@openclaw/msteams 2026.3.7 → 2026.3.8-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@openclaw/msteams",
|
|
3
|
-
"version": "2026.3.
|
|
3
|
+
"version": "2026.3.8-beta.1",
|
|
4
4
|
"description": "OpenClaw Microsoft Teams channel plugin",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"dependencies": {
|
|
@@ -27,6 +27,11 @@
|
|
|
27
27
|
"npmSpec": "@openclaw/msteams",
|
|
28
28
|
"localPath": "extensions/msteams",
|
|
29
29
|
"defaultChoice": "npm"
|
|
30
|
+
},
|
|
31
|
+
"releaseChecks": {
|
|
32
|
+
"rootDependencyMirrorAllowlist": [
|
|
33
|
+
"@microsoft/agents-hosting"
|
|
34
|
+
]
|
|
30
35
|
}
|
|
31
36
|
}
|
|
32
37
|
}
|
|
@@ -5,7 +5,7 @@ import { setMSTeamsRuntime } from "../runtime.js";
|
|
|
5
5
|
import { createMSTeamsMessageHandler } from "./message-handler.js";
|
|
6
6
|
|
|
7
7
|
describe("msteams monitor handler authz", () => {
|
|
8
|
-
|
|
8
|
+
function createDeps(cfg: OpenClawConfig) {
|
|
9
9
|
const readAllowFromStore = vi.fn(async () => ["attacker-aad"]);
|
|
10
10
|
setMSTeamsRuntime({
|
|
11
11
|
logging: { shouldLogVerbose: () => false },
|
|
@@ -35,16 +35,7 @@ describe("msteams monitor handler authz", () => {
|
|
|
35
35
|
};
|
|
36
36
|
|
|
37
37
|
const deps: MSTeamsMessageHandlerDeps = {
|
|
38
|
-
cfg
|
|
39
|
-
channels: {
|
|
40
|
-
msteams: {
|
|
41
|
-
dmPolicy: "pairing",
|
|
42
|
-
allowFrom: [],
|
|
43
|
-
groupPolicy: "allowlist",
|
|
44
|
-
groupAllowFrom: [],
|
|
45
|
-
},
|
|
46
|
-
},
|
|
47
|
-
} as OpenClawConfig,
|
|
38
|
+
cfg,
|
|
48
39
|
runtime: { error: vi.fn() } as unknown as RuntimeEnv,
|
|
49
40
|
appId: "test-app",
|
|
50
41
|
adapter: {} as MSTeamsMessageHandlerDeps["adapter"],
|
|
@@ -65,6 +56,21 @@ describe("msteams monitor handler authz", () => {
|
|
|
65
56
|
} as unknown as MSTeamsMessageHandlerDeps["log"],
|
|
66
57
|
};
|
|
67
58
|
|
|
59
|
+
return { conversationStore, deps, readAllowFromStore };
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
it("does not treat DM pairing-store entries as group allowlist entries", async () => {
|
|
63
|
+
const { conversationStore, deps, readAllowFromStore } = createDeps({
|
|
64
|
+
channels: {
|
|
65
|
+
msteams: {
|
|
66
|
+
dmPolicy: "pairing",
|
|
67
|
+
allowFrom: [],
|
|
68
|
+
groupPolicy: "allowlist",
|
|
69
|
+
groupAllowFrom: [],
|
|
70
|
+
},
|
|
71
|
+
},
|
|
72
|
+
} as OpenClawConfig);
|
|
73
|
+
|
|
68
74
|
const handler = createMSTeamsMessageHandler(deps);
|
|
69
75
|
await handler({
|
|
70
76
|
activity: {
|
|
@@ -96,4 +102,54 @@ describe("msteams monitor handler authz", () => {
|
|
|
96
102
|
});
|
|
97
103
|
expect(conversationStore.upsert).not.toHaveBeenCalled();
|
|
98
104
|
});
|
|
105
|
+
|
|
106
|
+
it("does not widen sender auth when only a teams route allowlist is configured", async () => {
|
|
107
|
+
const { conversationStore, deps } = createDeps({
|
|
108
|
+
channels: {
|
|
109
|
+
msteams: {
|
|
110
|
+
dmPolicy: "pairing",
|
|
111
|
+
allowFrom: [],
|
|
112
|
+
groupPolicy: "allowlist",
|
|
113
|
+
groupAllowFrom: [],
|
|
114
|
+
teams: {
|
|
115
|
+
team123: {
|
|
116
|
+
channels: {
|
|
117
|
+
"19:group@thread.tacv2": { requireMention: false },
|
|
118
|
+
},
|
|
119
|
+
},
|
|
120
|
+
},
|
|
121
|
+
},
|
|
122
|
+
},
|
|
123
|
+
} as OpenClawConfig);
|
|
124
|
+
|
|
125
|
+
const handler = createMSTeamsMessageHandler(deps);
|
|
126
|
+
await handler({
|
|
127
|
+
activity: {
|
|
128
|
+
id: "msg-1",
|
|
129
|
+
type: "message",
|
|
130
|
+
text: "hello",
|
|
131
|
+
from: {
|
|
132
|
+
id: "attacker-id",
|
|
133
|
+
aadObjectId: "attacker-aad",
|
|
134
|
+
name: "Attacker",
|
|
135
|
+
},
|
|
136
|
+
recipient: {
|
|
137
|
+
id: "bot-id",
|
|
138
|
+
name: "Bot",
|
|
139
|
+
},
|
|
140
|
+
conversation: {
|
|
141
|
+
id: "19:group@thread.tacv2",
|
|
142
|
+
conversationType: "groupChat",
|
|
143
|
+
},
|
|
144
|
+
channelData: {
|
|
145
|
+
team: { id: "team123", name: "Team 123" },
|
|
146
|
+
channel: { name: "General" },
|
|
147
|
+
},
|
|
148
|
+
attachments: [],
|
|
149
|
+
},
|
|
150
|
+
sendActivity: vi.fn(async () => undefined),
|
|
151
|
+
} as unknown as Parameters<typeof handler>[0]);
|
|
152
|
+
|
|
153
|
+
expect(conversationStore.upsert).not.toHaveBeenCalled();
|
|
154
|
+
});
|
|
99
155
|
});
|
|
@@ -242,10 +242,7 @@ export function createMSTeamsMessageHandler(deps: MSTeamsMessageHandlerDeps) {
|
|
|
242
242
|
}
|
|
243
243
|
const senderGroupAccess = evaluateSenderGroupAccessForPolicy({
|
|
244
244
|
groupPolicy,
|
|
245
|
-
groupAllowFrom:
|
|
246
|
-
effectiveGroupAllowFrom.length > 0 || !channelGate.allowlistConfigured
|
|
247
|
-
? effectiveGroupAllowFrom
|
|
248
|
-
: ["*"],
|
|
245
|
+
groupAllowFrom: effectiveGroupAllowFrom,
|
|
249
246
|
senderId,
|
|
250
247
|
isSenderAllowed: (_senderId, allowFrom) =>
|
|
251
248
|
resolveMSTeamsAllowlistMatch({
|
package/src/runtime.ts
CHANGED
|
@@ -1,14 +1,6 @@
|
|
|
1
|
+
import { createPluginRuntimeStore } from "openclaw/plugin-sdk/compat";
|
|
1
2
|
import type { PluginRuntime } from "openclaw/plugin-sdk/msteams";
|
|
2
3
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
export
|
|
6
|
-
runtime = next;
|
|
7
|
-
}
|
|
8
|
-
|
|
9
|
-
export function getMSTeamsRuntime(): PluginRuntime {
|
|
10
|
-
if (!runtime) {
|
|
11
|
-
throw new Error("MSTeams runtime not initialized");
|
|
12
|
-
}
|
|
13
|
-
return runtime;
|
|
14
|
-
}
|
|
4
|
+
const { setRuntime: setMSTeamsRuntime, getRuntime: getMSTeamsRuntime } =
|
|
5
|
+
createPluginRuntimeStore<PluginRuntime>("MSTeams runtime not initialized");
|
|
6
|
+
export { getMSTeamsRuntime, setMSTeamsRuntime };
|