Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-17 17:00:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

feat: add check for People.Read scope in searchContacts

Browse source
This commit is contained in:
Atef Bellaaj 2025-06-13 10:50:28 +02:00 committed by Danny Avila
parent c9aa10d3d5
commit 1016a33b89
No known key found for this signature in database
GPG key ID: BF31EEB2C5CA0956
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
api/server/services/GraphApiService.js
View file

@ -211,7 +211,13 @@ const searchContacts = async (graphClient, query, limit = 10) => {
if (!query || query.trim().length < 2) { if (!query || query.trim().length < 2) {
return []; return [];
} }
if (
process.env.OPENID_GRAPH_SCOPES &&
!process.env.OPENID_GRAPH_SCOPES.toLowerCase().includes('people.read')
) {
logger.warn('[searchContacts] People.Read scope is not enabled, skipping contact search');
return [];
}
// Reason: Search only for OrganizationUser (person) type, not groups // Reason: Search only for OrganizationUser (person) type, not groups
const filter = "personType/subclass eq 'OrganizationUser'"; const filter = "personType/subclass eq 'OrganizationUser'";