From 9dbad1990b8bfd1499d2348ce9f1b27a10eac4e1 Mon Sep 17 00:00:00 2001
From: Teknium <127238744+teknium1@users.noreply.github.com>
Date: Sun, 7 Jun 2026 08:27:40 -0700
Subject: [PATCH] test(discord): align clarify/model-picker tests with
 fail-closed component auth (#41338)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Three gateway tests broke on main after the component-auth security
hardening (test_discord_component_auth.py) made empty Discord component
allowlists fail-closed: a view built with allowed_user_ids=set() now
rejects every click instead of allowing anyone.

The clarify and model-picker BEHAVIOR tests still constructed their views
with an empty allowlist and expected the click to succeed — a stale
assumption from before the hardening. Fixed by giving each view an
allowlist containing the clicking user (the interaction's own id), which
is the realistic shape and what the security model requires.

Production code unchanged — this only updates the test fixtures to match
the intended (and separately pinned) fail-closed contract. The security
regression suite and these behavior suites now both pass.

Fixes:
- test_discord_clarify_buttons.py: test_choice_falls_back_to_label_text_when_entry_missing, test_other_flips_entry_to_awaiting_text
- test_discord_model_picker.py: test_model_picker_clears_controls_before_running_switch_callback
---
 tests/gateway/test_discord_clarify_buttons.py | 4 ++--
 tests/gateway/test_discord_model_picker.py    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/gateway/test_discord_clarify_buttons.py b/tests/gateway/test_discord_clarify_buttons.py
index d2157f2eb9b..c83e52dba5a 100644
--- a/tests/gateway/test_discord_clarify_buttons.py
+++ b/tests/gateway/test_discord_clarify_buttons.py
@@ -174,7 +174,7 @@ class TestClarifyChoiceResolve:
         view = ClarifyChoiceView(
             choices=["alpha"],
             clarify_id="cidGone",
-            allowed_user_ids=set(),
+            allowed_user_ids={"42"},  # matches _make_interaction's user; empty = fail-closed
         )
         interaction = _make_interaction()
         # Doesn't raise; resolve_gateway_clarify returns False quietly
@@ -245,7 +245,7 @@ class TestClarifyOtherButton:
         view = ClarifyChoiceView(
             choices=["x", "y"],
             clarify_id="cidD",
-            allowed_user_ids=set(),
+            allowed_user_ids={"42"},  # matches _make_interaction's user; empty = fail-closed
         )
 
         interaction = _make_interaction()
diff --git a/tests/gateway/test_discord_model_picker.py b/tests/gateway/test_discord_model_picker.py
index 2ee4e86a38d..a07abfb21c3 100644
--- a/tests/gateway/test_discord_model_picker.py
+++ b/tests/gateway/test_discord_model_picker.py
@@ -54,7 +54,7 @@ async def test_model_picker_clears_controls_before_running_switch_callback():
         current_provider="copilot",
         session_key="session-1",
         on_model_selected=on_model_selected,
-        allowed_user_ids=set(),
+        allowed_user_ids={"123"},  # matches the interaction user; empty = fail-closed
     )
     view._selected_provider = "copilot"