github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 22:54:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix owner-only auth and overlapping skill env regressions (#38548)

Browse Source
This commit is contained in:
Vincent Koc
2026-03-06 23:33:42 -05:00
committed by GitHub
parent 024af2b738
commit 15a5e39da2
4 changed files with 99 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/auto-reply/command-auth.owner-default.test.ts
View File

@@ -22,8 +22,8 @@ afterEach(() => {
setActivePluginRegistry(createRegistry());
});
describe("senderIsOwner defaults to true when no owner allowlist configured (#26319)", () => {
it("senderIsOwner is true when no ownerAllowFrom is configured (single-user default)", () => {
describe("senderIsOwner only reflects explicit owner authorization", () => {
it("does not treat direct-message senders as owners when no ownerAllowFrom is configured", () => {
const cfg = {
channels: { discord: {} },
} as OpenClawConfig;
@@ -42,12 +42,11 @@ describe("senderIsOwner defaults to true when no owner allowlist configured (#26
commandAuthorized: true,
});
// Without an explicit ownerAllowFrom list, the sole authorized user should
// be treated as owner so ownerOnly tools (cron, gateway) are available.
expect(auth.senderIsOwner).toBe(true);
expect(auth.senderIsOwner).toBe(false);
expect(auth.isAuthorizedSender).toBe(true);
});
it("senderIsOwner is false when no ownerAllowFrom is configured in a group chat", () => {
it("does not treat group-chat senders as owners when no ownerAllowFrom is configured", () => {
const cfg = {
channels: { discord: {} },
} as OpenClawConfig;
@@ -67,6 +66,7 @@ describe("senderIsOwner defaults to true when no owner allowlist configured (#26
});
expect(auth.senderIsOwner).toBe(false);
expect(auth.isAuthorizedSender).toBe(true);
});
it("senderIsOwner is false when ownerAllowFrom is configured and sender does not match", () => {

9
src/auto-reply/command-auth.ts
View File

@@ -351,14 +351,7 @@ export function resolveCommandAuthorization(params: {
Array.isArray(ctx.GatewayClientScopes) &&
ctx.GatewayClientScopes.includes("operator.admin");
const ownerAllowlistConfigured = ownerAllowAll || explicitOwners.length > 0;
const isDirectChat = (ctx.ChatType ?? "").trim().toLowerCase() === "direct";
// In the default single-user direct-chat setup, allow an identified sender to
// keep ownerOnly tools even without an explicit owner allowlist.
const senderIsOwner =
senderIsOwnerByIdentity ||
senderIsOwnerByScope ||
ownerAllowAll ||
(!ownerAllowlistConfigured && isDirectChat && Boolean(senderId));
const senderIsOwner = senderIsOwnerByIdentity || senderIsOwnerByScope || ownerAllowAll;
const requireOwner = enforceOwner || ownerAllowlistConfigured;
const isOwnerForCommands = !requireOwner
? true