From 4c8a277af90cf395c32bb83b8d68b790f6a88b50 Mon Sep 17 00:00:00 2001
From: Vincent Koc <vincentkoc@ieee.org>
Date: Sun, 15 Mar 2026 16:00:37 -0700
Subject: [PATCH] Tests: cover Discord plugin callback authorization

---
 .../discord/src/monitor/monitor.test.ts       | 52 ++++++++++++++-----
 1 file changed, 39 insertions(+), 13 deletions(-)

diff --git a/extensions/discord/src/monitor/monitor.test.ts b/extensions/discord/src/monitor/monitor.test.ts
index da916c4bd2b..6d9bafd8d50 100644
--- a/extensions/discord/src/monitor/monitor.test.ts
+++ b/extensions/discord/src/monitor/monitor.test.ts
@@ -558,16 +558,11 @@ describe("discord component interactions", () => {
     expect(resolveDiscordModalEntry({ id: "mdl_1", consume: false })).not.toBeNull();
   });
 
-  it("passes false auth to plugin Discord interactions for non-allowlisted guild users", async () => {
+  it("blocks plugin Discord interactions for non-allowlisted guild users", async () => {
     registerDiscordComponentEntries({
       entries: [createButtonEntry({ callbackData: "codex:approve" })],
       modals: [],
     });
-    dispatchPluginInteractiveHandlerMock.mockResolvedValue({
-      matched: true,
-      handled: true,
-      duplicate: false,
-    });
 
     const button = createDiscordComponentButton(
       createComponentContext({
@@ -590,13 +585,11 @@ describe("discord component interactions", () => {
 
     await button.run(interaction, { cid: "btn_1" } as ComponentData);
 
-    expect(dispatchPluginInteractiveHandlerMock).toHaveBeenCalledWith(
-      expect.objectContaining({
-        ctx: expect.objectContaining({
-          auth: { isAuthorizedSender: false },
-        }),
-      }),
-    );
+    expect(dispatchPluginInteractiveHandlerMock).not.toHaveBeenCalled();
+    expect(interaction.reply).toHaveBeenCalledWith({
+      content: "You are not authorized to use this button.",
+      ephemeral: true,
+    });
     expect(dispatchReplyMock).not.toHaveBeenCalled();
   });
 
@@ -751,6 +744,39 @@ describe("discord component interactions", () => {
     });
     expect(dispatchReplyMock).not.toHaveBeenCalled();
   });
+
+  it("keeps plugin binding approval controls when the approval is already expired", async () => {
+    resolvePluginConversationBindingApprovalMock.mockResolvedValue({ status: "expired" });
+    buildPluginBindingResolvedTextMock.mockReturnValue(
+      "That plugin bind approval expired. Retry the bind command.",
+    );
+    registerDiscordComponentEntries({
+      entries: [
+        createButtonEntry({
+          callbackData: buildPluginBindingApprovalCustomId("approval-expired", "allow-once"),
+        }),
+      ],
+      modals: [],
+    });
+    const button = createDiscordComponentButton(createComponentContext());
+    const update = vi.fn().mockResolvedValue(undefined);
+    const followUp = vi.fn().mockResolvedValue(undefined);
+    const interaction = {
+      ...(createComponentButtonInteraction().interaction as any),
+      update,
+      followUp,
+    } as ButtonInteraction;
+
+    await button.run(interaction, { cid: "btn_1" } as ComponentData);
+
+    expect(resolvePluginConversationBindingApprovalMock).toHaveBeenCalledTimes(1);
+    expect(update).not.toHaveBeenCalled();
+    expect(followUp).toHaveBeenCalledWith({
+      content: "That plugin bind approval expired. Retry the bind command.",
+      ephemeral: true,
+    });
+    expect(dispatchReplyMock).not.toHaveBeenCalled();
+  });
 });
 
 describe("resolveDiscordOwnerAllowFrom", () => {