github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-11 00:14:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): make allowFrom id-only by default with dangerous name opt-in (#24907)

Browse Source 
* fix(channels): default allowFrom to id-only; add dangerous name opt-in

* docs(security): align channel allowFrom docs with id-only default
This commit is contained in:
Peter Steinberger
2026-02-24 01:01:51 +00:00
committed by GitHub
parent 41b0568b35
commit cfa44ea6b4
53 changed files with 852 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/discord/monitor/monitor.test.ts
View File

@@ -170,6 +170,7 @@ describe("agent components", () => {
const select = createAgentSelectMenu({
cfg: createCfg(),
accountId: "default",
discordConfig: { dangerouslyAllowNameMatching: true } as DiscordAccountConfig,
dmPolicy: "allowlist",
allowFrom: ["Alice#1234"],
});
@@ -426,13 +427,20 @@ describe("resolveDiscordOwnerAllowFrom", () => {
expect(result).toEqual(["123"]);
});
it("returns the normalized name slug for name matches", () => {
const result = resolveDiscordOwnerAllowFrom({
it("returns the normalized name slug for name matches only when enabled", () => {
const defaultResult = resolveDiscordOwnerAllowFrom({
channelConfig: { allowed: true, users: ["Some User"] } as DiscordChannelConfigResolved,
sender: { id: "999", name: "Some User" },
});
expect(defaultResult).toBeUndefined();
expect(result).toEqual(["some-user"]);
const enabledResult = resolveDiscordOwnerAllowFrom({
channelConfig: { allowed: true, users: ["Some User"] } as DiscordChannelConfigResolved,
sender: { id: "999", name: "Some User" },
allowNameMatching: true,
});
expect(enabledResult).toEqual(["some-user"]);
});
});