🛡️ refactor: Scope Action Mutations by Parent Resource Ownership (#12237)

* 🛡️ fix: Scope action mutations by parent resource ownership Prevent cross-tenant action overwrites by validating that an existing action's agent_id/assistant_id matches the URL parameter before allowing updates or deletes. Without this, a user with EDIT access on their own agent could reference a foreign action_id to hijack another agent's action record. * 🛡️ fix: Harden action ownership checks and scope write filters - Remove && short-circuit that bypassed the guard when agent_id or assistant_id was falsy (e.g. assistant-owned actions have no agent_id, so the check was skipped entirely on the agents route). - Include agent_id / assistant_id in the updateAction and deleteAction query filters so the DB write itself enforces ownership atomically. - Log a warning when deleteAction returns null (silent no-op from data-integrity mismatch). * 📝 docs: Update Action model JSDoc to reflect scoped query params * ✅ test: Add Action ownership scoping tests Cover update, delete, and cross-type protection scenarios using MongoMemoryServer to verify that scoped query filters (agent_id, assistant_id) prevent cross-tenant overwrites and deletions at the database level. * 🛡️ fix: Scope updateAction filter in agent duplication handler * 🐛 fix: Use action metadata domain instead of action_id when duplicating agent actions The duplicate handler was splitting `action.action_id` by `actionDelimiter` to extract the domain, but `action_id` is a bare nanoid that doesn't contain the delimiter. This produced malformed entries in the duplicated agent's actions array (nanoid_action_newNanoid instead of domain_action_newNanoid). The domain is available on `action.metadata.domain`. * ✅ test: Add integration tests for agent duplication action handling Uses MongoMemoryServer with real Agent and Action models to verify: - Duplicated actions use metadata.domain (not action_id) for the agent actions array entries - Sensitive metadata fields are stripped from duplicated actions - Original action documents are not modified
2026-03-16 20:56:35 +01:00 · 2026-03-15 10:19:29 -04:00 · 2026-03-15 10:19:29 -04:00 · 0c27ad2d55
commit 0c27ad2d55
parent 7c39a45944
6 changed files with 437 additions and 14 deletions
--- a/api/models/Action.js
+++ b/api/models/Action.js
@ -4,9 +4,7 @@ const { Action } = require('~/db/models');
 * Update an action with new data without overwriting existing properties,
 * or create a new action if it doesn't exist.
 *
- * @param {Object} searchParams - The search parameters to find the action to update.
- * @param {string} searchParams.action_id - The ID of the action to update.
- * @param {string} searchParams.user - The user ID of the action's author.
+ * @param {{ action_id: string, agent_id?: string, assistant_id?: string, user?: string }} searchParams
 * @param {Object} updateData - An object containing the properties to update.
 * @returns {Promise<Action>} The updated or newly created action document as a plain object.
 */
@ -47,10 +45,8 @@ const getActions = async (searchParams, includeSensitive = false) => {
 /**
 * Deletes an action by params.
 *
- * @param {Object} searchParams - The search parameters to find the action to delete.
- * @param {string} searchParams.action_id - The ID of the action to delete.
- * @param {string} searchParams.user - The user ID of the action's author.
- * @returns {Promise<Action>} A promise that resolves to the deleted action document as a plain object, or null if no document was found.
+ * @param {{ action_id: string, agent_id?: string, assistant_id?: string, user?: string }} searchParams
+ * @returns {Promise<Action|null>} The deleted action document as a plain object, or null if no match.
 */
 const deleteAction = async (searchParams) => {
  return await Action.findOneAndDelete(searchParams).lean();
--- a/api/models/Action.spec.js
+++ b/api/models/Action.spec.js
@ -0,0 +1,250 @@
+const mongoose = require('mongoose');
+const { MongoMemoryServer } = require('mongodb-memory-server');
+const { actionSchema } = require('@librechat/data-schemas');
+const { updateAction, getActions, deleteAction } = require('./Action');
+
+let mongoServer;
+
+beforeAll(async () => {
+  mongoServer = await MongoMemoryServer.create();
+  const mongoUri = mongoServer.getUri();
+  if (!mongoose.models.Action) {
+    mongoose.model('Action', actionSchema);
+  }
+  await mongoose.connect(mongoUri);
+}, 20000);
+
+afterAll(async () => {
+  await mongoose.disconnect();
+  await mongoServer.stop();
+});
+
+beforeEach(async () => {
+  await mongoose.models.Action.deleteMany({});
+});
+
+const userId = new mongoose.Types.ObjectId();
+
+describe('Action ownership scoping', () => {
+  describe('updateAction', () => {
+    it('updates when action_id and agent_id both match', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_1',
+        agent_id: 'agent_A',
+        metadata: { domain: 'example.com' },
+      });
+
+      const result = await updateAction(
+        { action_id: 'act_1', agent_id: 'agent_A' },
+        { metadata: { domain: 'updated.com' } },
+      );
+
+      expect(result).not.toBeNull();
+      expect(result.metadata.domain).toBe('updated.com');
+      expect(result.agent_id).toBe('agent_A');
+    });
+
+    it('does not update when agent_id does not match (creates a new doc via upsert)', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_1',
+        agent_id: 'agent_B',
+        metadata: { domain: 'victim.com', api_key: 'secret' },
+      });
+
+      const result = await updateAction(
+        { action_id: 'act_1', agent_id: 'agent_A' },
+        { user: userId, metadata: { domain: 'attacker.com' } },
+      );
+
+      expect(result.metadata.domain).toBe('attacker.com');
+
+      const original = await mongoose.models.Action.findOne({
+        action_id: 'act_1',
+        agent_id: 'agent_B',
+      }).lean();
+      expect(original).not.toBeNull();
+      expect(original.metadata.domain).toBe('victim.com');
+      expect(original.metadata.api_key).toBe('secret');
+    });
+
+    it('updates when action_id and assistant_id both match', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_2',
+        assistant_id: 'asst_X',
+        metadata: { domain: 'example.com' },
+      });
+
+      const result = await updateAction(
+        { action_id: 'act_2', assistant_id: 'asst_X' },
+        { metadata: { domain: 'updated.com' } },
+      );
+
+      expect(result).not.toBeNull();
+      expect(result.metadata.domain).toBe('updated.com');
+    });
+
+    it('does not overwrite when assistant_id does not match', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_2',
+        assistant_id: 'asst_victim',
+        metadata: { domain: 'victim.com', api_key: 'secret' },
+      });
+
+      await updateAction(
+        { action_id: 'act_2', assistant_id: 'asst_attacker' },
+        { user: userId, metadata: { domain: 'attacker.com' } },
+      );
+
+      const original = await mongoose.models.Action.findOne({
+        action_id: 'act_2',
+        assistant_id: 'asst_victim',
+      }).lean();
+      expect(original).not.toBeNull();
+      expect(original.metadata.domain).toBe('victim.com');
+      expect(original.metadata.api_key).toBe('secret');
+    });
+  });
+
+  describe('deleteAction', () => {
+    it('deletes when action_id and agent_id both match', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_del',
+        agent_id: 'agent_A',
+        metadata: { domain: 'example.com' },
+      });
+
+      const result = await deleteAction({ action_id: 'act_del', agent_id: 'agent_A' });
+      expect(result).not.toBeNull();
+      expect(result.action_id).toBe('act_del');
+
+      const remaining = await mongoose.models.Action.countDocuments();
+      expect(remaining).toBe(0);
+    });
+
+    it('returns null and preserves the document when agent_id does not match', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_del',
+        agent_id: 'agent_B',
+        metadata: { domain: 'victim.com' },
+      });
+
+      const result = await deleteAction({ action_id: 'act_del', agent_id: 'agent_A' });
+      expect(result).toBeNull();
+
+      const remaining = await mongoose.models.Action.countDocuments();
+      expect(remaining).toBe(1);
+    });
+
+    it('deletes when action_id and assistant_id both match', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_del_asst',
+        assistant_id: 'asst_X',
+        metadata: { domain: 'example.com' },
+      });
+
+      const result = await deleteAction({ action_id: 'act_del_asst', assistant_id: 'asst_X' });
+      expect(result).not.toBeNull();
+
+      const remaining = await mongoose.models.Action.countDocuments();
+      expect(remaining).toBe(0);
+    });
+
+    it('returns null and preserves the document when assistant_id does not match', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_del_asst',
+        assistant_id: 'asst_victim',
+        metadata: { domain: 'victim.com' },
+      });
+
+      const result = await deleteAction({
+        action_id: 'act_del_asst',
+        assistant_id: 'asst_attacker',
+      });
+      expect(result).toBeNull();
+
+      const remaining = await mongoose.models.Action.countDocuments();
+      expect(remaining).toBe(1);
+    });
+  });
+
+  describe('getActions (unscoped baseline)', () => {
+    it('returns actions by action_id regardless of agent_id', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_shared',
+        agent_id: 'agent_B',
+        metadata: { domain: 'example.com' },
+      });
+
+      const results = await getActions({ action_id: 'act_shared' }, true);
+      expect(results).toHaveLength(1);
+      expect(results[0].agent_id).toBe('agent_B');
+    });
+
+    it('returns actions scoped by agent_id when provided', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_scoped',
+        agent_id: 'agent_A',
+        metadata: { domain: 'a.com' },
+      });
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_other',
+        agent_id: 'agent_B',
+        metadata: { domain: 'b.com' },
+      });
+
+      const results = await getActions({ agent_id: 'agent_A' });
+      expect(results).toHaveLength(1);
+      expect(results[0].action_id).toBe('act_scoped');
+    });
+  });
+
+  describe('cross-type protection', () => {
+    it('updateAction with agent_id filter does not overwrite assistant-owned action', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_cross',
+        assistant_id: 'asst_victim',
+        metadata: { domain: 'victim.com', api_key: 'secret' },
+      });
+
+      await updateAction(
+        { action_id: 'act_cross', agent_id: 'agent_attacker' },
+        { user: userId, metadata: { domain: 'evil.com' } },
+      );
+
+      const original = await mongoose.models.Action.findOne({
+        action_id: 'act_cross',
+        assistant_id: 'asst_victim',
+      }).lean();
+      expect(original).not.toBeNull();
+      expect(original.metadata.domain).toBe('victim.com');
+      expect(original.metadata.api_key).toBe('secret');
+    });
+
+    it('deleteAction with agent_id filter does not delete assistant-owned action', async () => {
+      await mongoose.models.Action.create({
+        user: userId,
+        action_id: 'act_cross_del',
+        assistant_id: 'asst_victim',
+        metadata: { domain: 'victim.com' },
+      });
+
+      const result = await deleteAction({ action_id: 'act_cross_del', agent_id: 'agent_attacker' });
+      expect(result).toBeNull();
+
+      const remaining = await mongoose.models.Action.countDocuments();
+      expect(remaining).toBe(1);
+    });
+  });
+});