[PR #24506] [MERGED] fix: enforce message ownership in group/DM channel update + delete endpoints #98727

Closed
opened 2026-05-16 01:33:50 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/24506
Author: @Classic298
Created: 5/9/2026
Status: Merged
Merged: 5/10/2026
Merged by: @tjbck

Base: devHead: fix/channels-message-ownership-group-dm


📝 Commits (2)

  • 9a8b955 fix: enforce message ownership in group/DM channel update + delete endpoints
  • 1e5886b chore: trim comments

📊 Changes

1 file changed (+6 additions, -0 deletions)

View changed files

📝 backend/open_webui/routers/channels.py (+6 -0)

📄 Description

update_message_by_id (channels.py:1348) and delete_message_by_id (channels.py:1550) branch on channel.type. The else branch (standard channels) correctly enforces message.user_id != user.id ownership before mutating, but the if channel.type in ['group', 'dm'] branch only checked is_user_channel_member — channel membership alone, with no message ownership verification.

Effect on group/DM channels: any verified member of the conversation could:

  • overwrite another member's message content while the server preserved user_id=victim, producing tampered content that renders to other members as the original author's authentic post (integrity + authenticity);
  • silently delete another member's messages, removing them from conversation history without trace (integrity).

Reproduced end-to-end against v0.9.4 with three users (attacker, victim, viewer) sharing a group channel: attacker overwrites victim's message and deletes another, viewer reads the tampered content as victim-authored.

Two patches, identical shape, mirror the else branch's existing ownership semantics:

  • update_message_by_id group/DM branch: add if user.role != 'admin' and message.user_id != user.id: raise 403 immediately after the is_user_channel_member check.
  • delete_message_by_id group/DM branch: same.

The standard-channel branch is unchanged (it already enforced ownership). Admins remain able to moderate any message, matching the existing semantic in the standard-channel branch.

Contributor License Agreement

Note

Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/24506 **Author:** [@Classic298](https://github.com/Classic298) **Created:** 5/9/2026 **Status:** ✅ Merged **Merged:** 5/10/2026 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `fix/channels-message-ownership-group-dm` --- ### 📝 Commits (2) - [`9a8b955`](https://github.com/open-webui/open-webui/commit/9a8b955e63314575612720dd547a94cfeae94901) fix: enforce message ownership in group/DM channel update + delete endpoints - [`1e5886b`](https://github.com/open-webui/open-webui/commit/1e5886b8300660b95522fec2eda3683b4b78ffc7) chore: trim comments ### 📊 Changes **1 file changed** (+6 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/routers/channels.py` (+6 -0) </details> ### 📄 Description `update_message_by_id` (channels.py:1348) and `delete_message_by_id` (channels.py:1550) branch on `channel.type`. The `else` branch (standard channels) correctly enforces `message.user_id != user.id` ownership before mutating, but the `if channel.type in ['group', 'dm']` branch only checked `is_user_channel_member` — channel membership alone, with no message ownership verification. Effect on group/DM channels: any verified member of the conversation could: - overwrite another member's message content while the server preserved `user_id=victim`, producing tampered content that renders to other members as the original author's authentic post (integrity + authenticity); - silently delete another member's messages, removing them from conversation history without trace (integrity). Reproduced end-to-end against v0.9.4 with three users (attacker, victim, viewer) sharing a group channel: attacker overwrites victim's message and deletes another, viewer reads the tampered content as victim-authored. Two patches, identical shape, mirror the `else` branch's existing ownership semantics: - `update_message_by_id` group/DM branch: add `if user.role != 'admin' and message.user_id != user.id: raise 403` immediately after the `is_user_channel_member` check. - `delete_message_by_id` group/DM branch: same. The standard-channel branch is unchanged (it already enforced ownership). Admins remain able to moderate any message, matching the existing semantic in the standard-channel branch. ### Contributor License Agreement <!-- 🚨 DO NOT DELETE THE TEXT BELOW 🚨 Keep the "Contributor License Agreement" confirmation text intact. Deleting it will trigger the CLA-Bot to INVALIDATE your PR. Your PR will NOT be reviewed or merged until you check the box below confirming that you have read and agree to the terms of the CLA. --> - [x] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. > [!NOTE] > Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-16 01:33:50 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#98727