mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-26 01:01:40 +00:00
1a9a2d7fe8
When `message.from_user` is None — which can happen for forwarded messages, anonymous admin mode in groups, or certain Telegram client edge cases — `_build_message_event` set `source.user_id` to None. This caused: 1. `_is_user_authorized()` to early-return False (`if not user_id: return False`) 2. The access check never compared against `TELEGRAM_ALLOWED_USERS` even when the user actually was in the allowlist 3. The pairing flow fired and generated a code for `user_id=None` 4. The pairing approval saved an entry under the literal string key "null" 5. The user was effectively locked out because their real user_id never matched the "null" key on subsequent messages For DMs (`chat_type == "dm"`), Telegram guarantees `chat.id == user.id` — they are the same numeric ID for private chats. Falling back to `chat.id` when `from_user` is None for DMs restores the expected access-control behavior without weakening it (group/channel chats correctly stay None). Also adds a parallel `user_name` fallback to `chat.full_name` so the display name still works in the same edge case. |
||
|---|---|---|
| .. | ||
| builtin_hooks | ||
| platforms | ||
| __init__.py | ||
| channel_directory.py | ||
| config.py | ||
| delivery.py | ||
| display_config.py | ||
| hooks.py | ||
| mirror.py | ||
| pairing.py | ||
| restart.py | ||
| run.py | ||
| session.py | ||
| session_context.py | ||
| status.py | ||
| sticker_cache.py | ||
| stream_consumer.py | ||