Add support for OAuth v2.

Author: dblock

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2020-11-15 11:38:22 -0500 using RuboCop version 0.81.0.
+# on 2020-11-16 09:56:54 -0500 using RuboCop version 0.81.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new

CHANGELOG.md

@@ -1,7 +1,8 @@
 ### Changelog
 
-#### 1.0.1 (Next)
+#### 1.1.0 (Next)
 
+* [#132](https://github.com/slack-ruby/slack-ruby-bot-server/pull/132): Add support for OAuth v2 - [@dblock](https://github.com/dblock).
 * Your contribution here.
 
 #### 1.0.0 (2020/11/15)

README.md

@@ -16,7 +16,7 @@ Build a complete Slack bot service with Slack button integration, in Ruby.
   - [Storage](#storage)
     - [MongoDB](#mongodb)
     - [ActiveRecord](#activerecord)
-  - [OAuth Scopes](#oauth-scopes)
+  - [OAuth Version and Scopes](#oauth-version-and-scopes)
   - [Slack App](#slack-app)
   - [API](#api)
     - [App](#app)
@@ -73,13 +73,14 @@ gem 'otr-activerecord'
 gem 'cursor_pagination'
 ```
 
-### OAuth Scopes
+### OAuth Version and Scopes
 
-Configure your app's [OAuth scopes](https://api.slack.com/legacy/oauth-scopes) as needed by your application.
+Configure your app's [OAuth version](https://api.slack.com/authentication/oauth-v2) and [scopes](https://api.slack.com/legacy/oauth-scopes) as needed by your application.
 
 ```ruby
 SlackRubyBotServer.configure do |config|
-  config.oauth_scope = ['channels:read', 'chat:write:user']
+  config.oauth_version = :v2
+  config.oauth_scope = ['channels:read', 'chat:write']
 end
 ```
 
@@ -91,11 +92,26 @@ Create a new Slack App [here](https://api.slack.com/applications/new).
 
 ![](images/create-app.png)
 
-Follow Slack's instructions, note the app client ID and secret, give the bot a default name, etc. The redirect URL should be the location of your app. For local testing purposes use a public tunneling service such as [ngrok](https://ngrok.com/) to expose local port 9292.
+Follow Slack's instructions, note the app client ID and secret, give the bot a default name, etc.
 
 Within your application, edit your `.env` file and add `SLACK_CLIENT_ID=...` and `SLACK_CLIENT_SECRET=...` in it.
 
-Run `bundle install` and `foreman start` to boot the app. Navigate to [localhost:9292](http://localhost:9292). You should see an "Add to Slack" button. Use it to install the app into your own Slack team.
+Run `bundle install` and `foreman start` to boot the app.
+
+```
+$ foreman start
+07:44:47 web.1  | started with pid 59258
+07:44:50 web.1  | * Listening on tcp://0.0.0.0:5000
+```
+
+Set the redirect URL in "OAuth & Permissions" be the location of your app. Since you cannot receive notifications on localhost from Slack use a public tunneling service such as [ngrok](https://ngrok.com/) to expose local port 9292 for testing.
+
+```
+$ ngrok http 5000
+Forwarding https://ddfd97f80615.ngrok.io -> http://localhost:5000
+```
+
+Navigate to either [localhost:9292](http://localhost:9292) or the ngrok URL above. You should see an "Add to Slack" button. Use it to install the app into your own Slack team.
 
 ### API
 
@@ -174,7 +190,7 @@ The [Add to Slack button](https://api.slack.com/docs/slack-button) also allows f
 auth = OpenSSL::HMAC.hexdigest("SHA256", "key", "data")
 ```
 ```html
-<a href="https://slack.com/oauth/authorize?scope=<%= SlackRubyBotServer::Config.oauth_scope_s %>&client_id=<%= ENV['SLACK_CLIENT_ID'] %>&state=#{auth)"> ... </a>
+<a href="<%= SlackRubyBotServer::Config.oauth_authorize_url %>?scope=<%= SlackRubyBotServer::Config.oauth_scope_s %>&client_id=<%= ENV['SLACK_CLIENT_ID'] %>&state=#{auth)"> ... </a>
 ```
 ```ruby
 instance = SlackRubyBotServer::Service.instance

lib/slack-ruby-bot-server/api/endpoints/teams_endpoint.rb

@@ -40,22 +40,41 @@ class TeamsEndpoint < Grape::API
 
             raise 'Missing SLACK_CLIENT_ID or SLACK_CLIENT_SECRET.' unless ENV.key?('SLACK_CLIENT_ID') && ENV.key?('SLACK_CLIENT_SECRET')
 
-            rc = client.oauth_access(
+            options = {
               client_id: ENV['SLACK_CLIENT_ID'],
               client_secret: ENV['SLACK_CLIENT_SECRET'],
               code: params[:code]
-            )
+            }
 
-            access_token = rc['access_token']
-            user_id = rc['user_id']
+            rc = client.send(SlackRubyBotServer.config.oauth_access_method, options)
 
-            bot = rc['bot']
+            token = nil
+            access_token = nil
+            user_id = nil
+            bot_user_id = nil
+            team_id = nil
+            team_name = nil
 
-            token = bot ? bot['bot_access_token'] : access_token
-            bot_user_id = bot['bot_user_id'] if bot
+            case SlackRubyBotServer::Config.oauth_version
+            when :v2
+              access_token = rc.access_token
+              token = rc.access_token
+              user_id = rc.authed_user&.id
+              bot_user_id = rc.bot_user_id
+              team_id = rc.team&.id
+              team_name = rc.team&.name
+            when :v1
+              access_token = rc.access_token
+              bot = rc.bot if rc.key?(:bot)
+              token = bot ? bot.bot_access_token : access_token
+              user_id = rc.user_id
+              bot_user_id = bot ? bot.bot_user_id : nil
+              team_id = rc.team_id
+              team_name = rc.team_name
+            end
 
             team = Team.where(token: token).first
-            team ||= Team.where(team_id: rc['team_id']).first
+            team ||= Team.where(team_id: team_id).first
 
             if team
               team.ping_if_active!
@@ -72,8 +91,8 @@ class TeamsEndpoint < Grape::API
             else
               team = Team.create!(
                 token: token,
-                team_id: rc['team_id'],
-                name: rc['team_name'],
+                team_id: team_id,
+                name: team_name,
                 activated_user_id: user_id,
                 activated_user_access_token: access_token,
                 bot_user_id: bot_user_id

lib/slack-ruby-bot-server/config.rb

@@ -7,11 +7,13 @@ module Config
     attr_accessor :database_adapter
     attr_accessor :view_paths
     attr_accessor :oauth_scope
+    attr_accessor :oauth_version
 
     def reset!
       self.logger = nil
       self.service_class = SlackRubyBotServer::Service
       self.oauth_scope = nil
+      self.oauth_version = :v2
 
       self.view_paths = [
         'views',
@@ -28,6 +30,28 @@ def reset!
                               end
     end
 
+    def oauth_authorize_url
+      case oauth_version
+      when :v2
+        'https://slack.com/oauth/v2/authorize'
+      when :v1
+        'https://slack.com/oauth/authorize'
+      else
+        raise ArgumentError, 'Invalid oauth_version, must be one of :v1 or v2.'
+      end
+    end
+
+    def oauth_access_method
+      case oauth_version
+      when :v2
+        :oauth_v2_access
+      when :v1
+        :oauth_access
+      else
+        raise ArgumentError, 'Invalid oauth_version, must be one of :v1 or v2.'
+      end
+    end
+
     def oauth_scope_s
       oauth_scope&.join('+')
     end

lib/slack-ruby-bot-server/models/team/methods.rb

@@ -32,10 +32,18 @@ def to_s
 
     def ping!
       client = Slack::Web::Client.new(token: token)
+
       auth = client.auth_test
+
+      presence = begin
+        client.users_getPresence(user: auth['user_id'])
+                 rescue Slack::Web::Api::Errors::MissingScope
+                   nil
+      end
+
       {
         auth: auth,
-        presence: client.users_getPresence(user: auth['user_id'])
+        presence: presence
       }
     end
 

lib/slack-ruby-bot-server/version.rb

@@ -1,3 +1,3 @@
 module SlackRubyBotServer
-  VERSION = '1.0.1'.freeze
+  VERSION = '1.1.0'.freeze
 end

public/index.html.erb

@@ -16,7 +16,7 @@
   </p>
   <p id='messages' />
   <p id='register'>
-    <a href="https://slack.com/oauth/authorize?scope=<%= SlackRubyBotServer::Config.oauth_scope_s %>&client_id=<%= ENV['SLACK_CLIENT_ID'] %>"><img alt="Add to Slack" height="40" width="139" src="https://platform.slack-edge.com/img/add_to_slack.png" srcset="https://platform.slack-edge.com/img/add_to_slack.png 1x, https://platform.slack-edge.com/img/[email protected] 2x"></a>
+    <a href="<%= SlackRubyBotServer::Config.oauth_authorize_url %>?scope=<%= SlackRubyBotServer::Config.oauth_scope_s %>&client_id=<%= ENV['SLACK_CLIENT_ID'] %>"><img alt="Add to Slack" height="40" width="139" src="https://platform.slack-edge.com/img/add_to_slack.png" srcset="https://platform.slack-edge.com/img/add_to_slack.png 1x, https://platform.slack-edge.com/img/[email protected] 2x"></a>
   </p>
   <p id='active_teams_count'>&nbsp;</p>
   <p>

spec/api/endpoints/teams_endpoint_spec.rb

@@ -45,14 +45,114 @@
       end
     end
 
-    context 'register a bot' do
+    context 'register a bot via oauth v2' do
       before do
-        oauth_access = {
-          'access_token' => 'access_token',
-          'user_id' => 'user_id',
-          'team_id' => 'team_id',
-          'team_name' => 'team_name'
-        }
+        SlackRubyBotServer.config.oauth_version = :v2
+        oauth_access = Slack::Messages::Message.new({
+                                                      'access_token' => 'access_token',
+                                                      'authed_user' => { 'id' => 'user_id' },
+                                                      'team' => { 'id' => 'team_id', 'name' => 'team_name' }
+                                                    })
+        ENV['SLACK_CLIENT_ID'] = 'client_id'
+        ENV['SLACK_CLIENT_SECRET'] = 'client_secret'
+        allow_any_instance_of(Slack::Web::Client).to receive(:oauth_v2_access).with(
+          hash_including(
+            code: 'code',
+            client_id: 'client_id',
+            client_secret: 'client_secret'
+          )
+        ).and_return(oauth_access)
+      end
+      after do
+        ENV.delete('SLACK_CLIENT_ID')
+        ENV.delete('SLACK_CLIENT_SECRET')
+      end
+      it 'creates a team' do
+        expect(SlackRubyBotServer::Service.instance).to receive(:start!)
+        expect do
+          team = client.teams._post(code: 'code')
+          expect(team.team_id).to eq 'team_id'
+          expect(team.name).to eq 'team_name'
+          team = Team.find(team.id)
+          expect(team.token).to eq 'access_token'
+          expect(team.activated_user_access_token).to eq 'access_token'
+          expect(team.activated_user_id).to eq 'user_id'
+          expect(team.bot_user_id).to be nil
+        end.to change(Team, :count).by(1)
+      end
+
+      it 'includes optional state parameter' do
+        expect(SlackRubyBotServer::Service.instance).to receive(:create!).with(instance_of(Team), state: 'property')
+        client.teams._post(code: 'code', state: 'property')
+      end
+
+      it 'reactivates a deactivated team' do
+        expect(SlackRubyBotServer::Service.instance).to receive(:start!)
+        existing_team = Fabricate(:team, token: 'access_token', active: false)
+        expect do
+          team = client.teams._post(code: 'code')
+          expect(team.team_id).to eq existing_team.team_id
+          expect(team.name).to eq existing_team.name
+          expect(team.active).to be true
+          team = Team.find(team.id)
+          expect(team.token).to eq 'access_token'
+          expect(team.active).to be true
+          expect(team.activated_user_access_token).to eq 'access_token'
+          expect(team.activated_user_id).to eq 'user_id'
+          expect(team.bot_user_id).to be nil
+        end.to_not change(Team, :count)
+      end
+      it 'reactivates a team deactivated on slack' do
+        expect(SlackRubyBotServer::Service.instance).to receive(:start!)
+        existing_team = Fabricate(:team, token: 'access_token')
+        expect do
+          expect_any_instance_of(Team).to receive(:ping!) { raise Slack::Web::Api::Errors::SlackError, 'invalid_auth' }
+          team = client.teams._post(code: 'code')
+          expect(team.team_id).to eq existing_team.team_id
+          expect(team.name).to eq existing_team.name
+          expect(team.active).to be true
+          team = Team.find(team.id)
+          expect(team.token).to eq 'access_token'
+          expect(team.active).to be true
+          expect(team.bot_user_id).to be nil
+          expect(team.activated_user_id).to eq 'user_id'
+        end.to_not change(Team, :count)
+      end
+      it 'returns a useful error when team already exists' do
+        expect_any_instance_of(Team).to receive(:ping_if_active!)
+        existing_team = Fabricate(:team, token: 'access_token')
+        expect { client.teams._post(code: 'code') }.to raise_error Faraday::ClientError do |e|
+          json = JSON.parse(e.response[:body])
+          expect(json['message']).to eq "Team #{existing_team.name} is already registered."
+        end
+      end
+      it 'reactivates a deactivated team with a different code' do
+        expect(SlackRubyBotServer::Service.instance).to receive(:start!)
+        existing_team = Fabricate(:team, token: 'old', team_id: 'team_id', active: false)
+        expect do
+          team = client.teams._post(code: 'code')
+          expect(team.team_id).to eq existing_team.team_id
+          expect(team.name).to eq existing_team.name
+          expect(team.active).to be true
+          team = Team.find(team.id)
+          expect(team.token).to eq 'access_token'
+          expect(team.active).to be true
+          expect(team.activated_user_access_token).to eq 'access_token'
+          expect(team.activated_user_id).to eq 'user_id'
+          expect(team.bot_user_id).to be nil
+        end.to_not change(Team, :count)
+      end
+    end
+
+    context 'register a bot via oauth v1' do
+      before do
+        SlackRubyBotServer.config.oauth_version = :v1
+        oauth_access = Slack::Messages::Message.new({
+                                                      'access_token' => 'access_token',
+                                                      'user_id' => 'user_id',
+                                                      'team_id' => 'team_id',
+                                                      'team_name' => 'team_name'
+                                                    })
         ENV['SLACK_CLIENT_ID'] = 'client_id'
         ENV['SLACK_CLIENT_SECRET'] = 'client_secret'
         allow_any_instance_of(Slack::Web::Client).to receive(:oauth_access).with(
@@ -146,16 +246,17 @@
 
     context 'register a legacy bot' do
       before do
-        oauth_access = {
-          'bot' => {
-            'bot_access_token' => 'token',
-            'bot_user_id' => 'bot_user_id'
-          },
-          'access_token' => 'access_token',
-          'user_id' => 'user_id',
-          'team_id' => 'team_id',
-          'team_name' => 'team_name'
-        }
+        SlackRubyBotServer.config.oauth_version = :v1
+        oauth_access = Slack::Messages::Message.new({
+                                                      'bot' => {
+                                                        'bot_access_token' => 'token',
+                                                        'bot_user_id' => 'bot_user_id'
+                                                      },
+                                                      'access_token' => 'access_token',
+                                                      'user_id' => 'user_id',
+                                                      'team_id' => 'team_id',
+                                                      'team_name' => 'team_name'
+                                                    })
         ENV['SLACK_CLIENT_ID'] = 'client_id'
         ENV['SLACK_CLIENT_SECRET'] = 'client_secret'
         allow_any_instance_of(Slack::Web::Client).to receive(:oauth_access).with(