github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-19 11:18:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Matrix: tighten migration identity matching

Browse Source
This commit is contained in:
Gustavo Madeira Santana
2026-03-12 03:27:06 +00:00
parent b2f2578eff
commit b096f3ad4d
2 changed files with 88 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
src/infra/matrix-migration-config.test.ts
View File

@@ -11,6 +11,48 @@ function writeFile(filePath: string, value: string) {
} }
describe("resolveMatrixMigrationAccountTarget", () => { describe("resolveMatrixMigrationAccountTarget", () => {
it("reuses stored user identity for token-only configs when the access token matches", async () => {
await withTempHome(async (home) => {
const stateDir = path.join(home, ".openclaw");
writeFile(
path.join(stateDir, "credentials", "matrix", "credentials-ops.json"),
JSON.stringify(
{
homeserver: "https://matrix.example.org",
userId: "@ops-bot:example.org",
accessToken: "tok-ops",
deviceId: "DEVICE-OPS",
},
null,
2,
),
);
const cfg: OpenClawConfig = {
channels: {
matrix: {
accounts: {
ops: {
homeserver: "https://matrix.example.org",
accessToken: "tok-ops",
},
},
},
},
};
const target = resolveMatrixMigrationAccountTarget({
cfg,
env: process.env,
accountId: "ops",
});
expect(target).not.toBeNull();
expect(target?.userId).toBe("@ops-bot:example.org");
expect(target?.storedDeviceId).toBe("DEVICE-OPS");
});
});
it("ignores stored device IDs from stale cached Matrix credentials", async () => { it("ignores stored device IDs from stale cached Matrix credentials", async () => {
await withTempHome(async (home) => { await withTempHome(async (home) => {
const stateDir = path.join(home, ".openclaw"); const stateDir = path.join(home, ".openclaw");
@@ -54,4 +96,44 @@ describe("resolveMatrixMigrationAccountTarget", () => {
expect(target?.storedDeviceId).toBeNull(); expect(target?.storedDeviceId).toBeNull();
}); });
}); });
it("does not trust stale stored creds on the same homeserver when the token changes", async () => {
await withTempHome(async (home) => {
const stateDir = path.join(home, ".openclaw");
writeFile(
path.join(stateDir, "credentials", "matrix", "credentials-ops.json"),
JSON.stringify(
{
homeserver: "https://matrix.example.org",
userId: "@old-bot:example.org",
accessToken: "tok-old",
deviceId: "DEVICE-OLD",
},
null,
2,
),
);
const cfg: OpenClawConfig = {
channels: {
matrix: {
accounts: {
ops: {
homeserver: "https://matrix.example.org",
accessToken: "tok-new",
},
},
},
},
};
const target = resolveMatrixMigrationAccountTarget({
cfg,
env: process.env,
accountId: "ops",
});
expect(target).toBeNull();
});
});
}); });

7
src/infra/matrix-migration-config.ts
View File

@@ -165,13 +165,17 @@ export function credentialsMatchResolvedIdentity(
identity: { identity: {
homeserver: string; homeserver: string;
userId: string; userId: string;
accessToken: string;
}, },
): stored is MatrixStoredCredentials { ): stored is MatrixStoredCredentials {
if (!stored || !identity.homeserver) { if (!stored || !identity.homeserver) {
return false; return false;
} }
if (!identity.userId) { if (!identity.userId) {
return stored.homeserver === identity.homeserver; if (!identity.accessToken) {
return false;
}
return stored.homeserver === identity.homeserver && stored.accessToken === identity.accessToken;
} }
return stored.homeserver === identity.homeserver && stored.userId === identity.userId; return stored.homeserver === identity.homeserver && stored.userId === identity.userId;
} }
@@ -186,6 +190,7 @@ export function resolveMatrixMigrationAccountTarget(params: {
const matchingStored = credentialsMatchResolvedIdentity(stored, { const matchingStored = credentialsMatchResolvedIdentity(stored, {
homeserver: resolved.homeserver, homeserver: resolved.homeserver,
userId: resolved.userId, userId: resolved.userId,
accessToken: resolved.accessToken,
}) })
? stored ? stored
: null; : null;