Skip to content

Commit 2972d6f

Browse files
Sid-QinTakhoffman
Sid-Qin
and
Takhoffman
authored
fix(feishu): accept groupPolicy "allowall" as alias for "open" (openclaw#36358)
* fix(feishu): accept groupPolicy "allowall" as alias for "open" When users configure groupPolicy: "allowall" in Feishu channel config, the Zod schema rejects the value and the runtime policy check falls through to the allowlist path. With an empty allowFrom array, all group messages are silently dropped despite the intended "allow all" semantics. Accept "allowall" at the schema level (transform to "open") and add a runtime guard in isFeishuGroupAllowed so the value is handled even if it bypasses schema validation. Closes openclaw#36312 Made-with: Cursor * Feishu: tighten allowall alias handling and coverage --------- Co-authored-by: Tak Hoffman <[email protected]>
1 parent 89b303c commit 2972d6f

File tree

5 files changed

+55
-3
lines changed

5 files changed

+55
-3
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -122,6 +122,7 @@ Docs: https://docs.openclaw.ai
122122
- LINE/status/config/webhook synthesis: fix status false positives from snapshot/config state and accept LINE webhook HEAD probes for compatibility. (from #10487, #25726, #27537, #27908, #31387) Thanks @BlueBirdBack, @stakeswky, @loiie45e, @puritysb, and @mcaxtr.
123123
- LINE cleanup/test follow-ups: fold cleanup/test learnings into the synthesis review path while keeping runtime changes focused on regression fixes. (from #17630, #17289) Thanks @Clawborn and @davidahmann.
124124
- Mattermost/interactive buttons: add interactive button send/callback support with directory-based channel/user target resolution, and harden callbacks via account-scoped HMAC verification plus sender-scoped DM routing. (#19957) thanks @tonydehnke.
125+
- Feishu/groupPolicy legacy alias compatibility: treat legacy `groupPolicy: "allowall"` as `open` in both schema parsing and runtime policy checks so intended open-group configs no longer silently drop group messages when `groupAllowFrom` is empty. (from #36358) Thanks @Sid-Qin.
125126

126127
- Mattermost/plugin SDK import policy: replace remaining monolithic `openclaw/plugin-sdk` imports in Mattermost mention-gating paths/tests with scoped subpaths (`openclaw/plugin-sdk/compat` and `openclaw/plugin-sdk/mattermost`) so `pnpm check` passes `lint:plugins:no-monolithic-plugin-sdk-entry-imports` on baseline. (#36480) Thanks @Takhoffman.
127128

extensions/feishu/src/config-schema.test.ts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,14 @@ describe("FeishuConfigSchema webhook validation", () => {
2424
expect(result.accounts?.main?.requireMention).toBeUndefined();
2525
});
2626

27+
it("normalizes legacy groupPolicy allowall to open", () => {
28+
const result = FeishuConfigSchema.parse({
29+
groupPolicy: "allowall",
30+
});
31+
32+
expect(result.groupPolicy).toBe("open");
33+
});
34+
2735
it("rejects top-level webhook mode without verificationToken", () => {
2836
const result = FeishuConfigSchema.safeParse({
2937
connectionMode: "webhook",

extensions/feishu/src/config-schema.ts

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,10 @@ export { z };
44
import { buildSecretInputSchema, hasConfiguredSecretInput } from "./secret-input.js";
55

66
const DmPolicySchema = z.enum(["open", "pairing", "allowlist"]);
7-
const GroupPolicySchema = z.enum(["open", "allowlist", "disabled"]);
7+
const GroupPolicySchema = z.union([
8+
z.enum(["open", "allowlist", "disabled"]),
9+
z.literal("allowall").transform(() => "open" as const),
10+
]);
811
const FeishuDomainSchema = z.union([
912
z.enum(["feishu", "lark"]),
1013
z.string().url().startsWith("https://"),

extensions/feishu/src/policy.test.ts

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,5 +110,45 @@ describe("feishu policy", () => {
110110
}),
111111
).toBe(true);
112112
});
113+
114+
it("allows group when groupPolicy is 'open'", () => {
115+
expect(
116+
isFeishuGroupAllowed({
117+
groupPolicy: "open",
118+
allowFrom: [],
119+
senderId: "oc_group_999",
120+
}),
121+
).toBe(true);
122+
});
123+
124+
it("treats 'allowall' as equivalent to 'open'", () => {
125+
expect(
126+
isFeishuGroupAllowed({
127+
groupPolicy: "allowall",
128+
allowFrom: [],
129+
senderId: "oc_group_999",
130+
}),
131+
).toBe(true);
132+
});
133+
134+
it("rejects group when groupPolicy is 'disabled'", () => {
135+
expect(
136+
isFeishuGroupAllowed({
137+
groupPolicy: "disabled",
138+
allowFrom: ["oc_group_999"],
139+
senderId: "oc_group_999",
140+
}),
141+
).toBe(false);
142+
});
143+
144+
it("rejects group when groupPolicy is 'allowlist' and allowFrom is empty", () => {
145+
expect(
146+
isFeishuGroupAllowed({
147+
groupPolicy: "allowlist",
148+
allowFrom: [],
149+
senderId: "oc_group_999",
150+
}),
151+
).toBe(false);
152+
});
113153
});
114154
});

extensions/feishu/src/policy.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ export function resolveFeishuGroupToolPolicy(
9292
}
9393

9494
export function isFeishuGroupAllowed(params: {
95-
groupPolicy: "open" | "allowlist" | "disabled";
95+
groupPolicy: "open" | "allowlist" | "disabled" | "allowall";
9696
allowFrom: Array<string | number>;
9797
senderId: string;
9898
senderIds?: Array<string | null | undefined>;
@@ -102,7 +102,7 @@ export function isFeishuGroupAllowed(params: {
102102
if (groupPolicy === "disabled") {
103103
return false;
104104
}
105-
if (groupPolicy === "open") {
105+
if (groupPolicy === "open" || groupPolicy === "allowall") {
106106
return true;
107107
}
108108
return resolveFeishuAllowlistMatch(params).allowed;

0 commit comments

Comments
 (0)