mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-03 21:23:35 +00:00
126 lines
3.1 KiB
TypeScript
126 lines
3.1 KiB
TypeScript
// Slack tests cover approval auth plugin behavior.
|
|
import { describe, expect, it } from "vitest";
|
|
import { isSlackApprovalAuthorizedSender, slackApprovalAuth } from "./approval-auth.js";
|
|
|
|
describe("slackApprovalAuth", () => {
|
|
it("authorizes general Slack approvers from allowFrom and defaultTo", () => {
|
|
const cfg = {
|
|
channels: {
|
|
slack: {
|
|
allowFrom: ["slack:U123OWNER"],
|
|
dm: { allowFrom: ["<@U234DM>"] },
|
|
defaultTo: "user:U345DEFAULT",
|
|
execApprovals: { enabled: true, approvers: ["user:U999EXEC"] },
|
|
},
|
|
},
|
|
};
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "U123OWNER",
|
|
action: "approve",
|
|
approvalKind: "exec",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "u123owner",
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "U345DEFAULT",
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "u345default",
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "U999EXEC",
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({
|
|
authorized: false,
|
|
reason: "❌ You are not authorized to approve plugin requests on Slack.",
|
|
});
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "U999ATTACKER",
|
|
action: "approve",
|
|
approvalKind: "exec",
|
|
}),
|
|
).toEqual({
|
|
authorized: false,
|
|
reason: "❌ You are not authorized to approve exec requests on Slack.",
|
|
});
|
|
});
|
|
|
|
it("canonicalizes configured plugin approver ids before matching uppercase senders", () => {
|
|
const cfg = {
|
|
channels: {
|
|
slack: {
|
|
allowFrom: ["slack:u123owner"],
|
|
defaultTo: "user:u345default",
|
|
},
|
|
},
|
|
};
|
|
|
|
for (const senderId of ["U123OWNER", "U345DEFAULT"]) {
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId,
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
}
|
|
});
|
|
|
|
it("allows same-chat plugin approval when no concrete Slack approvers are configured", () => {
|
|
const cfg = {
|
|
channels: {
|
|
slack: {
|
|
allowFrom: ["*"],
|
|
},
|
|
},
|
|
};
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "U123OWNER",
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
expect(
|
|
isSlackApprovalAuthorizedSender({
|
|
cfg,
|
|
senderId: "U123OWNER",
|
|
}),
|
|
).toBe(true);
|
|
});
|
|
});
|