Skip to content

fix(telegram): enforce gateway auth for inline approval callbacks#17862

Closed
johnncenae wants to merge 1 commit into
NousResearch:mainfrom
johnncenae:fix/telegram-callback-global-auth
Closed

fix(telegram): enforce gateway auth for inline approval callbacks#17862
johnncenae wants to merge 1 commit into
NousResearch:mainfrom
johnncenae:fix/telegram-callback-global-auth

Conversation

@johnncenae

@johnncenae johnncenae commented Apr 30, 2026

Copy link
Copy Markdown
Contributor

Summary

This hardens Telegram inline callback authorization for gateway-gated actions.

Previously, Telegram approval, slash-confirm, and update-prompt callbacks only checked TELEGRAM_ALLOWED_USERS inside the adapter. That meant these callback paths could bypass the gateway's actual authorization decision when access was restricted via global gateway policy rather than the Telegram-specific allowlist.

This change makes Telegram callback authorization reuse the runner's _is_user_authorized(...) decision when available, while preserving the existing TELEGRAM_ALLOWED_USERS fallback for contexts where the adapter is not attached to the gateway runner.

What changed

  • Updated TelegramAdapter._is_callback_user_authorized(...) to:
    • reject empty caller IDs
    • construct a SessionSource and delegate to the gateway runner's _is_user_authorized(...) when available
    • fall back to the legacy TELEGRAM_ALLOWED_USERS check if no runner-backed auth is available
  • Wired approval, slash-confirm, and update-prompt callback handlers to pass callback chat/thread/user context into that helper
  • Added regression tests covering:
    • approval callback rejection when the runner denies the caller
    • update-prompt callback rejection when the runner denies the caller

Why this matters

Telegram callback queries do not go through the normal inbound message authorization path in gateway/run.py. Without a matching auth check here, a user blocked by global gateway policy could still press approval or update buttons if TELEGRAM_ALLOWED_USERS was unset.

Risk

Low.

  • Scope is limited to Telegram callback authorization
  • Existing env-based fallback behavior is retained
  • Existing Telegram callback coverage remains green

Tests

Passed:

  • scripts/run_tests.sh tests/gateway/test_telegram_approval_buttons.py

Result:

  • 15 passed in 4.61s

@alt-glitch alt-glitch added type/security Security vulnerability or hardening P2 Medium — degraded but workaround exists comp/gateway Gateway runner, session dispatch, delivery platform/telegram Telegram bot adapter labels Apr 30, 2026
@alt-glitch alt-glitch mentioned this pull request Apr 30, 2026
Closed
3 tasks
@teknium1 teknium1 mentioned this pull request May 1, 2026
Merged
@teknium1

teknium1 commented May 1, 2026

Copy link
Copy Markdown
Contributor

Merged via #18180 — your commit cherry-picked onto current main with rebase-merge so your authorship is preserved. Good catch on this one: the TELEGRAM_ALLOWED_USERS empty-string case fell open for every other global gate we added over the last year. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

comp/gateway Gateway runner, session dispatch, delivery P2 Medium — degraded but workaround exists platform/telegram Telegram bot adapter type/security Security vulnerability or hardening

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@johnncenae @teknium1 @alt-glitch