vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 06:10:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden Discord native command auth (#70711) (thanks @vincentkoc)

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-23 19:06:51 +01:00
parent 6590bc9037
commit bfcae63373
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
extensions/discord/src/monitor/native-command.commands-allowfrom.test.ts
View File

@@ -291,6 +291,27 @@ describe("Discord native slash commands with commands.allowFrom", () => {
expectUnauthorizedReply(interaction);
});
it("rejects guild slash commands when owner restrictions are configured and the sender is not allowlisted", async () => {
const { dispatchSpy, interaction } = await runGuildSlashCommand({
userId: "999999999999999999",
mutateConfig: (cfg) => {
cfg.commands = {
...cfg.commands,
allowFrom: undefined,
};
cfg.channels = {
...cfg.channels,
discord: {
...cfg.channels?.discord,
allowFrom: ["user:123456789012345678"],
},
};
},
});
expect(dispatchSpy).not.toHaveBeenCalled();
expectUnauthorizedReply(interaction);
});
it("rejects guild slash commands outside the Discord allowlist when commands.useAccessGroups is false and commands.allowFrom is not configured", async () => {
const { dispatchSpy, interaction } = await runGuildSlashCommand({
mutateConfig: (cfg) => {