mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-26 01:01:40 +00:00
1a9a2d7fe8
When `message.from_user` is None — which can happen for forwarded messages, anonymous admin mode in groups, or certain Telegram client edge cases — `_build_message_event` set `source.user_id` to None. This caused: 1. `_is_user_authorized()` to early-return False (`if not user_id: return False`) 2. The access check never compared against `TELEGRAM_ALLOWED_USERS` even when the user actually was in the allowlist 3. The pairing flow fired and generated a code for `user_id=None` 4. The pairing approval saved an entry under the literal string key "null" 5. The user was effectively locked out because their real user_id never matched the "null" key on subsequent messages For DMs (`chat_type == "dm"`), Telegram guarantees `chat.id == user.id` — they are the same numeric ID for private chats. Falling back to `chat.id` when `from_user` is None for DMs restores the expected access-control behavior without weakening it (group/channel chats correctly stay None). Also adds a parallel `user_name` fallback to `chat.full_name` so the display name still works in the same edge case. |
||
|---|---|---|
| .. | ||
| qqbot | ||
| __init__.py | ||
| ADDING_A_PLATFORM.md | ||
| api_server.py | ||
| base.py | ||
| bluebubbles.py | ||
| dingtalk.py | ||
| discord.py | ||
| email.py | ||
| feishu.py | ||
| feishu_comment.py | ||
| feishu_comment_rules.py | ||
| helpers.py | ||
| homeassistant.py | ||
| matrix.py | ||
| mattermost.py | ||
| signal.py | ||
| slack.py | ||
| sms.py | ||
| telegram.py | ||
| telegram_network.py | ||
| webhook.py | ||
| wecom.py | ||
| wecom_callback.py | ||
| wecom_crypto.py | ||
| weixin.py | ||
| whatsapp.py | ||