fix(feishu): require webhook auth secret and honor config extras (#30746)

2026-06-08 08:11:38 +00:00 · 2026-05-24 04:27:28 -07:00 · 2026-05-24 04:27:28 -07:00 · 197f63f454
commit 197f63f454
parent bdb97b8573
2 changed files with 42 additions and 2 deletions
--- a/tests/gateway/test_feishu.py
+++ b/tests/gateway/test_feishu.py
@ -3191,6 +3191,39 @@ class TestWebhookSecurity(unittest.TestCase):
        response = asyncio.run(adapter._handle_webhook_request(request))
        self.assertEqual(response.status, 401)

+    @patch.dict(os.environ, {}, clear=True)
+    def test_webhook_connect_requires_inbound_auth_secret(self):
+        from gateway.config import PlatformConfig
+        from gateway.platforms.feishu import FeishuAdapter
+
+        adapter = FeishuAdapter(
+            PlatformConfig(
+                enabled=True,
+                extra={"app_id": "cli_app", "app_secret": "secret_app", "connection_mode": "webhook"},
+            )
+        )
+        self.assertFalse(asyncio.run(adapter.connect()))
+
+    @patch.dict(os.environ, {}, clear=True)
+    def test_webhook_loads_auth_secrets_from_platform_extra(self):
+        from gateway.config import PlatformConfig
+        from gateway.platforms.feishu import FeishuAdapter
+
+        adapter = FeishuAdapter(
+            PlatformConfig(
+                enabled=True,
+                extra={
+                    "app_id": "cli_app",
+                    "app_secret": "secret_app",
+                    "connection_mode": "webhook",
+                    "verification_token": "token_from_extra",
+                    "encrypt_key": "encrypt_from_extra",
+                },
+            )
+        )
+        self.assertEqual(adapter._verification_token, "token_from_extra")
+        self.assertEqual(adapter._encrypt_key, "encrypt_from_extra")
+
    @patch.dict(os.environ, {}, clear=True)
    def test_webhook_url_verification_challenge_passes_without_signature(self):
        """Challenge requests must succeed even when no encrypt_key is set."""