Skip to content

[codex] Add channel membership auth PoC#3302

Draft
holmesworcester wants to merge 1 commit into
fix/remove-admin-restrictions-priv-channel-add-membersfrom
codex/poc-channel-membership-auth
Draft

[codex] Add channel membership auth PoC#3302
holmesworcester wants to merge 1 commit into
fix/remove-admin-restrictions-priv-channel-add-membersfrom
codex/poc-channel-membership-auth

Conversation

@holmesworcester

Copy link
Copy Markdown
Collaborator

Summary

Adds a focused PoC test showing that, once the backend owner check is bypassed, a non-owner private-channel member can add another member to the channel role and have that change accepted after LFA graph merge.

The test also verifies that the newly added member receives usable channel role keys by decrypting a role-scoped message after the merge.

Why

PR #3299 constrains channel-member additions at the backend/UI path, but the underlying LFA ADD_MEMBER_ROLE validation accepts assignments to other users. This test documents that mismatch in shared state.

Validation

Ran the focused backend spec under the repo-supported Node runtime:

NODE_OPTIONS="--experimental-vm-modules" DEBUG=ipfs:*,backend:* npx -y -p node@20.20.1 node node_modules/jest/bin/jest.js --runInBand --verbose --testPathIgnorePatterns=".src/(!?nodeTest*)|(.node_modules*)" --detectOpenHandles --forceExit src/nest/auth/services/roles/channel.service.spec.ts

Result: 11 passed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant