openclaw/extensions/nextcloud-talk/src/inbound.authz.test.ts

import type { PluginRuntime, RuntimeEnv } from "openclaw/plugin-sdk/nextcloud-talk";
import { describe, expect, it, vi } from "vitest";
import type { ResolvedNextcloudTalkAccount } from "./accounts.js";
import { handleNextcloudTalkInbound } from "./inbound.js";
import { setNextcloudTalkRuntime } from "./runtime.js";
import type { CoreConfig, NextcloudTalkInboundMessage } from "./types.js";

function installInboundAuthzRuntime(params: {
  readAllowFromStore: () => Promise<string[]>;
  buildMentionRegexes: () => RegExp[];
}) {
  setNextcloudTalkRuntime({
    channel: {
      pairing: {
        readAllowFromStore: params.readAllowFromStore,
      },
      commands: {
        shouldHandleTextCommands: () => false,
      },
      text: {
        hasControlCommand: () => false,
      },
      mentions: {
        buildMentionRegexes: params.buildMentionRegexes,
        matchesMentionPatterns: () => false,
      },
    },
  } as unknown as PluginRuntime);
}

function createTestRuntimeEnv(): RuntimeEnv {
  return {
    log: vi.fn(),
    error: vi.fn(),
  } as unknown as RuntimeEnv;
}

describe("nextcloud-talk inbound authz", () => {
  it("does not treat DM pairing-store entries as group allowlist entries", async () => {
    const readAllowFromStore = vi.fn(async () => ["attacker"]);
    const buildMentionRegexes = vi.fn(() => [/@openclaw/i]);

    installInboundAuthzRuntime({ readAllowFromStore, buildMentionRegexes });

    const message: NextcloudTalkInboundMessage = {
      messageId: "m-1",
      roomToken: "room-1",
      roomName: "Room 1",
      senderId: "attacker",
      senderName: "Attacker",
      text: "hello",
      mediaType: "text/plain",
      timestamp: Date.now(),
      isGroupChat: true,
    };

    const account: ResolvedNextcloudTalkAccount = {
      accountId: "default",
      enabled: true,
      baseUrl: "",
      secret: "",
      secretSource: "none", // pragma: allowlist secret
      config: {
        dmPolicy: "pairing",
        allowFrom: [],
        groupPolicy: "allowlist",
        groupAllowFrom: [],
      },
    };

    const config: CoreConfig = {
      channels: {
        "nextcloud-talk": {
          dmPolicy: "pairing",
          allowFrom: [],
          groupPolicy: "allowlist",
          groupAllowFrom: [],
        },
      },
    };

    await handleNextcloudTalkInbound({
      message,
      account,
      config,
      runtime: createTestRuntimeEnv(),
    });

    expect(readAllowFromStore).toHaveBeenCalledWith({
      channel: "nextcloud-talk",
      accountId: "default",
    });
    expect(buildMentionRegexes).not.toHaveBeenCalled();
  });

  it("matches group rooms by token instead of colliding room names", async () => {
    const readAllowFromStore = vi.fn(async () => []);
    const buildMentionRegexes = vi.fn(() => [/@openclaw/i]);

    installInboundAuthzRuntime({ readAllowFromStore, buildMentionRegexes });

    const message: NextcloudTalkInboundMessage = {
      messageId: "m-2",
      roomToken: "room-attacker",
      roomName: "Room Trusted",
      senderId: "trusted-user",
      senderName: "Trusted User",
      text: "hello",
      mediaType: "text/plain",
      timestamp: Date.now(),
      isGroupChat: true,
    };

    const account: ResolvedNextcloudTalkAccount = {
      accountId: "default",
      enabled: true,
      baseUrl: "",
      secret: "",
      secretSource: "none",
      config: {
        dmPolicy: "pairing",
        allowFrom: [],
        groupPolicy: "allowlist",
        groupAllowFrom: ["trusted-user"],
        rooms: {
          "room-trusted": {
            enabled: true,
          },
        },
      },
    };

    await handleNextcloudTalkInbound({
      message,
      account,
      config: {
        channels: {
          "nextcloud-talk": {
            groupPolicy: "allowlist",
            groupAllowFrom: ["trusted-user"],
          },
        },
      },
      runtime: createTestRuntimeEnv(),
    });

    expect(buildMentionRegexes).not.toHaveBeenCalled();
  });
});
Plugins/nextcloud-talk: migrate to scoped plugin-sdk imports 2026-03-04 02:33:08 -05:00			`import type { PluginRuntime, RuntimeEnv } from "openclaw/plugin-sdk/nextcloud-talk";`
security(nextcloud-talk): isolate group allowlist from pairing-store entries 2026-02-24 21:35:31 -07:00			`import { describe, expect, it, vi } from "vitest";`
			`import type { ResolvedNextcloudTalkAccount } from "./accounts.js";`
			`import { handleNextcloudTalkInbound } from "./inbound.js";`
			`import { setNextcloudTalkRuntime } from "./runtime.js";`
			`import type { CoreConfig, NextcloudTalkInboundMessage } from "./types.js";`

refactor(nextcloud-tests): share inbound authz setup 2026-03-17 06:37:25 +00:00			`function installInboundAuthzRuntime(params: {`
			`readAllowFromStore: () => Promise<string[]>;`
			`buildMentionRegexes: () => RegExp[];`
			`}) {`
			`setNextcloudTalkRuntime({`
			`channel: {`
			`pairing: {`
			`readAllowFromStore: params.readAllowFromStore,`
			`},`
			`commands: {`
			`shouldHandleTextCommands: () => false,`
			`},`
			`text: {`
			`hasControlCommand: () => false,`
			`},`
			`mentions: {`
			`buildMentionRegexes: params.buildMentionRegexes,`
			`matchesMentionPatterns: () => false,`
			`},`
			`},`
			`} as unknown as PluginRuntime);`
			`}`

			`function createTestRuntimeEnv(): RuntimeEnv {`
			`return {`
			`log: vi.fn(),`
			`error: vi.fn(),`
			`} as unknown as RuntimeEnv;`
			`}`

security(nextcloud-talk): isolate group allowlist from pairing-store entries 2026-02-24 21:35:31 -07:00			`describe("nextcloud-talk inbound authz", () => {`
			`it("does not treat DM pairing-store entries as group allowlist entries", async () => {`
			`const readAllowFromStore = vi.fn(async () => ["attacker"]);`
			`const buildMentionRegexes = vi.fn(() => [/@openclaw/i]);`

refactor(nextcloud-tests): share inbound authz setup 2026-03-17 06:37:25 +00:00			`installInboundAuthzRuntime({ readAllowFromStore, buildMentionRegexes });`
security(nextcloud-talk): isolate group allowlist from pairing-store entries 2026-02-24 21:35:31 -07:00
			`const message: NextcloudTalkInboundMessage = {`
			`messageId: "m-1",`
			`roomToken: "room-1",`
			`roomName: "Room 1",`
			`senderId: "attacker",`
			`senderName: "Attacker",`
			`text: "hello",`
			`mediaType: "text/plain",`
			`timestamp: Date.now(),`
			`isGroupChat: true,`
			`};`

			`const account: ResolvedNextcloudTalkAccount = {`
			`accountId: "default",`
			`enabled: true,`
			`baseUrl: "",`
			`secret: "",`
Secrets: add inline allowlist review set (#38314) * Secrets: add inline allowlist review set * Secrets: narrow detect-secrets file exclusions * Secrets: exclude Docker fingerprint false positive * Secrets: allowlist test and docs false positives * Secrets: refresh baseline after allowlist updates * Secrets: fix gateway chat fixture pragma * Secrets: format pre-commit config * Android: keep talk mode fixture JSON valid * Feishu: rely on client timeout injection * Secrets: allowlist provider auth test fixtures * Secrets: allowlist onboard search fixtures * Secrets: allowlist onboard mode fixture * Secrets: allowlist gateway auth mode fixture * Secrets: allowlist APNS wake test key * Secrets: allowlist gateway reload fixtures * Secrets: allowlist moonshot video fixture * Secrets: allowlist auto audio fixture * Secrets: allowlist tiny audio fixture * Secrets: allowlist embeddings fixtures * Secrets: allowlist resolve fixtures * Secrets: allowlist target registry pattern fixtures * Secrets: allowlist gateway chat env fixture * Secrets: refresh baseline after fixture allowlists * Secrets: reapply gateway chat env allowlist * Secrets: reapply gateway chat env allowlist * Secrets: stabilize gateway chat env allowlist * Secrets: allowlist runtime snapshot save fixture * Secrets: allowlist oauth profile fixtures * Secrets: allowlist compaction identifier fixture * Secrets: allowlist model auth fixture * Secrets: allowlist model status fixtures * Secrets: allowlist custom onboarding fixture * Secrets: allowlist mattermost token summary fixtures * Secrets: allowlist gateway auth suite fixtures * Secrets: allowlist channel summary fixture * Secrets: allowlist provider usage auth fixtures * Secrets: allowlist media proxy fixture * Secrets: allowlist secrets audit fixtures * Secrets: refresh baseline after final fixture allowlists * Feishu: prefer explicit client timeout * Feishu: test direct timeout precedence 2026-03-06 19:35:26 -05:00			`secretSource: "none", // pragma: allowlist secret`
security(nextcloud-talk): isolate group allowlist from pairing-store entries 2026-02-24 21:35:31 -07:00			`config: {`
			`dmPolicy: "pairing",`
			`allowFrom: [],`
			`groupPolicy: "allowlist",`
			`groupAllowFrom: [],`
			`},`
			`};`

			`const config: CoreConfig = {`
			`channels: {`
			`"nextcloud-talk": {`
			`dmPolicy: "pairing",`
			`allowFrom: [],`
			`groupPolicy: "allowlist",`
			`groupAllowFrom: [],`
			`},`
			`},`
			`};`

			`await handleNextcloudTalkInbound({`
			`message,`
			`account,`
			`config,`
refactor(nextcloud-tests): share inbound authz setup 2026-03-17 06:37:25 +00:00			`runtime: createTestRuntimeEnv(),`
security(nextcloud-talk): isolate group allowlist from pairing-store entries 2026-02-24 21:35:31 -07:00			`});`

test: fix pairing/daemon assertion drift 2026-02-26 21:24:50 +00:00			`expect(readAllowFromStore).toHaveBeenCalledWith({`
			`channel: "nextcloud-talk",`
			`accountId: "default",`
			`});`
security(nextcloud-talk): isolate group allowlist from pairing-store entries 2026-02-24 21:35:31 -07:00			`expect(buildMentionRegexes).not.toHaveBeenCalled();`
			`});`
Integrations: tighten inbound callback and allowlist checks (#46787) * Integrations: harden inbound callback and allowlist handling * Integrations: address review follow-ups * Update CHANGELOG.md * Mattermost: avoid command-gating open button callbacks 2026-03-15 09:24:24 -07:00
			`it("matches group rooms by token instead of colliding room names", async () => {`
			`const readAllowFromStore = vi.fn(async () => []);`
			`const buildMentionRegexes = vi.fn(() => [/@openclaw/i]);`

refactor(nextcloud-tests): share inbound authz setup 2026-03-17 06:37:25 +00:00			`installInboundAuthzRuntime({ readAllowFromStore, buildMentionRegexes });`
Integrations: tighten inbound callback and allowlist checks (#46787) * Integrations: harden inbound callback and allowlist handling * Integrations: address review follow-ups * Update CHANGELOG.md * Mattermost: avoid command-gating open button callbacks 2026-03-15 09:24:24 -07:00
			`const message: NextcloudTalkInboundMessage = {`
			`messageId: "m-2",`
			`roomToken: "room-attacker",`
			`roomName: "Room Trusted",`
			`senderId: "trusted-user",`
			`senderName: "Trusted User",`
			`text: "hello",`
			`mediaType: "text/plain",`
			`timestamp: Date.now(),`
			`isGroupChat: true,`
			`};`

			`const account: ResolvedNextcloudTalkAccount = {`
			`accountId: "default",`
			`enabled: true,`
			`baseUrl: "",`
			`secret: "",`
			`secretSource: "none",`
			`config: {`
			`dmPolicy: "pairing",`
			`allowFrom: [],`
			`groupPolicy: "allowlist",`
			`groupAllowFrom: ["trusted-user"],`
			`rooms: {`
			`"room-trusted": {`
			`enabled: true,`
			`},`
			`},`
			`},`
			`};`

			`await handleNextcloudTalkInbound({`
			`message,`
			`account,`
			`config: {`
			`channels: {`
			`"nextcloud-talk": {`
			`groupPolicy: "allowlist",`
			`groupAllowFrom: ["trusted-user"],`
			`},`
			`},`
			`},`
refactor(nextcloud-tests): share inbound authz setup 2026-03-17 06:37:25 +00:00			`runtime: createTestRuntimeEnv(),`
Integrations: tighten inbound callback and allowlist checks (#46787) * Integrations: harden inbound callback and allowlist handling * Integrations: address review follow-ups * Update CHANGELOG.md * Mattermost: avoid command-gating open button callbacks 2026-03-15 09:24:24 -07:00			`});`

			`expect(buildMentionRegexes).not.toHaveBeenCalled();`
			`});`
security(nextcloud-talk): isolate group allowlist from pairing-store entries 2026-02-24 21:35:31 -07:00			`});`