mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-09 00:48:27 +00:00
fix(auth-profiles): accept mode/apiKey aliases to prevent silent credential loss
Users following openclaw.json auth.profiles examples (which use 'mode' for
the credential type) would write their auth-profiles.json entries with:
{ provider: "anthropic", mode: "api_key", apiKey: "sk-ant-..." }
The actual auth-profiles.json schema uses:
{ provider: "anthropic", type: "api_key", key: "sk-ant-..." }
coerceAuthStore() and coerceLegacyStore() validated entries strictly on
typed.type, silently skipping any entry that used the mode/apiKey spelling.
The user would get 'No API key found for provider anthropic' with no hint
about the field name mismatch.
Add normalizeRawCredentialEntry() which, before validation:
- coerces mode → type when type is absent
- coerces apiKey → key when key is absent
Both functions now call the normalizer before the type guard so
mode/apiKey entries are loaded and resolved correctly.
Fixes #26916
This commit is contained in:
lbo728
committed by
Peter Steinberger
Peter Steinberger
parent
85b075d0cc
commit
7e7ca43a79
@@ -39,6 +39,28 @@ export async function updateAuthProfileStoreWithLock(params: {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Normalise a raw auth-profiles.json credential entry.
|
||||
*
|
||||
* The official format uses `type` and (for api_key credentials) `key`.
|
||||
* A common mistake — caused by the similarity with the `openclaw.json`
|
||||
* `auth.profiles` section which uses `mode` — is to write `mode` instead of
|
||||
* `type` and `apiKey` instead of `key`. Accept both spellings so users don't
|
||||
* silently lose their credentials.
|
||||
*/
|
||||
function normalizeRawCredentialEntry(raw: Record<string, unknown>): Partial<AuthProfileCredential> {
|
||||
const entry = { ...raw } as Record<string, unknown>;
|
||||
// mode → type alias (openclaw.json uses "mode"; auth-profiles.json uses "type")
|
||||
if (!("type" in entry) && typeof entry["mode"] === "string") {
|
||||
entry["type"] = entry["mode"];
|
||||
}
|
||||
// apiKey → key alias for ApiKeyCredential
|
||||
if (!("key" in entry) && typeof entry["apiKey"] === "string") {
|
||||
entry["key"] = entry["apiKey"];
|
||||
}
|
||||
return entry as Partial<AuthProfileCredential>;
|
||||
}
|
||||
|
||||
function coerceLegacyStore(raw: unknown): LegacyAuthStore | null {
|
||||
if (!raw || typeof raw !== "object") {
|
||||
return null;
|
||||
@@ -52,7 +74,7 @@ function coerceLegacyStore(raw: unknown): LegacyAuthStore | null {
|
||||
if (!value || typeof value !== "object") {
|
||||
continue;
|
||||
}
|
||||
const typed = value as Partial<AuthProfileCredential>;
|
||||
const typed = normalizeRawCredentialEntry(value as Record<string, unknown>);
|
||||
if (typed.type !== "api_key" && typed.type !== "oauth" && typed.type !== "token") {
|
||||
continue;
|
||||
}
|
||||
@@ -78,7 +100,7 @@ function coerceAuthStore(raw: unknown): AuthProfileStore | null {
|
||||
if (!value || typeof value !== "object") {
|
||||
continue;
|
||||
}
|
||||
const typed = value as Partial<AuthProfileCredential>;
|
||||
const typed = normalizeRawCredentialEntry(value as Record<string, unknown>);
|
||||
if (typed.type !== "api_key" && typed.type !== "oauth" && typed.type !== "token") {
|
||||
continue;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user