mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-12 13:30:49 +00:00
355794c24a
* msteams: add reaction support (inbound handlers + outbound Graph API) * msteams: address PR #51646 review feedback * msteams: remove react from advertised actions (requires Delegated auth) * msteams: address PR #51646 remaining review feedback (dmPolicy, groupPolicy, reactions auth) - Fix 1: DM reaction authorization now uses resolveDmGroupAccessWithLists to enforce dmPolicy modes (open/disabled/allowlist/pairing), matching the message handler. - Fix 2: Group policy in reaction handler already uses resolveDefaultGroupPolicy for global defaults; moved declaration earlier to share with DM path. - Fix 3: Restore read-only "reactions" (list) action with listReactionsMSTeams, which uses GET and works with Application auth. Keep "react" (write) gated behind delegated-auth. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * msteams: add shared Graph pagination helper (fetchAllGraphPages) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * msteams: add OAuth2 delegated auth flow (PKCE + authorization code) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * msteams: integrate delegated auth (config, token storage, react enablement) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * msteams: fix critical bugs found in architect review - Fix fetchGraphJson→postGraphJson for setReaction/unsetReaction (was sending GET instead of POST) - Fix CSRF bypass in OAuth parseCallbackInput (missing state no longer falls back silently) - Remove stale delegated-auth warning logs (delegated auth is now implemented) - Add CSRF test case for parseCallbackInput Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * msteams: fix 6 PR #51646 review blockers (PKCE/state separation, CSRF, imports, routing, delegated auth bootstrap) * msteams: fix channel.runtime.ts duplicate imports + graph.ts test mock compat * msteams: fix lint/boundary blockers revealed by CI after rebase - token.ts/graph.test.ts: add curly braces around single-statement ifs (eslint/curly). - oauth.flow.ts: rename unused parseCallbackInput param to _expectedState. - reaction-handler.test.ts: rename unused buildDeps param to _runtime. - send.reactions.ts: drop unnecessary non-null assertions on tuple entries. - setup-surface.ts: drop empty-object spread fallback flagged by unicorn/no-useless-fallback-in-spread. - graph.ts: move GraphPagedResponse/PaginatedResult type defs below requestGraph so the raw fetch() stays on line 47 to match the existing no-raw-channel-fetch allowlist entry. - oauth.token.ts: route the Azure AD token exchange and refresh calls through fetchWithSsrFGuard (matches the pattern in sdk.ts), removing the unguarded raw fetch() callsites flagged by lint:tmp:no-raw-channel-fetch. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(msteams): restore absolute Graph pagination helper * fix(msteams): satisfy reaction handler lint --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: Brad Groux <3053586+BradGroux@users.noreply.github.com>
38 lines
1.2 KiB
TypeScript
38 lines
1.2 KiB
TypeScript
export const MSTEAMS_OAUTH_REDIRECT_URI = "http://localhost:8086/oauth2callback";
|
|
export const MSTEAMS_OAUTH_CALLBACK_PORT = 8086;
|
|
export const MSTEAMS_OAUTH_CALLBACK_PATH = "/oauth2callback";
|
|
export const MSTEAMS_DEFAULT_TOKEN_FETCH_TIMEOUT_MS = 10_000;
|
|
|
|
export const MSTEAMS_DEFAULT_DELEGATED_SCOPES = [
|
|
"ChatMessage.Send",
|
|
"ChannelMessage.Send",
|
|
"Chat.ReadWrite",
|
|
"offline_access",
|
|
] as const;
|
|
|
|
export function buildMSTeamsAuthEndpoint(tenantId: string): string {
|
|
return `https://login.microsoftonline.com/${encodeURIComponent(tenantId)}/oauth2/v2.0/authorize`;
|
|
}
|
|
|
|
export function buildMSTeamsTokenEndpoint(tenantId: string): string {
|
|
return `https://login.microsoftonline.com/${encodeURIComponent(tenantId)}/oauth2/v2.0/token`;
|
|
}
|
|
|
|
export type MSTeamsDelegatedTokens = {
|
|
accessToken: string;
|
|
refreshToken: string;
|
|
/** Unix ms, 5-min buffer pre-applied */
|
|
expiresAt: number;
|
|
scopes: string[];
|
|
userPrincipalName?: string;
|
|
};
|
|
|
|
export type MSTeamsDelegatedOAuthContext = {
|
|
isRemote: boolean;
|
|
openUrl: (url: string) => Promise<void>;
|
|
log: (msg: string) => void;
|
|
note: (message: string, title?: string) => Promise<void>;
|
|
prompt: (message: string) => Promise<string>;
|
|
progress: { update: (msg: string) => void; stop: (msg?: string) => void };
|
|
};
|