the env vars reference. Tests: JS allowlist test + 2 Python gateway tests (WhatsApp + Telegram to verify cross-platform behavior).
2026-03-31 10:42:03 -07:00
def test_star_wildcard_in_allowlist_authorizes_any_user(monkeypatch):
"""WHATSAPP_ALLOWED_USERS=* should act as allow-all wildcard."""
_clear_auth_env(monkeypatch)
monkeypatch.setenv("WHATSAPP_ALLOWED_USERS", "*")
runner, _adapter = _make_runner(
Platform.WHATSAPP,
GatewayConfig(platforms={Platform.WHATSAPP: PlatformConfig(enabled=True)}),
)
source = SessionSource(
platform=Platform.WHATSAPP,
user_id="99998887776@s.whatsapp.net",
chat_id="99998887776@s.whatsapp.net",
user_name="stranger",
chat_type="dm",
)
assert runner._is_user_authorized(source) is True
def test_star_wildcard_works_for_any_platform(monkeypatch):
"""The * wildcard should work generically, not just for WhatsApp."""
_clear_auth_env(monkeypatch)
monkeypatch.setenv("TELEGRAM_ALLOWED_USERS", "*")
runner, _adapter = _make_runner(
Platform.TELEGRAM,
GatewayConfig(platforms={Platform.TELEGRAM: PlatformConfig(enabled=True, token="t")}),
)
source = SessionSource(
platform=Platform.TELEGRAM,
user_id="123456789",
chat_id="123456789",
user_name="stranger",
chat_type="dm",
)
assert runner._is_user_authorized(source) is True
fix(gateway): honor QQ_GROUP_ALLOWED_USERS in runner auth
2026-04-15 20:06:35 +07:00
def test_qq_group_allowlist_authorizes_group_chat_without_user_allowlist(monkeypatch):
_clear_auth_env(monkeypatch)
monkeypatch.setenv("QQ_GROUP_ALLOWED_USERS", "group-openid-1")
runner, _adapter = _make_runner(
Platform.QQBOT,
GatewayConfig(platforms={Platform.QQBOT: PlatformConfig(enabled=True)}),
)
source = SessionSource(
platform=Platform.QQBOT,
user_id="member-openid-999",
chat_id="group-openid-1",
user_name="tester",
chat_type="group",
)
assert runner._is_user_authorized(source) is True
def test_qq_group_allowlist_does_not_authorize_other_groups(monkeypatch):
_clear_auth_env(monkeypatch)
monkeypatch.setenv("QQ_GROUP_ALLOWED_USERS", "group-openid-1")
runner, _adapter = _make_runner(
Platform.QQBOT,
GatewayConfig(platforms={Platform.QQBOT: PlatformConfig(enabled=True)}),
)
source = SessionSource(
platform=Platform.QQBOT,
user_id="member-openid-999",
chat_id="group-openid-2",
user_name="tester",
chat_type="group",
)
assert runner._is_user_authorized(source) is False
feat: allow Telegram chat allowlists for groups and forums (#15027) * feat: allow Telegram chat allowlists for groups and forums * chore: map web3blind noreply email for release attribution --------- Co-authored-by: web3blind <web3blind@users.noreply.github.com>
2026-04-24 21:23:14 +07:00
def test_telegram_group_allowlist_authorizes_forum_chat_without_user_allowlist(monkeypatch):
_clear_auth_env(monkeypatch)
monkeypatch.setenv("TELEGRAM_GROUP_ALLOWED_USERS", "-1001878443972")
runner, _adapter = _make_runner(
Platform.TELEGRAM,
GatewayConfig(platforms={Platform.TELEGRAM: PlatformConfig(enabled=True, token="t")}),
)
source = SessionSource(
platform=Platform.TELEGRAM,
user_id="999",
chat_id="-1001878443972",
user_name="tester",
chat_type="forum",
)
assert runner._is_user_authorized(source) is True
feat: support ignoring unauthorized gateway DMs (#1919) Add unauthorized_dm_behavior config (pair|ignore) with global default and per-platform override. WhatsApp can silently drop unknown DMs instead of sending pairing codes. Adapted config bridging to work with gw_data dict (pre-construction) rather than config object. Dropped implementation plan document. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
2026-03-18 04:06:08 -07:00
@pytest.mark.asyncio
async def test_unauthorized_dm_pairs_by_default(monkeypatch):
_clear_auth_env(monkeypatch)
config = GatewayConfig(
platforms={Platform.WHATSAPP: PlatformConfig(enabled=True)},
)
runner, adapter = _make_runner(Platform.WHATSAPP, config)
runner.pairing_store.generate_code.return_value = "ABC12DEF"
result = await runner._handle_message(
_make_event(
Platform.WHATSAPP,
"15551234567@s.whatsapp.net",
"15551234567@s.whatsapp.net",
)
)
assert result is None
runner.pairing_store.generate_code.assert_called_once_with(
"whatsapp",
"15551234567@s.whatsapp.net",
"tester",
)
adapter.send.assert_awaited_once()
assert "ABC12DEF" in adapter.send.await_args.args[1]
@pytest.mark.asyncio
async def test_unauthorized_whatsapp_dm_can_be_ignored(monkeypatch):
_clear_auth_env(monkeypatch)
config = GatewayConfig(
platforms={
Platform.WHATSAPP: PlatformConfig(
enabled=True,
extra={"unauthorized_dm_behavior": "ignore"},
),
},
)
runner, adapter = _make_runner(Platform.WHATSAPP, config)
result = await runner._handle_message(
_make_event(
Platform.WHATSAPP,
"15551234567@s.whatsapp.net",
"15551234567@s.whatsapp.net",
)
)
assert result is None
runner.pairing_store.generate_code.assert_not_called()
adapter.send.assert_not_awaited()
fix: rate-limit pairing rejection messages to prevent spam (#4081) * fix: rate-limit pairing rejection messages to prevent spam When generate_code() returns None (rate limited or max pending), the "Too many pairing requests" message was sent on every subsequent DM with no cooldown. A user sending 30 messages would get 30 rejection replies — reported as potential hack on WhatsApp. Now check _is_rate_limited() before any pairing response, and record rate limit after sending a rejection. Subsequent messages from the same user are silently ignored until the rate limit window expires. * test: add coverage for pairing response rate limiting Follow-up to cherry-picked PR #4042 — adds tests verifying: - Rate-limited users get silently ignored (no response sent) - Rejection messages record rate limit for subsequent suppression --------- Co-authored-by: 0xbyt4 <35742124+0xbyt4@users.noreply.github.com>
2026-03-30 16:48:00 -07:00
@pytest.mark.asyncio
async def test_rate_limited_user_gets_no_response(monkeypatch):
"""When a user is already rate-limited, pairing messages are silently ignored."""
_clear_auth_env(monkeypatch)
config = GatewayConfig(
platforms={Platform.WHATSAPP: PlatformConfig(enabled=True)},
)
runner, adapter = _make_runner(Platform.WHATSAPP, config)
runner.pairing_store._is_rate_limited.return_value = True
result = await runner._handle_message(
_make_event(
Platform.WHATSAPP,
"15551234567@s.whatsapp.net",
"15551234567@s.whatsapp.net",
)
)
assert result is None
runner.pairing_store.generate_code.assert_not_called()
adapter.send.assert_not_awaited()
@pytest.mark.asyncio
async def test_rejection_message_records_rate_limit(monkeypatch):
"""After sending a 'too many requests' rejection, rate limit is recorded
so subsequent messages are silently ignored."""
_clear_auth_env(monkeypatch)
config = GatewayConfig(
platforms={Platform.WHATSAPP: PlatformConfig(enabled=True)},
)
runner, adapter = _make_runner(Platform.WHATSAPP, config)
runner.pairing_store.generate_code.return_value = None # triggers rejection
result = await runner._handle_message(
_make_event(
Platform.WHATSAPP,
"15551234567@s.whatsapp.net",
"15551234567@s.whatsapp.net",
)
)
assert result is None
adapter.send.assert_awaited_once()
assert "Too many" in adapter.send.await_args.args[1]
runner.pairing_store._record_rate_limit.assert_called_once_with(
"whatsapp", "15551234567@s.whatsapp.net"
)
feat: support ignoring unauthorized gateway DMs (#1919) Add unauthorized_dm_behavior config (pair|ignore) with global default and per-platform override. WhatsApp can silently drop unknown DMs instead of sending pairing codes. Adapted config bridging to work with gw_data dict (pre-construction) rather than config object. Dropped implementation plan document. Co-authored-by: Frederico Ribeiro <fr@tecompanytea.com>
2026-03-18 04:06:08 -07:00
@pytest.mark.asyncio
async def test_global_ignore_suppresses_pairing_reply(monkeypatch):
_clear_auth_env(monkeypatch)
config = GatewayConfig(
unauthorized_dm_behavior="ignore",
platforms={Platform.TELEGRAM: PlatformConfig(enabled=True, token="***")},
)
runner, adapter = _make_runner(Platform.TELEGRAM, config)
result = await runner._handle_message(
_make_event(
Platform.TELEGRAM,
"12345",
"12345",
)
)
assert result is None
runner.pairing_store.generate_code.assert_not_called()
adapter.send.assert_not_awaited()
fix(gateway): silence pairing codes when a user allowlist is configured (#9337) When SIGNAL_ALLOWED_USERS (or any platform-specific or global allowlist) is set, the gateway was still sending automated pairing-code messages to every unauthorized sender. This forced pairing-code spam onto personal contacts of anyone running Hermes on a primary personal account with a whitelist, and exposed information about the bot's existence. Root cause ---------- _get_unauthorized_dm_behavior() fell through to the global default ('pair') even when an explicit allowlist was configured. An allowlist signals that the operator has deliberately restricted access; offering pairing codes to unknown senders contradicts that intent. Fix --- Extend _get_unauthorized_dm_behavior() to inspect the active per-platform and global allowlist env vars. When any allowlist is set and the operator has not written an explicit per-platform unauthorized_dm_behavior override, the method now returns 'ignore' instead of 'pair'. Resolution order (highest → lowest priority): 1. Explicit per-platform unauthorized_dm_behavior in config — always wins. 2. Explicit global unauthorized_dm_behavior != 'pair' in config — wins. 3. Any platform or global allowlist env var present → 'ignore'. 4. No allowlist, no override → 'pair' (open-gateway default preserved). This fixes the spam for Signal, Telegram, WhatsApp, Slack, and all other platforms with per-platform allowlist env vars. Testing ------- 6 new tests added to tests/gateway/test_unauthorized_dm_behavior.py: - test_signal_with_allowlist_ignores_unauthorized_dm (primary #9337 case) - test_telegram_with_allowlist_ignores_unauthorized_dm (same for Telegram) - test_global_allowlist_ignores_unauthorized_dm (GATEWAY_ALLOWED_USERS) - test_no_allowlist_still_pairs_by_default (open-gateway regression guard) - test_explicit_pair_config_overrides_allowlist_default (operator opt-in) - test_get_unauthorized_dm_behavior_no_allowlist_returns_pair (unit) All 15 tests in the file pass. Fixes #9337
2026-04-14 01:01:55 -03:00
# ---------------------------------------------------------------------------
# Allowlist-configured platforms default to "ignore" for unauthorized users
# (#9337: Signal gateway sends pairing spam when allowlist is configured)
# ---------------------------------------------------------------------------
@pytest.mark.asyncio
async def test_signal_with_allowlist_ignores_unauthorized_dm(monkeypatch):
"""When SIGNAL_ALLOWED_USERS is set, unauthorized DMs are silently dropped.
This is the primary regression test for #9337: before the fix, Signal
would send pairing codes to ANY sender even when a strict allowlist was
configured, spamming personal contacts with cryptic bot messages.
"""
_clear_auth_env(monkeypatch)
monkeypatch.setenv("SIGNAL_ALLOWED_USERS", "+15550000001") # allowlist set
config = GatewayConfig(
platforms={Platform.SIGNAL: PlatformConfig(enabled=True)},
)
runner, adapter = _make_runner(Platform.SIGNAL, config)
result = await runner._handle_message(
_make_event(Platform.SIGNAL, "+15559999999", "+15559999999") # not in allowlist
)
assert result is None
runner.pairing_store.generate_code.assert_not_called()
adapter.send.assert_not_awaited()
@pytest.mark.asyncio
async def test_telegram_with_allowlist_ignores_unauthorized_dm(monkeypatch):
"""Same behavior for Telegram: allowlist ⟹ ignore unauthorized DMs."""
_clear_auth_env(monkeypatch)
monkeypatch.setenv("TELEGRAM_ALLOWED_USERS", "111111111")
config = GatewayConfig(
platforms={Platform.TELEGRAM: PlatformConfig(enabled=True)},
)
runner, adapter = _make_runner(Platform.TELEGRAM, config)
result = await runner._handle_message(
_make_event(Platform.TELEGRAM, "999999999", "999999999")
)
assert result is None
runner.pairing_store.generate_code.assert_not_called()
adapter.send.assert_not_awaited()
@pytest.mark.asyncio
async def test_global_allowlist_ignores_unauthorized_dm(monkeypatch):
"""GATEWAY_ALLOWED_USERS also triggers the 'ignore' behavior."""
_clear_auth_env(monkeypatch)
monkeypatch.setenv("GATEWAY_ALLOWED_USERS", "111111111")
config = GatewayConfig(
platforms={Platform.SIGNAL: PlatformConfig(enabled=True)},
)
runner, adapter = _make_runner(Platform.SIGNAL, config)
result = await runner._handle_message(
_make_event(Platform.SIGNAL, "+15559999999", "+15559999999")
)
assert result is None
runner.pairing_store.generate_code.assert_not_called()
adapter.send.assert_not_awaited()
@pytest.mark.asyncio
async def test_no_allowlist_still_pairs_by_default(monkeypatch):
"""Without any allowlist, pairing behavior is preserved (open gateway)."""
_clear_auth_env(monkeypatch)
# No SIGNAL_ALLOWED_USERS, no GATEWAY_ALLOWED_USERS
config = GatewayConfig(
platforms={Platform.SIGNAL: PlatformConfig(enabled=True)},
)
runner, adapter = _make_runner(Platform.SIGNAL, config)
runner.pairing_store.generate_code.return_value = "PAIR1234"
result = await runner._handle_message(
_make_event(Platform.SIGNAL, "+15559999999", "+15559999999")
)
assert result is None
runner.pairing_store.generate_code.assert_called_once()
adapter.send.assert_awaited_once()
assert "PAIR1234" in adapter.send.await_args.args[1]
def test_explicit_pair_config_overrides_allowlist_default(monkeypatch):
"""Explicit unauthorized_dm_behavior='pair' overrides the allowlist default.
Operators can opt back in to pairing even with an allowlist by setting
unauthorized_dm_behavior: pair in their platform config. We test the
_get_unauthorized_dm_behavior resolver directly to avoid the full
_handle_message pipeline which requires extensive runner state.
"""
_clear_auth_env(monkeypatch)
monkeypatch.setenv("SIGNAL_ALLOWED_USERS", "+15550000001")
config = GatewayConfig(
platforms={
Platform.SIGNAL: PlatformConfig(
enabled=True,
extra={"unauthorized_dm_behavior": "pair"}, # explicit override
),
},
)
runner, _adapter = _make_runner(Platform.SIGNAL, config)
# The per-platform explicit config should beat the allowlist-derived default
behavior = runner._get_unauthorized_dm_behavior(Platform.SIGNAL)
assert behavior == "pair"
def test_allowlist_authorized_user_returns_ignore_for_unauthorized(monkeypatch):
"""_get_unauthorized_dm_behavior returns 'ignore' when allowlist is set.
We test the resolver directly. The full _handle_message path for
authorized users is covered by the integration tests in this module.
"""
_clear_auth_env(monkeypatch)
monkeypatch.setenv("SIGNAL_ALLOWED_USERS", "+15550000001")
config = GatewayConfig(
platforms={Platform.SIGNAL: PlatformConfig(enabled=True)},
)
runner, _adapter = _make_runner(Platform.SIGNAL, config)
behavior = runner._get_unauthorized_dm_behavior(Platform.SIGNAL)
assert behavior == "ignore"
def test_get_unauthorized_dm_behavior_no_allowlist_returns_pair(monkeypatch):
"""Without any allowlist, 'pair' is still the default."""
_clear_auth_env(monkeypatch)
config = GatewayConfig(
platforms={Platform.SIGNAL: PlatformConfig(enabled=True)},
)
runner, _adapter = _make_runner(Platform.SIGNAL, config)
behavior = runner._get_unauthorized_dm_behavior(Platform.SIGNAL)
assert behavior == "pair"
fix(gateway): include QQBOT in allowlist-aware unauthorized DM map Follow-up to #9337: _is_user_authorized maps Platform.QQBOT to QQ_ALLOWED_USERS, but the new platform_env_map inside _get_unauthorized_dm_behavior omitted it. A QQ operator with a strict user allowlist would therefore still have the gateway send pairing codes to strangers. Adds QQBOT to the env map and a regression test.
2026-04-19 22:03:23 -07:00
def test_qqbot_with_allowlist_ignores_unauthorized_dm(monkeypatch):
"""QQBOT is included in the allowlist-aware default (QQ_ALLOWED_USERS).
Regression guard: the initial #9337 fix omitted QQBOT from the env map
inside _get_unauthorized_dm_behavior, even though _is_user_authorized
mapped it to QQ_ALLOWED_USERS. Without QQBOT here, a QQ operator with a
strict user allowlist would still get pairing codes sent to strangers.
"""
_clear_auth_env(monkeypatch)
monkeypatch.setenv("QQ_ALLOWED_USERS", "allowed-openid-1")
config = GatewayConfig(
platforms={Platform.QQBOT: PlatformConfig(enabled=True)},
)
runner, _adapter = _make_runner(Platform.QQBOT, config)
behavior = runner._get_unauthorized_dm_behavior(Platform.QQBOT)
assert behavior == "ignore"
Reference in New Issue Copy Permalink