vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-21 23:11:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6309b1da6c2e1e3eaaf514b8a41ac83436e56e12
openclaw/extensions/msteams/src/monitor-handler/message-handler.authz.test.ts
Peter Steinberger 46f49eb6eb refactor: shrink plugin sdk public surface
2026-03-18 23:31:08 +00:00

156 lines
4.5 KiB
TypeScript
Raw Blame History

import { describe, expect, it, vi } from "vitest";
import type { OpenClawConfig, PluginRuntime, RuntimeEnv } from "../../runtime-api.js";
import type { MSTeamsMessageHandlerDeps } from "../monitor-handler.js";
import { setMSTeamsRuntime } from "../runtime.js";
import { createMSTeamsMessageHandler } from "./message-handler.js";
describe("msteams monitor handler authz", () => {
function createDeps(cfg: OpenClawConfig) {
const readAllowFromStore = vi.fn(async () => ["attacker-aad"]);
setMSTeamsRuntime({
logging: { shouldLogVerbose: () => false },
channel: {
debounce: {
resolveInboundDebounceMs: () => 0,
createInboundDebouncer: <T>(params: {
onFlush: (entries: T[]) => Promise<void>;
}): { enqueue: (entry: T) => Promise<void> } => ({
enqueue: async (entry: T) => {
await params.onFlush([entry]);
},
}),
},
pairing: {
readAllowFromStore,
upsertPairingRequest: vi.fn(async () => null),
},
text: {
hasControlCommand: () => false,
},
},
} as unknown as PluginRuntime);
const conversationStore = {
upsert: vi.fn(async () => undefined),
};
const deps: MSTeamsMessageHandlerDeps = {
cfg,
runtime: { error: vi.fn() } as unknown as RuntimeEnv,
appId: "test-app",
adapter: {} as MSTeamsMessageHandlerDeps["adapter"],
tokenProvider: {
getAccessToken: vi.fn(async () => "token"),
},
textLimit: 4000,
mediaMaxBytes: 1024 * 1024,
conversationStore:
conversationStore as unknown as MSTeamsMessageHandlerDeps["conversationStore"],
pollStore: {
recordVote: vi.fn(async () => null),
} as unknown as MSTeamsMessageHandlerDeps["pollStore"],
log: {
info: vi.fn(),
debug: vi.fn(),
error: vi.fn(),
} as unknown as MSTeamsMessageHandlerDeps["log"],
};
return { conversationStore, deps, readAllowFromStore };
}
it("does not treat DM pairing-store entries as group allowlist entries", async () => {
const { conversationStore, deps, readAllowFromStore } = createDeps({
channels: {
msteams: {
dmPolicy: "pairing",
allowFrom: [],
groupPolicy: "allowlist",
groupAllowFrom: [],
},
},
} as OpenClawConfig);
const handler = createMSTeamsMessageHandler(deps);
await handler({
activity: {
id: "msg-1",
type: "message",
text: "",
from: {
id: "attacker-id",
aadObjectId: "attacker-aad",
name: "Attacker",
},
recipient: {
id: "bot-id",
name: "Bot",
},
conversation: {
id: "19:group@thread.tacv2",
conversationType: "groupChat",
},
channelData: {},
attachments: [],
},
sendActivity: vi.fn(async () => undefined),
} as unknown as Parameters<typeof handler>[0]);
expect(readAllowFromStore).toHaveBeenCalledWith({
channel: "msteams",
accountId: "default",
});
expect(conversationStore.upsert).not.toHaveBeenCalled();
});
it("does not widen sender auth when only a teams route allowlist is configured", async () => {
const { conversationStore, deps } = createDeps({
channels: {
msteams: {
dmPolicy: "pairing",
allowFrom: [],
groupPolicy: "allowlist",
groupAllowFrom: [],
teams: {
team123: {
channels: {
"19:group@thread.tacv2": { requireMention: false },
},
},
},
},
},
} as OpenClawConfig);
const handler = createMSTeamsMessageHandler(deps);
await handler({
activity: {
id: "msg-1",
type: "message",
text: "hello",
from: {
id: "attacker-id",
aadObjectId: "attacker-aad",
name: "Attacker",
},
recipient: {
id: "bot-id",
name: "Bot",
},
conversation: {
id: "19:group@thread.tacv2",
conversationType: "groupChat",
},
channelData: {
team: { id: "team123", name: "Team 123" },
channel: { name: "General" },
},
attachments: [],
},
sendActivity: vi.fn(async () => undefined),
} as unknown as Parameters<typeof handler>[0]);
expect(conversationStore.upsert).not.toHaveBeenCalled();
});
});
Reference in New Issue View Git Blame Copy Permalink