fix(telegram): support group user allowlist (salvages #17686)#17748
Merged
Conversation
PR #15027 (5 days ago) shipped TELEGRAM_GROUP_ALLOWED_USERS as a chat-ID allowlist. #17686 correctly renames that to sender user IDs and moves chat IDs to TELEGRAM_GROUP_ALLOWED_CHATS. Without a shim, any user on PR #15027's guidance would silently start rejecting group traffic on upgrade. - gateway/run.py: in _is_user_authorized, if TELEGRAM_GROUP_ALLOWED_USERS contains values starting with '-' (chat-ID-shaped), honor them as chat IDs and log a one-shot deprecation warning pointing users at the new TELEGRAM_GROUP_ALLOWED_CHATS var. - tests/gateway/test_unauthorized_dm_behavior.py: three new tests cover legacy chat-ID values authorizing the listed chat, not crossing to other chats, and mixed sender/chat values in the same var. - website/docs/user-guide/messaging/telegram.md: rewrite the Group Allowlisting section to document the new user/chat split + migration note. Remove stale '/thread_id' suffix claim (code never parsed it). - website/docs/reference/environment-variables.md: document all three Telegram allowlist env vars.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Salvages #17686 (@xandersbell) onto current main, adds a backward-compat shim for pre-#17686 configs, and documents the new split.
Summary
Telegram groups now support sender-user-ID gating (
TELEGRAM_GROUP_ALLOWED_USERS) and chat-ID gating (TELEGRAM_GROUP_ALLOWED_CHATS) as orthogonal allowlists. Closes the security gap in #7651 — previously any Telegram user could add the bot to a group and @mention it.Changes
telegram.allow_from/group_allow_from/group_allowed_chatsYAML → env vars; splits group allowlist into user vs chat maps inGatewayRunner._is_user_authorized().TELEGRAM_GROUP_ALLOWED_USERSas a chat-ID allowlist. Without a shim, users on that guidance would silently start rejecting group traffic. Values starting with-inTELEGRAM_GROUP_ALLOWED_USERSare now honored as chat IDs and a one-shot deprecation warning points atTELEGRAM_GROUP_ALLOWED_CHATS.website/docs/user-guide/messaging/telegram.mdgroup allowlist section to document the user/chat split with a migration block. Updatedwebsite/docs/reference/environment-variables.md. Removed the stale/thread_idsuffix claim in the old docs (the code never parsed it).Validation
Closes #7651.
Replaces #17686.