Document command payload resolution behavior #9
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| userId ??= entity.OwnerUserId; | ||
|
|
||
| _sessions.RemoveByConnection(Context.ConnectionId); | ||
|
|
||
| var normalized = NormalizeEntity(entity); |
There was a problem hiding this comment.
The join handler assigns userId from the incoming payload when the caller is unauthenticated (userId ??= entity.OwnerUserId). Permission checks such as CanSendCommand and CanDirectMessage rely on session.UserId to enforce owner-only restrictions. A client can therefore join without authentication, set owner_user_id to an arbitrary value, and immediately send commands or DMs that are supposed to be limited to that owner. The user identifier must come from authenticated claims/headers (or after validating owner visibility), not from an untrusted request field.
Useful? React with 👍 / 👎.
1 participant
Summary
ResolveCommandTargetTesting
https://chatgpt.com/codex/tasks/task_e_68f30ef788c0832e8b94ef5ab7c4dbd5