github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 10:57:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(imessage): keep DM pairing-store identities out of group allowlist auth

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 20:08:38 +01:00
parent e6f67d5f31
commit 872079d42f
2 changed files with 231 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
src/imessage/monitor.skips-group-messages-without-mention-by-default.test.ts
View File

@@ -31,6 +31,29 @@ function getConfig(): TestConfig {
}
describe("monitorIMessageProvider", () => {
it("ignores malformed rpc message payloads", async () => {
const run = monitorIMessageProvider();
await waitForSubscribe();
notificationHandler?.({
method: "message",
params: {
message: {
id: 1,
sender: { nested: "not-a-string" },
text: "hello",
},
},
});
await flush();
closeResolve?.();
await run;
expect(replyMock).not.toHaveBeenCalled();
expect(sendMock).not.toHaveBeenCalled();
});
it("skips group messages without a mention by default", async () => {
const run = monitorIMessageProvider();
await waitForSubscribe();
@@ -364,6 +387,127 @@ describe("monitorIMessageProvider", () => {
await run;
expect(replyMock).not.toHaveBeenCalled();
expect(sendMock).not.toHaveBeenCalled();
});
it("does not allow group sender from pairing store when groupPolicy is allowlist", async () => {
config = {
...config,
channels: {
...config.channels,
imessage: {
...config.channels?.imessage,
dmPolicy: "pairing",
allowFrom: [],
groupPolicy: "allowlist",
groupAllowFrom: [],
},
},
};
readAllowFromStoreMock.mockResolvedValue(["+15550003333"]);
const run = monitorIMessageProvider();
await waitForSubscribe();
notificationHandler?.({
method: "message",
params: {
message: {
id: 30,
chat_id: 909,
sender: "+15550003333",
is_from_me: false,
text: "@openclaw hi from paired sender",
is_group: true,
},
},
});
await flush();
closeResolve?.();
await run;
expect(replyMock).not.toHaveBeenCalled();
expect(sendMock).not.toHaveBeenCalled();
});
it("does not allow sender from pairing store when groupAllowFrom is restricted to a different chat_id", async () => {
config = {
...config,
channels: {
...config.channels,
imessage: {
...config.channels?.imessage,
dmPolicy: "pairing",
allowFrom: [],
groupPolicy: "allowlist",
groupAllowFrom: ["chat_id:101"],
},
},
};
readAllowFromStoreMock.mockResolvedValue(["+15550003333"]);
const run = monitorIMessageProvider();
await waitForSubscribe();
notificationHandler?.({
method: "message",
params: {
message: {
id: 31,
chat_id: 202,
sender: "+15550003333",
is_from_me: false,
text: "@openclaw hi from paired sender",
is_group: true,
},
},
});
await flush();
closeResolve?.();
await run;
expect(replyMock).not.toHaveBeenCalled();
expect(sendMock).not.toHaveBeenCalled();
});
it("does not authorize control command via pairing-store sender in non-allowlisted chat", async () => {
config = {
...config,
channels: {
...config.channels,
imessage: {
...config.channels?.imessage,
dmPolicy: "pairing",
allowFrom: [],
groupPolicy: "allowlist",
groupAllowFrom: ["chat_id:101"],
},
},
};
readAllowFromStoreMock.mockResolvedValue(["+15550003333"]);
const run = monitorIMessageProvider();
await waitForSubscribe();
notificationHandler?.({
method: "message",
params: {
message: {
id: 32,
chat_id: 202,
sender: "+15550003333",
is_from_me: false,
text: "/status",
is_group: true,
},
},
});
await flush();
closeResolve?.();
await run;
expect(replyMock).not.toHaveBeenCalled();
expect(sendMock).not.toHaveBeenCalled();
});
it("blocks group messages when groupPolicy is disabled", async () => {