fix(regression): allow external device pair approvals

2026-04-23 15:11:42 +00:00 · 2026-03-27 16:07:54 -05:00
parent eacd5ac3ef
commit 85cf23a9d6
2 changed files with 58 additions and 3 deletions
--- a/extensions/device-pair/index.test.ts
+++ b/extensions/device-pair/index.test.ts
@@ -516,6 +516,59 @@ describe("device-pair /pair approve", () => {
    expect(result).toEqual({ text: "✅ Paired Victim Phone (ios)." });
  });

+  it("does not force an empty caller scope context for external approvals", async () => {
+    vi.mocked(listDevicePairing).mockResolvedValueOnce({
+      pending: [
+        {
+          requestId: "req-1",
+          deviceId: "victim-phone",
+          publicKey: "victim-public-key",
+          displayName: "Victim Phone",
+          platform: "ios",
+          ts: Date.now(),
+        },
+      ],
+      paired: [],
+    });
+    vi.mocked(approveDevicePairing).mockResolvedValueOnce({
+      status: "approved",
+      requestId: "req-1",
+      device: {
+        deviceId: "victim-phone",
+        publicKey: "victim-public-key",
+        displayName: "Victim Phone",
+        platform: "ios",
+        role: "operator",
+        roles: ["operator"],
+        scopes: ["operator.pairing"],
+        approvedScopes: ["operator.pairing"],
+        tokens: {
+          operator: {
+            token: "token-1",
+            role: "operator",
+            scopes: ["operator.pairing"],
+            createdAtMs: Date.now(),
+          },
+        },
+        createdAtMs: Date.now(),
+        approvedAtMs: Date.now(),
+      },
+    });
+
+    const command = registerPairCommand();
+    const result = await command.handler(
+      createCommandContext({
+        channel: "telegram",
+        args: "approve latest",
+        commandBody: "/pair approve latest",
+        gatewayClientScopes: undefined,
+      }),
+    );
+
+    expect(vi.mocked(approveDevicePairing)).toHaveBeenCalledWith("req-1");
+    expect(result).toEqual({ text: "✅ Paired Victim Phone (ios)." });
+  });
+
  it("rejects approvals above the caller scopes", async () => {
    vi.mocked(listDevicePairing).mockResolvedValueOnce({
      pending: [
--- a/extensions/device-pair/index.ts
+++ b/extensions/device-pair/index.ts
@@ -611,9 +611,11 @@ export default definePluginEntry({
          if (!pending) {
            return { text: "Pairing request not found." };
          }
-          const approved = await approveDevicePairing(pending.requestId, {
-            callerScopes: gatewayClientScopes ?? [],
-          });
+          const approved = gatewayClientScopes
+            ? await approveDevicePairing(pending.requestId, {
+                callerScopes: gatewayClientScopes,
+              })
+            : await approveDevicePairing(pending.requestId);
          if (!approved) {
            return { text: "Pairing request not found." };
          }