mirror/nanobot
1
0
Fork 0
mirror of https://github.com/HKUDS/nanobot.git synced 2026-05-10 19:56:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(msteams): add auth warning and restore unrelated pyproject change

Browse Source 
Warn when validate_inbound_auth is disabled (default) so operators are
aware the webhook accepts unverified requests.  Restore pymupdf to the
dev optional-dependencies group — its removal in the original PR was
unrelated to the Teams channel feature.
This commit is contained in:
chengyongru 2026-04-16 10:42:20 +08:00 committed by chengyongru
parent 2f3a37cf8e
commit b48f497f8d
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nanobot/channels/msteams.py
View File

@ -111,6 +111,13 @@ class MSTeamsChannel(BaseChannel):
logger.error("MSTeams app_id/app_password not configured") logger.error("MSTeams app_id/app_password not configured")
return return
if not self.config.validate_inbound_auth:
logger.warning(
"MSTeams inbound auth validation is DISABLED. "
"Anyone who knows the webhook URL can send messages as any user. "
"Set validateInboundAuth: true in config for production use."
)
self._loop = asyncio.get_running_loop() self._loop = asyncio.get_running_loop()
self._http = httpx.AsyncClient(timeout=30.0) self._http = httpx.AsyncClient(timeout=30.0)
self._running = True self._running = True

1
pyproject.toml
View File

@ -89,6 +89,7 @@ dev = [
"aiohttp>=3.9.0,<4.0.0", "aiohttp>=3.9.0,<4.0.0",
"pytest-cov>=6.0.0,<7.0.0", "pytest-cov>=6.0.0,<7.0.0",
"ruff>=0.1.0", "ruff>=0.1.0",
"pymupdf>=1.25.0",
] ]
[project.scripts] [project.scripts]