mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-09 20:12:53 +00:00
9e4eca00ff
* fix(slack): normalize approval user ids * chore(openrouter): satisfy spread fallback lint * fix(ci): unblock status and secret-file checks
100 lines
2.4 KiB
TypeScript
100 lines
2.4 KiB
TypeScript
import { describe, expect, it } from "vitest";
|
|
import { slackApprovalAuth } from "./approval-auth.js";
|
|
|
|
describe("slackApprovalAuth", () => {
|
|
it("authorizes general Slack approvers from allowFrom and defaultTo", () => {
|
|
const cfg = {
|
|
channels: {
|
|
slack: {
|
|
allowFrom: ["slack:U123OWNER"],
|
|
dm: { allowFrom: ["<@U234DM>"] },
|
|
defaultTo: "user:U345DEFAULT",
|
|
execApprovals: { enabled: true, approvers: ["user:U999EXEC"] },
|
|
},
|
|
},
|
|
};
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "U123OWNER",
|
|
action: "approve",
|
|
approvalKind: "exec",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "u123owner",
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "U345DEFAULT",
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "u345default",
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "U999EXEC",
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({
|
|
authorized: false,
|
|
reason: "❌ You are not authorized to approve plugin requests on Slack.",
|
|
});
|
|
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId: "U999ATTACKER",
|
|
action: "approve",
|
|
approvalKind: "exec",
|
|
}),
|
|
).toEqual({
|
|
authorized: false,
|
|
reason: "❌ You are not authorized to approve exec requests on Slack.",
|
|
});
|
|
});
|
|
|
|
it("canonicalizes configured plugin approver ids before matching uppercase senders", () => {
|
|
const cfg = {
|
|
channels: {
|
|
slack: {
|
|
allowFrom: ["slack:u123owner"],
|
|
defaultTo: "user:u345default",
|
|
},
|
|
},
|
|
};
|
|
|
|
for (const senderId of ["U123OWNER", "U345DEFAULT"]) {
|
|
expect(
|
|
slackApprovalAuth.authorizeActorAction({
|
|
cfg,
|
|
senderId,
|
|
action: "approve",
|
|
approvalKind: "plugin",
|
|
}),
|
|
).toEqual({ authorized: true });
|
|
}
|
|
});
|
|
});
|