Merge branch 'main' into dependabot/pip/starlette-gte-0.49.3-and-lt-1

Author: WilliamBergamin

slack_bolt/adapter/socket_mode/async_internals.py

@@ -8,13 +8,14 @@
 from slack_sdk.socket_mode.request import SocketModeRequest
 from slack_sdk.socket_mode.response import SocketModeResponse
 
+from slack_bolt.adapter.socket_mode.internals import build_headers
 from slack_bolt.app.async_app import AsyncApp
 from slack_bolt.request.async_request import AsyncBoltRequest
 from slack_bolt.response import BoltResponse
 
 
 async def run_async_bolt_app(app: AsyncApp, req: SocketModeRequest):
-    bolt_req: AsyncBoltRequest = AsyncBoltRequest(mode="socket_mode", body=req.payload)
+    bolt_req: AsyncBoltRequest = AsyncBoltRequest(mode="socket_mode", body=req.payload, headers=build_headers(req))
     bolt_resp: BoltResponse = await app.async_dispatch(bolt_req)
     return bolt_resp
 

slack_bolt/adapter/socket_mode/internals.py

@@ -3,6 +3,7 @@
 import json
 import logging
 from time import time
+from typing import Dict, Optional, Sequence, Union
 
 from slack_sdk.socket_mode.client import BaseSocketModeClient
 from slack_sdk.socket_mode.request import SocketModeRequest
@@ -13,8 +14,18 @@
 from slack_bolt.response import BoltResponse
 
 
+def build_headers(req: SocketModeRequest) -> Optional[Dict[str, Union[str, Sequence[str]]]]:
+    # Mirror the HTTP mode retry headers so middleware/listeners can detect Events API retries
+    headers: Dict[str, Union[str, Sequence[str]]] = {}
+    if req.retry_attempt is not None:
+        headers["x-slack-retry-num"] = str(req.retry_attempt)
+    if req.retry_reason is not None:
+        headers["x-slack-retry-reason"] = req.retry_reason
+    return headers or None
+
+
 def run_bolt_app(app: App, req: SocketModeRequest):
-    bolt_req: BoltRequest = BoltRequest(mode="socket_mode", body=req.payload)
+    bolt_req: BoltRequest = BoltRequest(mode="socket_mode", body=req.payload, headers=build_headers(req))
     bolt_resp: BoltResponse = app.dispatch(bolt_req)
     return bolt_resp
 

slack_bolt/middleware/request_verification/request_verification.py

@@ -49,7 +49,7 @@ def process(
 
     @staticmethod
     def _can_skip(mode: str, body: Dict[str, Any]) -> bool:
-        return mode == "socket_mode" or (body is not None and body.get("ssl_check") == "1")
+        return mode == "socket_mode"
 
     @staticmethod
     def _build_error_response() -> BoltResponse:

tests/adapter_tests/socket_mode/test_interactions_builtin.py

@@ -36,7 +36,7 @@ def teardown_method(self):
     def test_interactions(self):
         app = App(client=self.web_client)
 
-        result = {"shortcut": False, "command": False}
+        result = {"shortcut": False, "command": False, "message": False}
 
         @app.shortcut("do-something")
         def shortcut_handler(ack):
@@ -48,6 +48,13 @@ def command_handler(ack):
             result["command"] = True
             ack()
 
+        @app.message("<@W111>")
+        def message_handler(ack, req):
+            result["message"] = req.headers.get("x-slack-retry-num") == ["1"] and req.headers.get(
+                "x-slack-retry-reason"
+            ) == ["timeout"]
+            ack()
+
         handler = SocketModeHandler(
             app_token="xapp-A111-222-xyz",
             app=app,
@@ -66,5 +73,6 @@ def command_handler(ack):
             time.sleep(2)
             assert result["shortcut"] is True
             assert result["command"] is True
+            assert result["message"] is True
         finally:
             handler.client.close()

tests/adapter_tests/socket_mode/test_interactions_websocket_client.py

@@ -37,7 +37,7 @@ def test_interactions(self):
 
         app = App(client=self.web_client)
 
-        result = {"shortcut": False, "command": False}
+        result = {"shortcut": False, "command": False, "message": False}
 
         @app.shortcut("do-something")
         def shortcut_handler(ack):
@@ -49,6 +49,13 @@ def command_handler(ack):
             result["command"] = True
             ack()
 
+        @app.message("<@W111>")
+        def message_handler(ack, req):
+            result["message"] = req.headers.get("x-slack-retry-num") == ["1"] and req.headers.get(
+                "x-slack-retry-reason"
+            ) == ["timeout"]
+            ack()
+
         handler = SocketModeHandler(
             app_token="xapp-A111-222-xyz",
             app=app,
@@ -67,5 +74,6 @@ def command_handler(ack):
             time.sleep(2)
             assert result["shortcut"] is True
             assert result["command"] is True
+            assert result["message"] is True
         finally:
             handler.client.close()

tests/adapter_tests/socket_mode/test_internals.py

@@ -0,0 +1,20 @@
+from slack_sdk.socket_mode.request import SocketModeRequest
+
+from slack_bolt.adapter.socket_mode.internals import build_headers, run_bolt_app
+
+
+class TestSocketModeInternals:
+    def test_build_retry_headers_without_retry(self):
+        req = SocketModeRequest(type="events_api", envelope_id="e1", payload={"type": "event_callback"})
+        assert build_headers(req) is None
+
+    def test_build_retry_headers_with_retry(self):
+        req = SocketModeRequest(
+            type="events_api",
+            envelope_id="e1",
+            payload={"type": "event_callback"},
+            retry_attempt=2,
+            retry_reason="http_timeout",
+        )
+        headers = build_headers(req)
+        assert headers == {"x-slack-retry-num": "2", "x-slack-retry-reason": "http_timeout"}

tests/adapter_tests/wsgi/test_wsgi_http.py

@@ -89,6 +89,47 @@ def command_handler(ack):
         assert response.headers.get("content-type") == "text/plain;charset=utf-8"
         assert_auth_test_count(self, 1)
 
+    def test_ssl_check_param_does_not_bypass_request_verification(self):
+        app = App(
+            client=self.web_client,
+            signing_secret=self.signing_secret,
+            ssl_check_enabled=False,
+        )
+        command_called = False
+
+        def command_handler(ack):
+            nonlocal command_called
+            command_called = True
+            ack()
+
+        app.command("/hello-world")(command_handler)
+
+        body = (
+            "token=verification_token"
+            "&team_id=T111"
+            "&team_domain=test-domain"
+            "&channel_id=C111"
+            "&channel_name=random"
+            "&user_id=W111"
+            "&user_name=primary-owner"
+            "&command=%2Fhello-world"
+            "&text=Hi"
+            "&enterprise_id=E111"
+            "&enterprise_name=Org+Name"
+            "&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT111%2F111%2Fxxxxx"
+            "&trigger_id=111.111.xxx"
+            "&ssl_check=1"
+        )
+        headers = self.build_raw_headers("0", body)
+        headers["x-slack-signature"] = "v0=invalid"
+
+        wsgi_server = WsgiTestServer(SlackRequestHandler(app))
+        response = wsgi_server.http(method="POST", headers=headers, body=body)
+
+        assert response.status == "401 Unauthorized"
+        assert response.body == """{"error": "invalid request"}"""
+        assert command_called is False
+
     def test_events(self):
         app = App(
             client=self.web_client,

tests/adapter_tests_async/socket_mode/test_async_aiohttp.py

@@ -40,7 +40,7 @@ async def test_events(self):
 
         app = AsyncApp(client=self.web_client)
 
-        result = {"shortcut": False, "command": False}
+        result = {"shortcut": False, "command": False, "message": False}
 
         @app.shortcut("do-something")
         async def shortcut_handler(ack):
@@ -52,6 +52,13 @@ async def command_handler(ack):
             result["command"] = True
             await ack()
 
+        @app.message("<@W111>")
+        async def message_handler(ack, req):
+            result["message"] = req.headers.get("x-slack-retry-num") == ["1"] and req.headers.get(
+                "x-slack-retry-reason"
+            ) == ["timeout"]
+            await ack()
+
         handler = AsyncSocketModeHandler(
             app_token="xapp-A111-222-xyz",
             app=app,
@@ -67,6 +74,7 @@ async def command_handler(ack):
             await asyncio.sleep(2)
             assert result["shortcut"] is True
             assert result["command"] is True
+            assert result["message"] is True
         finally:
             await handler.client.close()
             stop_socket_mode_server(self)

tests/adapter_tests_async/socket_mode/test_async_websockets.py

@@ -40,7 +40,7 @@ async def test_events(self):
 
         app = AsyncApp(client=self.web_client)
 
-        result = {"shortcut": False, "command": False}
+        result = {"shortcut": False, "command": False, "message": False}
 
         @app.shortcut("do-something")
         async def shortcut_handler(ack):
@@ -52,6 +52,13 @@ async def command_handler(ack):
             result["command"] = True
             await ack()
 
+        @app.message("<@W111>")
+        async def message_handler(ack, req):
+            result["message"] = req.headers.get("x-slack-retry-num") == ["1"] and req.headers.get(
+                "x-slack-retry-reason"
+            ) == ["timeout"]
+            await ack()
+
         handler = AsyncSocketModeHandler(
             app_token="xapp-A111-222-xyz",
             app=app,
@@ -67,6 +74,7 @@ async def command_handler(ack):
             await asyncio.sleep(2)
             assert result["shortcut"] is True
             assert result["command"] is True
+            assert result["message"] is True
         finally:
             await handler.client.close()
             stop_socket_mode_server(self)

tests/scenario_tests/test_function.py

@@ -7,6 +7,7 @@
 from slack_sdk.signature import SignatureVerifier
 from slack_sdk.web import WebClient
 
+import slack_bolt.listener.thread_runner as runner_module
 from slack_bolt.app import App
 from slack_bolt.request import BoltRequest
 from tests.mock_web_api_server import (
@@ -53,9 +54,9 @@ def build_request_from_body(self, message_body: dict) -> BoltRequest:
         timestamp, body = str(int(time.time())), json.dumps(message_body)
         return BoltRequest(body=body, headers=self.build_headers(timestamp, body))
 
-    def setup_time_mocks(self, *, monkeypatch: pytest.MonkeyPatch, time_mock: Mock, sleep_mock: Mock):
-        monkeypatch.setattr(time, "time", time_mock)
-        monkeypatch.setattr(time, "sleep", sleep_mock)
+    def setup_time_mocks(self, *, monkeypatch: pytest.MonkeyPatch, time_mock, sleep_mock):
+        monkeypatch.setattr(runner_module.time, "time", time_mock)
+        monkeypatch.setattr(runner_module.time, "sleep", sleep_mock)
 
     def test_valid_callback_id_success(self):
         app = App(
@@ -138,10 +139,20 @@ def test_auto_acknowledge_false_without_acknowledging(self, caplog, monkeypatch)
         app.function("reverse", auto_acknowledge=False)(just_no_ack)
 
         request = self.build_request_from_body(function_body)
+
+        elapsed_seconds = 0
+
+        def fake_time():
+            return float(elapsed_seconds)
+
+        def fake_sleep(duration):
+            nonlocal elapsed_seconds
+            elapsed_seconds += 1
+
         self.setup_time_mocks(
             monkeypatch=monkeypatch,
-            time_mock=Mock(side_effect=[current_time for current_time in range(100)]),
-            sleep_mock=Mock(),
+            time_mock=fake_time,
+            sleep_mock=Mock(side_effect=fake_sleep),
         )
         response = app.dispatch(request)
 
@@ -158,20 +169,29 @@ def test_function_handler_timeout(self, monkeypatch):
         app.function("reverse", auto_acknowledge=False, ack_timeout=timeout)(just_no_ack)
         request = self.build_request_from_body(function_body)
 
-        sleep_mock = Mock()
+        elapsed_seconds = 0
+
+        def fake_time():
+            return float(elapsed_seconds)
+
+        def fake_sleep(duration):
+            nonlocal elapsed_seconds
+            elapsed_seconds += 1
+
         self.setup_time_mocks(
             monkeypatch=monkeypatch,
-            time_mock=Mock(side_effect=[current_time for current_time in range(100)]),
-            sleep_mock=sleep_mock,
+            time_mock=fake_time,
+            sleep_mock=Mock(side_effect=fake_sleep),
         )
 
         response = app.dispatch(request)
 
         assert response.status == 404
         assert_auth_test_count(self, 1)
-        assert (
-            sleep_mock.call_count == timeout
-        ), f"Expected handler to time out after calling time.sleep 5 times, but it was called {sleep_mock.call_count} times"
+        assert elapsed_seconds == timeout + 1, (
+            f"Expected handler to time out after {timeout + 1} time.sleep calls, "
+            f"but it was called {elapsed_seconds} times"
+        )
 
     def test_warning_when_timeout_improperly_set(self, caplog):
         app = App(