romtuck/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1314 from dbhurley/fix/control-ui-token-auth

Browse Source 
fix: allow token auth to bypass device identity requirement
This commit is contained in:
Peter Steinberger 2026-01-21 02:44:47 +00:00 committed by GitHub
commit ec51bb700c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/gateway/server/ws-connection/message-handler.ts
View File

@ -292,7 +292,9 @@ export function attachGatewayWsMessageHandler(params: {
const device = connectParams.device;
let devicePublicKey: string | null = null;
if (!device) {
// Allow token-authenticated connections (e.g., control-ui) to skip device identity
const hasTokenAuth = !!connectParams.auth?.token;
if (!device && !hasTokenAuth) {
setHandshakeState("failed");
setCloseCause("device-required", {
client: connectParams.client.id,
@ -465,7 +467,7 @@ export function attachGatewayWsMessageHandler(params: {
});
let authOk = authResult.ok;
let authMethod = authResult.method ?? "none";
if (!authOk && connectParams.auth?.token) {
if (!authOk && connectParams.auth?.token && device) {
const tokenCheck = await verifyDeviceToken({
deviceId: device.id,
token: connectParams.auth.token,