slack-ruby-bot-server 0.9.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 02acf8078e1ec2fb418d45f9fac6823d7af6b473ad00c8992f59ff4a64311609
-  data.tar.gz: d1da43dc7201cd30a5e49eb6193eb476820edd936b804e714e8952aafaf4d566
+  metadata.gz: 86a1479af364899fd951bee2d75f30d3fd32d2ccb60f3804716d574746f1b85e
+  data.tar.gz: 88cfbd7ed0bec93439f327f5389f9bff6a8eeeb0eeeb2d89f35fa3b08cefc416
 SHA512:
-  metadata.gz: bc2b495018d4d24f36c75eada4e9eb218205611bc2ab94d77b89326e4c23ac0e254302747a6d3bee758dc20fb46f44a4722da93fcac69a262754eb106aca80a6
-  data.tar.gz: 4e503d3c5f70d464a4c07f429cd81b1aa6bdc3414e95fa9b3e668ad6649f644e6df83a8401bf491147c9e5821a3b865052c3a74532cb4ca0e711a495047d5753
+  metadata.gz: 9efdeede9435e4d5bca785b0dbd567a65119892a2521882477e3e5e79480257886375f2170dd54166e6e05fa9be186e4f8da2f878bdae0674c7b76061ac9e66a
+  data.tar.gz: 2a7bf1ee2397aaca5a3337503209009e679e0ebf5daaeed374c8a75fb4ffb102d7a4298d87a8c5c092789932f1f259919119c7959ee21f0c3130c8d90195b673

data/.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2019-02-25 14:24:34 -0500 using RuboCop version 0.58.2.
+# on 2019-03-23 14:16:02 -0400 using RuboCop version 0.58.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 ### Changelog
 
+#### 0.10.0 (2019/3/23)
+
+* [#97](https://github.com/slack-ruby/slack-ruby-bot-server/pull/97): Added `Config#service_class` to override the `SlackRubyBotServer::Service.instance` singleton - [@dblock](https://github.com/dblock).
+* [#96](https://github.com/slack-ruby/slack-ruby-bot-server/pull/96): Added `Team#bot_user_id`, `activated_user_id` and `activated_user_access_token` - [@dblock](https://github.com/dblock).
+* [#95](https://github.com/slack-ruby/slack-ruby-bot-server/pull/95): Expose the optional `state` parameter that is returned from the Add to Slack button - [@aok-solutions](https://github.com/aok-solutions).
+
 #### 0.9.0 (2019/2/25)
 
 * [#93](https://github.com/slack-ruby/slack-ruby-bot-server/pull/93): Removed ping worker in favor of slack-ruby-client lower level ping - [@dblock](https://github.com/dblock).

data/Gemfile

@@ -5,6 +5,7 @@ when 'mongoid' then
   gem 'kaminari-mongoid'
   gem 'mongoid'
   gem 'mongoid-scroll'
+  gem 'mongoid-shell'
 when 'activerecord' then
   gem 'activerecord', '~> 5.0.0'
   gem 'otr-activerecord', '~> 1.2.1'
@@ -26,7 +27,6 @@ group :development, :test do
   gem 'fabrication'
   gem 'faker'
   gem 'hyperclient'
-  gem 'mongoid-shell'
   gem 'rack-server-pages'
   gem 'rack-test'
   gem 'rake'

data/README.md

@@ -13,7 +13,7 @@ A library that contains a [Grape](http://github.com/ruby-grape/grape) API servin
 
 ### Stable Release
 
-You're reading the documentation for the **stable** release of slack-ruby-bot-server, v0.9.0. See [UPGRADING](UPGRADING.md) when upgrading from an older version.
+You're reading the documentation for the **stable** release of slack-ruby-bot-server, v0.10.0. See [UPGRADING](UPGRADING.md) when upgrading from an older version.
 
 ### Try Me
 
@@ -103,15 +103,15 @@ You can introduce custom behavior into the service lifecycle via callbacks. This
 ```ruby
 instance = SlackRubyBotServer::Service.instance
 
-instance.on :created do |team, error|
+instance.on :created do |team, error, options|
   # a new team has been registered
 end
 
-instance.on :deactivated do |team, error|
+instance.on :deactivated do |team, error, options|
   # an existing team has been deactivated in Slack
 end
 
-instance.on :error do |team, error|
+instance.on :error do |team, error, options|
   # an error has occurred
 end
 ```
@@ -132,6 +132,25 @@ The following callbacks are supported. All callbacks receive a `team`, except `e
 | deactivating   | a team is being deactivated                                      |
 | deactivated    | a team has been deactivated                                      |
 
+
+The [Add to Slack button](https://api.slack.com/docs/slack-button) also allows for an optional `state` parameter that will be returned on completion of the request. The `creating` and `created` callbacks include an options hash where this value can be accessed (to check for forgery attacks for instance).
+```ruby
+auth = OpenSSL::HMAC.hexdigest("SHA256", "key", "data")
+```
+```html
+<a href="https://slack.com/oauth/authorize?scope=bot&client_id=<%= ENV['SLACK_CLIENT_ID'] %>&state=#{auth)"> ... </a>
+```
+```ruby
+instance = SlackRubyBotServer::Service.instance
+instance.on :creating do |team, error, options|
+  raise "Unauthorized response" unless options[:state] == auth
+end
+```
+
+A number of extensions use service manager callbacks to implement useful functionality.
+
+* [slack-ruby-bot-server-mailchimp](https://github.com/slack-ruby/slack-ruby-bot-server-mailchimp): Subscribes new bot users to a Mailchimp mailing list.
+
 #### Server Class
 
 You can override the server class to handle additional events, and configure the service to use it.
@@ -152,14 +171,32 @@ SlackRubyBotServer.configure do |config|
 end
 ```
 
+#### Service Class
+
+You can override the service class to handle additional methods.
+
+```ruby
+class MyService < SlackRubyBotServer::Service
+  def url
+    'https://www.example.com'
+  end
+end
+
+SlackRubyBotServer.configure do |config|
+  config.service_class = MyService
+end
+
+SlackRubyBotServer::Service.instance # MyService
+SlackRubyBotServer::Service.instance.url # https://www.example.com
+```
+
 ### Access Tokens
 
-By default the implementation of [Team](lib/slack-ruby-bot-server/models/team) stores a `bot_access_token` that grants a certain amount of privileges to the bot user as described in [Slack OAuth Docs](https://api.slack.com/docs/oauth). You may not want a bot user at all, or may require different auth scopes, such as `users.profile:read` to access user profile information via `Slack::Web::Client#users_profile_get`. To obtain the non-bot access token make the following changes.
+By default the implementation of [Team](lib/slack-ruby-bot-server/models/team) stores a `bot_access_token` as `token` that grants a certain amount of privileges to the bot user as described in [Slack OAuth Docs](https://api.slack.com/docs/oauth) along with `activated_user_access_token` that represents the token of the installing user. You may not want a bot user at all, or may require different auth scopes, such as `users.profile:read` to access user profile information via `Slack::Web::Client#users_profile_get`. To change required scopes make the following changes.
 
 1) Configure your app to require additional scopes in Slack API under _OAuth_, _Permissions_
-2) Add `access_token` and, optionally, `scope` to your `Team` model
-3) Change the _Add to Slack_ buttons to require the additional scope, eg. `https://slack.com/oauth/authorize?scope=bot,users.profile:read&client_id=...`
-4) Store the access token returned from `Slack::Web::Client#oauth_access` and scope when creating a team in your `Teams` API endpoint.
+2) Change the _Add to Slack_ buttons to require the additional scope, eg. `https://slack.com/oauth/authorize?scope=bot,users.profile:read&client_id=...`
+3) The access token with the requested scopes will be stored as `activated_user_access_token`.
 
 You can see a sample implementation in [slack-sup#3a497b](https://github.com/dblock/slack-sup/commit/3a497b436d25d3a7738562655cda64b180ae0096).
 

data/UPGRADING.md

@@ -1,9 +1,35 @@
 Upgrading Slack-Ruby-Bot-Server
 ===============================
 
+### Upgrading to >= 0.10.0
+
+#### New Team Fields
+
+The following fields have been added to `Team`.
+
+* `bot_user_id`: the bot `user_id` during installation
+* `activated_user_id`: the installing Slack user `user_id`
+* `activated_user_access_token`: the installing Slack user `access_token`
+
+No action is required for Mongoid.
+
+If you're using ActiveRecord, create a migration similar to [sample_apps/sample_app_activerecord/db/migrate/20190323181453_add_activated_fields.rb](sample_apps/sample_app_activerecord/db/migrate/20190323181453_add_activated_fields.rb) to add these fields.
+
+```ruby
+class AddActivatedFields < ActiveRecord::Migration[5.0]
+  def change
+    add_column :teams, :bot_user_id, :string
+    add_column :teams, :activated_user_id, :string
+    add_column :teams, :activated_user_access_token, :string
+  end
+end
+```
+
+See [#96](https://github.com/slack-ruby/slack-ruby-bot-server/pull/96) for more information.
+
 ### Upgrading to >= 0.9.0
 
-### Removed Ping Worker
+#### Removed Ping Worker
 
 The ping worker that was added in 0.7.0 has been removed in favor of a lower level implementation in slack-ruby-client. Remove any references to `ping` options.
 
@@ -11,7 +37,7 @@ See [slack-ruby-client#226](https://github.com/slack-ruby/slack-ruby-client/pull
 
 ### Upgrading to >= 0.8.0
 
-### Different Asynchronous I/O Library
+#### Different Asynchronous I/O Library
 
 The library now uses [async-websocket](https://github.com/socketry/async-websocket) instead of [celluloid-io](https://github.com/celluloid/celluloid-io). If your application is built on Celluloid you may need to make changes and use `Async::Reactor.run` and the likes.
 

data/lib/slack-ruby-bot-server.rb

@@ -2,6 +2,7 @@ require 'async/websocket'
 
 require 'grape-swagger'
 require 'slack-ruby-bot'
+require 'slack-ruby-bot-server/service'
 require 'slack-ruby-bot-server/server'
 require 'slack-ruby-bot-server/config'
 
@@ -13,4 +14,3 @@ require "slack-ruby-bot-server/config/database_adapters/#{SlackRubyBotServer::Co
 
 require 'slack-ruby-bot-server/api'
 require 'slack-ruby-bot-server/app'
-require 'slack-ruby-bot-server/service'

data/lib/slack-ruby-bot-server/api/endpoints/teams_endpoint.rb

@@ -33,6 +33,7 @@ module SlackRubyBotServer
           desc 'Create a team using an OAuth token.'
           params do
             requires :code, type: String
+            optional :state, type: String
           end
           post do
             client = Slack::Web::Client.new
@@ -46,21 +47,34 @@ module SlackRubyBotServer
             )
 
             token = rc['bot']['bot_access_token']
+            bot_user_id = rc['bot']['bot_user_id']
+            user_id = rc['user_id']
+            access_token = rc['access_token']
             team = Team.where(token: token).first
             team ||= Team.where(team_id: rc['team_id']).first
-            if team && !team.active?
+
+            if team
+              team.update_attributes!(
+                activated_user_id: user_id,
+                activated_user_access_token: access_token,
+                bot_user_id: bot_user_id
+              )
+              raise "Team #{team.name} is already registered." if team.active?
               team.activate!(token)
-            elsif team
-              raise "Team #{team.name} is already registered."
             else
               team = Team.create!(
                 token: token,
                 team_id: rc['team_id'],
-                name: rc['team_name']
+                name: rc['team_name'],
+                activated_user_id: user_id,
+                activated_user_access_token: access_token,
+                bot_user_id: bot_user_id
               )
             end
 
-            Service.instance.create!(team)
+            options = params.slice(:state)
+
+            Service.instance.create!(team, options)
             present team, with: Presenters::TeamPresenter
           end
         end

data/lib/slack-ruby-bot-server/config.rb

@@ -3,10 +3,12 @@ module SlackRubyBotServer
     extend self
 
     attr_accessor :server_class
+    attr_accessor :service_class
     attr_accessor :database_adapter
 
     def reset!
       self.server_class = SlackRubyBotServer::Server
+      self.service_class = SlackRubyBotServer::Service
       self.database_adapter = if defined?(::Mongoid)
                                 :mongoid
                               elsif defined?(::ActiveRecord)

data/lib/slack-ruby-bot-server/config/database_adapters/activerecord.rb

@@ -12,11 +12,15 @@ module SlackRubyBotServer
 
     def self.init!
       return if ActiveRecord::Base.connection.tables.include?('teams')
+
       ActiveRecord::Base.connection.create_table :teams do |t|
         t.string :team_id
         t.string :name
         t.string :domain
         t.string :token
+        t.string :bot_user_id
+        t.string :activated_user_id
+        t.string :activated_user_access_token
         t.boolean :active, default: true
         t.timestamps
       end

data/lib/slack-ruby-bot-server/models/team/mongoid.rb

@@ -9,6 +9,9 @@ class Team
   field :domain, type: String
   field :token, type: String
   field :active, type: Boolean, default: true
+  field :bot_user_id, type: String
+  field :activated_user_id, type: String
+  field :activated_user_access_token, type: String
 
   include Methods
 

data/lib/slack-ruby-bot-server/service.rb

@@ -10,7 +10,7 @@ module SlackRubyBotServer
     end
 
     def self.instance
-      @instance ||= new
+      @instance ||= SlackRubyBotServer::Config.service_class.new
     end
 
     def initialize
@@ -21,10 +21,10 @@ module SlackRubyBotServer
       @callbacks[type.to_s] << block
     end
 
-    def create!(team)
-      run_callbacks :creating, team
+    def create!(team, options = {})
+      run_callbacks :creating, team, nil, options
       start!(team)
-      run_callbacks :created, team
+      run_callbacks :created, team, nil, options
     end
 
     def start!(team)
@@ -103,11 +103,11 @@ module SlackRubyBotServer
       end
     end
 
-    def run_callbacks(type, team = nil, error = nil)
+    def run_callbacks(type, team = nil, error = nil, options = {})
       callbacks = @callbacks[type.to_s]
       return false unless callbacks
       callbacks.each do |c|
-        c.call team, error
+        c.call team, error, options
       end
       true
     rescue StandardError => e

data/lib/slack-ruby-bot-server/version.rb

@@ -1,3 +1,3 @@
 module SlackRubyBotServer
-  VERSION = '0.9.0'.freeze
+  VERSION = '0.10.0'.freeze
 end

data/public/scripts/register.js

@@ -32,6 +32,7 @@ $(document).ready(function() {
 
   // Slack OAuth
   var code = $.url('?code')
+  var state = $.url('?state')
   if (code) {
     SlackRubyBotServer.message('Working, please wait ...');
     $('#register').hide();
@@ -39,7 +40,8 @@ $(document).ready(function() {
       type: "POST",
       url: "/api/teams",
       data: {
-        code: code
+        code: code,
+        state: state
       },
       success: function(data) {
         SlackRubyBotServer.message('Team successfully registered!<br><br>DM <b>@bot</b> or create a <b>#channel</b> and invite <b>@bot</b> to it.');

data/sample_apps/sample_app_activerecord/db/migrate/20170307164946_create_teams_table.rb

@@ -6,7 +6,6 @@ class CreateTeamsTable < ActiveRecord::Migration[5.0]
       t.boolean :active, default: true
       t.string :domain
       t.string :token
-
       t.timestamps
     end
   end

data/sample_apps/sample_app_activerecord/db/migrate/20190323181453_add_activated_fields.rb

@@ -0,0 +1,7 @@
+class AddActivatedFields < ActiveRecord::Migration[5.0]
+  def change
+    add_column :teams, :bot_user_id, :string
+    add_column :teams, :activated_user_id, :string
+    add_column :teams, :activated_user_access_token, :string
+  end
+end

data/sample_apps/sample_app_activerecord/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20_170_307_164_946) do
+ActiveRecord::Schema.define(version: 20_190_323_181_453) do
   # These are extensions that must be enabled in order to support this database
   enable_extension 'plpgsql'
 
@@ -20,7 +20,10 @@ ActiveRecord::Schema.define(version: 20_170_307_164_946) do
     t.boolean  'active', default: true
     t.string   'domain'
     t.string   'token'
-    t.datetime 'created_at',                null: false
-    t.datetime 'updated_at',                null: false
+    t.datetime 'created_at',                                 null: false
+    t.datetime 'updated_at',                                 null: false
+    t.string   'bot_user_id'
+    t.string   'activated_user_id'
+    t.string   'activated_user_access_token'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: slack-ruby-bot-server
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Daniel Doubrovkine
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-25 00:00:00.000000000 Z
+date: 2019-03-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async-websocket
@@ -221,7 +221,6 @@ files:
 - lib/slack-ruby-bot-server/ext/slack-ruby-bot.rb
 - lib/slack-ruby-bot-server/ext/slack-ruby-bot/client.rb
 - lib/slack-ruby-bot-server/info.rb
-- lib/slack-ruby-bot-server/models.rb
 - lib/slack-ruby-bot-server/models/team/activerecord.rb
 - lib/slack-ruby-bot-server/models/team/methods.rb
 - lib/slack-ruby-bot-server/models/team/mongoid.rb
@@ -252,6 +251,7 @@ files:
 - sample_apps/sample_app_activerecord/config/newrelic.yml
 - sample_apps/sample_app_activerecord/config/postgresql.yml
 - sample_apps/sample_app_activerecord/db/migrate/20170307164946_create_teams_table.rb
+- sample_apps/sample_app_activerecord/db/migrate/20190323181453_add_activated_fields.rb
 - sample_apps/sample_app_activerecord/db/schema.rb
 - sample_apps/sample_app_activerecord/spec/api/root_spec.rb
 - sample_apps/sample_app_activerecord/spec/commands/help_spec.rb

data/lib/slack-ruby-bot-server/models.rb

@@ -1 +0,0 @@
-require 'slack-ruby-bot-server/models/team'