github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 18:18:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Gateway: align pairing scope checks for read access

Browse Source
This commit is contained in:
Shakker
2026-02-20 04:51:36 +00:00
committed by Shakker
parent 86f207adb0
commit 525d6e0671
8 changed files with 256 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/infra/device-pairing.test.ts
View File

@@ -114,6 +114,31 @@ describe("device pairing tokens", () => {
expect(mismatch.reason).toBe("token-mismatch");
});
test("accepts operator.read requests with an operator.admin token scope", async () => {
const baseDir = await mkdtemp(join(tmpdir(), "openclaw-device-pairing-"));
await setupPairedOperatorDevice(baseDir, ["operator.admin"]);
const paired = await getPairedDevice("device-1", baseDir);
const token = requireToken(paired?.tokens?.operator?.token);
const readOk = await verifyDeviceToken({
deviceId: "device-1",
token,
role: "operator",
scopes: ["operator.read"],
baseDir,
});
expect(readOk.ok).toBe(true);
const writeMismatch = await verifyDeviceToken({
deviceId: "device-1",
token,
role: "operator",
scopes: ["operator.write"],
baseDir,
});
expect(writeMismatch).toEqual({ ok: false, reason: "scope-mismatch" });
});
test("treats multibyte same-length token input as mismatch without throwing", async () => {
const baseDir = await mkdtemp(join(tmpdir(), "openclaw-device-pairing-"));
await setupPairedOperatorDevice(baseDir, ["operator.read"]);