From db50af910be6b4171ea9cf54f4cc38be27ac1da6 Mon Sep 17 00:00:00 2001
From: ygd58 <buraysandro9@gmail.com>
Date: Mon, 11 May 2026 15:29:53 +0200
Subject: [PATCH] fix(telegram): enforce TELEGRAM_ALLOWED_USERS allowlist on
 inbound messages
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

TELEGRAM_ALLOWED_USERS was only checked for callback/inline-button
actions but not for inbound messages. Unauthorized users triggered an
'Unauthorized user' log warning but their messages were still processed
by the agent — a P0 security bypass (issue #23778).

Fix: add allowlist check in _should_process_message() which is called
for all message types (text, command, media, location). If the sender
is not in TELEGRAM_ALLOWED_USERS, the message is dropped immediately
with a warning log. Empty TELEGRAM_ALLOWED_USERS continues to allow
all users (existing behavior).

Fixes #23778
---
 gateway/platforms/telegram.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/gateway/platforms/telegram.py b/gateway/platforms/telegram.py
index f68b4ffbd73..ec56ae8cda2 100644
--- a/gateway/platforms/telegram.py
+++ b/gateway/platforms/telegram.py
@@ -4055,11 +4055,12 @@ class TelegramAdapter(BasePlatformAdapter):
         return cleaned or text
 
     def _should_process_message(self, message: Message, *, is_command: bool = False) -> bool:
-        """Apply Telegram group trigger rules.
+        """Apply Telegram group trigger rules and user allowlist.
 
-        DMs remain unrestricted. Group/supergroup messages are accepted when:
-        - the chat passes the ``allowed_chats`` whitelist (when set), or
-          ``guest_mode`` is enabled and the bot is explicitly mentioned
+        DMs and group messages are both subject to TELEGRAM_ALLOWED_USERS
+        allowlist check. The chat also passes the ``allowed_chats`` whitelist
+        (when set), or ``guest_mode`` is enabled and the bot is explicitly
+        mentioned. Group/supergroup messages are additionally accepted when:
         - the chat is explicitly allowlisted in ``free_response_chats``
         - ``require_mention`` is disabled
         - the message replies to the bot
@@ -4076,6 +4077,18 @@ class TelegramAdapter(BasePlatformAdapter):
         mentioning the bot (``@botname /command``), both of which are
         recognised as mentions by :meth:`_message_mentions_bot`.
         """
+        # Enforce TELEGRAM_ALLOWED_USERS allowlist for ALL message types
+        # (DMs and groups). Previously only callback actions were gated,
+        # leaving inbound messages unblocked (issue #23778).
+        _user = getattr(message, "from_user", None)
+        _user_id = str(getattr(_user, "id", "")) if _user else ""
+        if not self._is_callback_user_authorized(_user_id):
+            logger.warning(
+                "[%s] Unauthorized user %s — message dropped",
+                self.name, _user_id,
+            )
+            return False
+
         if not self._is_group_chat(message):
             return True