test(discord): align clarify/model-picker tests with fail-closed component auth (#41338)

Three gateway tests broke on main after the component-auth security hardening (test_discord_component_auth.py) made empty Discord component allowlists fail-closed: a view built with allowed_user_ids=set() now rejects every click instead of allowing anyone. The clarify and model-picker BEHAVIOR tests still constructed their views with an empty allowlist and expected the click to succeed — a stale assumption from before the hardening. Fixed by giving each view an allowlist containing the clicking user (the interaction's own id), which is the realistic shape and what the security model requires. Production code unchanged — this only updates the test fixtures to match the intended (and separately pinned) fail-closed contract. The security regression suite and these behavior suites now both pass. Fixes: - test_discord_clarify_buttons.py: test_choice_falls_back_to_label_text_when_entry_missing, test_other_flips_entry_to_awaiting_text - test_discord_model_picker.py: test_model_picker_clears_controls_before_running_switch_callback
2026-06-09 08:21:50 +00:00 · 2026-06-07 08:27:40 -07:00 · 2026-06-07 08:27:40 -07:00 · 9dbad1990b
commit 9dbad1990b
parent a317e54935
2 changed files with 3 additions and 3 deletions
--- a/tests/gateway/test_discord_clarify_buttons.py
+++ b/tests/gateway/test_discord_clarify_buttons.py
@ -174,7 +174,7 @@ class TestClarifyChoiceResolve:
        view = ClarifyChoiceView(
            choices=["alpha"],
            clarify_id="cidGone",
-            allowed_user_ids=set(),
+            allowed_user_ids={"42"},  # matches _make_interaction's user; empty = fail-closed
        )
        interaction = _make_interaction()
        # Doesn't raise; resolve_gateway_clarify returns False quietly
@ -245,7 +245,7 @@ class TestClarifyOtherButton:
        view = ClarifyChoiceView(
            choices=["x", "y"],
            clarify_id="cidD",
-            allowed_user_ids=set(),
+            allowed_user_ids={"42"},  # matches _make_interaction's user; empty = fail-closed
        )

        interaction = _make_interaction()
--- a/tests/gateway/test_discord_model_picker.py
+++ b/tests/gateway/test_discord_model_picker.py
@ -54,7 +54,7 @@ async def test_model_picker_clears_controls_before_running_switch_callback():
        current_provider="copilot",
        session_key="session-1",
        on_model_selected=on_model_selected,
-        allowed_user_ids=set(),
+        allowed_user_ids={"123"},  # matches the interaction user; empty = fail-closed
    )
    view._selected_provider = "copilot"