nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openclaw/src/web/inbound/access-control.test.ts

132 lines
3.9 KiB
TypeScript
Raw Blame History

import { describe, expect, it } from "vitest";
import {
sendMessageMock,
setAccessControlTestConfig,
setupAccessControlTestHarness,
upsertPairingRequestMock,
} from "./access-control.test-harness.js";
setupAccessControlTestHarness();
const { checkInboundAccessControl } = await import("./access-control.js");
describe("checkInboundAccessControl pairing grace", () => {
it("suppresses pairing replies for historical DMs on connect", async () => {
const connectedAtMs = 1_000_000;
const messageTimestampMs = connectedAtMs - 31_000;
const result = await checkInboundAccessControl({
accountId: "default",
from: "+15550001111",
selfE164: "+15550009999",
senderE164: "+15550001111",
group: false,
pushName: "Sam",
isFromMe: false,
messageTimestampMs,
connectedAtMs,
pairingGraceMs: 30_000,
sock: { sendMessage: sendMessageMock },
remoteJid: "15550001111@s.whatsapp.net",
});
expect(result.allowed).toBe(false);
expect(upsertPairingRequestMock).not.toHaveBeenCalled();
expect(sendMessageMock).not.toHaveBeenCalled();
});
it("sends pairing replies for live DMs", async () => {
const connectedAtMs = 1_000_000;
const messageTimestampMs = connectedAtMs - 10_000;
const result = await checkInboundAccessControl({
accountId: "default",
from: "+15550001111",
selfE164: "+15550009999",
senderE164: "+15550001111",
group: false,
pushName: "Sam",
isFromMe: false,
messageTimestampMs,
connectedAtMs,
pairingGraceMs: 30_000,
sock: { sendMessage: sendMessageMock },
remoteJid: "15550001111@s.whatsapp.net",
});
expect(result.allowed).toBe(false);
expect(upsertPairingRequestMock).toHaveBeenCalled();
expect(sendMessageMock).toHaveBeenCalled();
});
});
describe("WhatsApp dmPolicy precedence", () => {
it("uses account-level dmPolicy instead of channel-level (#8736)", async () => {
// Channel-level says "pairing" but the account-level says "allowlist".
// The account-level override should take precedence, so an unauthorized
// sender should be blocked silently (no pairing reply).
setAccessControlTestConfig({
channels: {
whatsapp: {
dmPolicy: "pairing",
accounts: {
work: {
dmPolicy: "allowlist",
allowFrom: ["+15559999999"],
},
},
},
},
});
const result = await checkInboundAccessControl({
accountId: "work",
from: "+15550001111",
selfE164: "+15550009999",
senderE164: "+15550001111",
group: false,
pushName: "Stranger",
isFromMe: false,
sock: { sendMessage: sendMessageMock },
remoteJid: "15550001111@s.whatsapp.net",
});
expect(result.allowed).toBe(false);
expect(upsertPairingRequestMock).not.toHaveBeenCalled();
expect(sendMessageMock).not.toHaveBeenCalled();
});
it("inherits channel-level dmPolicy when account-level dmPolicy is unset", async () => {
// Account has allowFrom set, but no dmPolicy override. Should inherit the channel default.
// With dmPolicy=allowlist, unauthorized senders are silently blocked.
setAccessControlTestConfig({
channels: {
whatsapp: {
dmPolicy: "allowlist",
accounts: {
work: {
allowFrom: ["+15559999999"],
},
},
},
},
});
const result = await checkInboundAccessControl({
accountId: "work",
from: "+15550001111",
selfE164: "+15550009999",
senderE164: "+15550001111",
group: false,
pushName: "Stranger",
isFromMe: false,
sock: { sendMessage: sendMessageMock },
remoteJid: "15550001111@s.whatsapp.net",
});
expect(result.allowed).toBe(false);
expect(upsertPairingRequestMock).not.toHaveBeenCalled();
expect(sendMessageMock).not.toHaveBeenCalled();
});
});
Reference in New Issue View Git Blame Copy Permalink