From 4ccea5eb93f896c94c0bcf18bd59d69ec86c949a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=BE=8E=E9=9B=BB=E7=90=83?= <hoshina@evaz.org>
Date: Fri, 13 Mar 2026 15:41:18 +0800
Subject: [PATCH] fix(identity): prevent allowlist ID entries from matching
 usernames (#1406)

---
 pkg/identity/identity.go      | 11 ++++++-----
 pkg/identity/identity_test.go | 20 ++++++++++++++++++++
 2 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/pkg/identity/identity.go b/pkg/identity/identity.go
index 6bc09c210..372bbe38b 100644
--- a/pkg/identity/identity.go
+++ b/pkg/identity/identity.go
@@ -59,6 +59,9 @@ func MatchAllowed(sender bus.SenderInfo, allowed string) bool {
 		}
 	}
 
+	// Keep track of explicit username format
+	isAtUsername := strings.HasPrefix(allowed, "@")
+
 	// Strip leading "@" for username matching
 	trimmed := strings.TrimPrefix(allowed, "@")
 
@@ -75,11 +78,9 @@ func MatchAllowed(sender bus.SenderInfo, allowed string) bool {
 		return true
 	}
 
-	// Match against Username
-	if sender.Username != "" {
-		if sender.Username == trimmed || sender.Username == allowedUser {
-			return true
-		}
+	// Match against Username only when explicitly requested via "@username"
+	if isAtUsername && sender.Username != "" && sender.Username == trimmed {
+		return true
 	}
 
 	// Match compound sender format against allowed parts
diff --git a/pkg/identity/identity_test.go b/pkg/identity/identity_test.go
index 3d24bd794..a588f1484 100644
--- a/pkg/identity/identity_test.go
+++ b/pkg/identity/identity_test.go
@@ -104,6 +104,16 @@ func TestMatchAllowed(t *testing.T) {
 			allowed: "@alice",
 			want:    true,
 		},
+		{
+			name: "plain entry does not match username",
+			sender: bus.SenderInfo{
+				Platform:   "discord",
+				PlatformID: "999999",
+				Username:   "123456",
+			},
+			allowed: "123456",
+			want:    false,
+		},
 		{
 			name:    "@username does not match",
 			sender:  telegramSender,
@@ -123,6 +133,16 @@ func TestMatchAllowed(t *testing.T) {
 			allowed: "999|alice",
 			want:    true,
 		},
+		{
+			name: "compound matches by ID when username differs",
+			sender: bus.SenderInfo{
+				Platform:   "discord",
+				PlatformID: "123456",
+				Username:   "not123456",
+			},
+			allowed: "123456|alice",
+			want:    true,
+		},
 		{
 			name:    "compound does not match",
 			sender:  telegramSender,