Handle non-RTM bot registration.

Author: dblock

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2020-11-14 17:01:04 -0500 using RuboCop version 0.81.0.
+# on 2020-11-15 11:38:22 -0500 using RuboCop version 0.81.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -32,14 +32,12 @@ Naming/FileName:
   Exclude:
     - 'lib/slack-ruby-bot-server.rb'
 
-# Offense count: 3
+# Offense count: 1
 # Configuration parameters: ForbiddenDelimiters.
 # ForbiddenDelimiters: (?-mix:(^|\s)(EO[A-Z]{1}|END)(\s|$))
 Naming/HeredocDelimiterNaming:
   Exclude:
     - 'lib/slack-ruby-bot-server/info.rb'
-    - 'sample_apps/sample_app_activerecord/commands/help.rb'
-    - 'sample_apps/sample_app_mongoid/commands/help.rb'
 
 # Offense count: 3
 # Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.

README.md

@@ -11,23 +11,23 @@ Build a complete Slack bot service with Slack button integration, in Ruby.
 
 - [What is this?](#what-is-this)
 - [Stable Release](#stable-release)
-- [Try Me](#try-me)
-- [Run Your Own](#run-your-own)
+- [Make Your Own](#make-your-own)
+- [Storage](#storage)
 - [MongoDB](#mongodb)
 - [ActiveRecord](#activerecord)
 - [Usage](#usage)
-- [OAuth Code Grant](#oauth-code-grant)
 - [API](#api)
   - [App](#app)
   - [Service Manager](#service-manager)
     - [Lifecycle Callbacks](#lifecycle-callbacks)
     - [Service Timers](#service-timers)
     - [Extensions](#extensions)
-  - [Server Class](#server-class)
   - [Service Class](#service-class)
 - [HTML Templates](#html-templates)
 - [Access Tokens](#access-tokens)
-- [Example Bots Using Slack Ruby Bot Server](#example-bots-using-slack-ruby-bot-server)
+- [Sample Bots Using Slack Ruby Bot Server](#sample-bots-using-slack-ruby-bot-server)
+  - [Slack Bots with Granular Permissions](#slack-bots-with-granular-permissions)
+  - [Legacy Slack Bots](#legacy-slack-bots)
 - [Copyright & License](#copyright--license)
 
 ### What is this?
@@ -79,26 +79,17 @@ Follow Slack's instructions, note the app client ID and secret, give the bot a d
 
 Within your application, edit your `.env` file and add `SLACK_CLIENT_ID=...` and `SLACK_CLIENT_SECRET=...` in it.
 
-Run `bundle install` and `foreman start` to boot the app. Navigate to [localhost:9292](http://localhost:9292). You should see an "Add to Slack" button. Use it to install the app into your own Slack team.
-
-### OAuth Code Grant
-
 Configure your app's [OAuth scopes](https://api.slack.com/legacy/oauth-scopes) as needed by your application.
 
 ```ruby
 SlackRubyBotServer.configure do |config|
   config.oauth_scope = ['channels:read', 'chat:write:user']
+end
 ```
 
-The "Add to Slack" button uses the standard OAuth code grant flow as described in the [Slack docs](https://api.slack.com/docs/oauth#flow).
-
-The button itself contains a link that looks like this:
+The "Add to Slack" button uses the standard OAuth code grant flow as described in the [Slack docs](https://api.slack.com/docs/oauth#flow). Once clicked, the user is taken through the authorization process at Slack's site. Upon successful completion, a callback containing a temporary code is sent to the redirect URL you specified. The endpoint at that URL contains code that persists the bot token each time a Slack client is instantiated for the specific team.
 
-```
-https://slack.com/oauth/authorize?scope=<%= SlackRubyBotServer::Config.oauth_scope_s %>&client_id=<%= ENV['SLACK_CLIENT_ID'] %>
-```
-
-Once clicked, the user is taken through the authorization process at Slack's site. Upon successful completion, a callback containing a temporary code is sent to the redirect URL you specified. The endpoint at that URL contains code that persists the bot token each time a Slack client is instantiated for the specific team.
+Run `bundle install` and `foreman start` to boot the app. Navigate to [localhost:9292](http://localhost:9292). You should see an "Add to Slack" button. Use it to install the app into your own Slack team.
 
 ### API
 
@@ -259,7 +250,7 @@ end
 
 ### Access Tokens
 
-By default the implementation of [Team](lib/slack-ruby-bot-server/models/team) stores a `bot_access_token` as `token` (for backwards compatibility), and `activated_user_access_token` as the token with all the requested OAuth scopes.
+By default the implementation of [Team](lib/slack-ruby-bot-server/models/team) stores the value of the token with all the requested OAuth scopes in both `token` and `activated_user_access_token` (for backwards compatibility). If a legacy Slack bot integration `bot_access_token` is present, it is stored as `token`, and `activated_user_access_token`is the token that has all the requested OAuth scopes.
 
 ### Sample Bots Using Slack Ruby Bot Server
 

lib/slack-ruby-bot-server/api/endpoints/teams_endpoint.rb

@@ -46,10 +46,14 @@ class TeamsEndpoint < Grape::API
               code: params[:code]
             )
 
-            token = rc['bot']['bot_access_token']
-            bot_user_id = rc['bot']['bot_user_id']
-            user_id = rc['user_id']
             access_token = rc['access_token']
+            user_id = rc['user_id']
+
+            bot = rc['bot']
+
+            token = bot ? bot['bot_access_token'] : access_token
+            bot_user_id = bot['bot_user_id'] if bot
+
             team = Team.where(token: token).first
             team ||= Team.where(team_id: rc['team_id']).first
 

spec/api/endpoints/teams_endpoint_spec.rb

@@ -45,7 +45,106 @@
       end
     end
 
-    context 'register' do
+    context 'register a bot' do
+      before do
+        oauth_access = {
+          'access_token' => 'access_token',
+          'user_id' => 'user_id',
+          'team_id' => 'team_id',
+          'team_name' => 'team_name'
+        }
+        ENV['SLACK_CLIENT_ID'] = 'client_id'
+        ENV['SLACK_CLIENT_SECRET'] = 'client_secret'
+        allow_any_instance_of(Slack::Web::Client).to receive(:oauth_access).with(
+          hash_including(
+            code: 'code',
+            client_id: 'client_id',
+            client_secret: 'client_secret'
+          )
+        ).and_return(oauth_access)
+      end
+      after do
+        ENV.delete('SLACK_CLIENT_ID')
+        ENV.delete('SLACK_CLIENT_SECRET')
+      end
+      it 'creates a team' do
+        expect(SlackRubyBotServer::Service.instance).to receive(:start!)
+        expect do
+          team = client.teams._post(code: 'code')
+          expect(team.team_id).to eq 'team_id'
+          expect(team.name).to eq 'team_name'
+          team = Team.find(team.id)
+          expect(team.token).to eq 'access_token'
+          expect(team.activated_user_access_token).to eq 'access_token'
+          expect(team.activated_user_id).to eq 'user_id'
+          expect(team.bot_user_id).to be nil
+        end.to change(Team, :count).by(1)
+      end
+
+      it 'includes optional state parameter' do
+        expect(SlackRubyBotServer::Service.instance).to receive(:create!).with(instance_of(Team), state: 'property')
+        client.teams._post(code: 'code', state: 'property')
+      end
+
+      it 'reactivates a deactivated team' do
+        expect(SlackRubyBotServer::Service.instance).to receive(:start!)
+        existing_team = Fabricate(:team, token: 'access_token', active: false)
+        expect do
+          team = client.teams._post(code: 'code')
+          expect(team.team_id).to eq existing_team.team_id
+          expect(team.name).to eq existing_team.name
+          expect(team.active).to be true
+          team = Team.find(team.id)
+          expect(team.token).to eq 'access_token'
+          expect(team.active).to be true
+          expect(team.activated_user_access_token).to eq 'access_token'
+          expect(team.activated_user_id).to eq 'user_id'
+          expect(team.bot_user_id).to be nil
+        end.to_not change(Team, :count)
+      end
+      it 'reactivates a team deactivated on slack' do
+        expect(SlackRubyBotServer::Service.instance).to receive(:start!)
+        existing_team = Fabricate(:team, token: 'access_token')
+        expect do
+          expect_any_instance_of(Team).to receive(:ping!) { raise Slack::Web::Api::Errors::SlackError, 'invalid_auth' }
+          team = client.teams._post(code: 'code')
+          expect(team.team_id).to eq existing_team.team_id
+          expect(team.name).to eq existing_team.name
+          expect(team.active).to be true
+          team = Team.find(team.id)
+          expect(team.token).to eq 'access_token'
+          expect(team.active).to be true
+          expect(team.bot_user_id).to be nil
+          expect(team.activated_user_id).to eq 'user_id'
+        end.to_not change(Team, :count)
+      end
+      it 'returns a useful error when team already exists' do
+        expect_any_instance_of(Team).to receive(:ping_if_active!)
+        existing_team = Fabricate(:team, token: 'access_token')
+        expect { client.teams._post(code: 'code') }.to raise_error Faraday::ClientError do |e|
+          json = JSON.parse(e.response[:body])
+          expect(json['message']).to eq "Team #{existing_team.name} is already registered."
+        end
+      end
+      it 'reactivates a deactivated team with a different code' do
+        expect(SlackRubyBotServer::Service.instance).to receive(:start!)
+        existing_team = Fabricate(:team, token: 'old', team_id: 'team_id', active: false)
+        expect do
+          team = client.teams._post(code: 'code')
+          expect(team.team_id).to eq existing_team.team_id
+          expect(team.name).to eq existing_team.name
+          expect(team.active).to be true
+          team = Team.find(team.id)
+          expect(team.token).to eq 'access_token'
+          expect(team.active).to be true
+          expect(team.activated_user_access_token).to eq 'access_token'
+          expect(team.activated_user_id).to eq 'user_id'
+          expect(team.bot_user_id).to be nil
+        end.to_not change(Team, :count)
+      end
+    end
+
+    context 'register a legacy bot' do
       before do
         oauth_access = {
           'bot' => {

spec/database_adapters/activerecord/activerecord.rb

@@ -1,4 +1,4 @@
-db_config = YAML.safe_load(File.read(File.expand_path('../../../sample_apps/sample_app_activerecord/config/postgresql.yml', __dir__)), [], [], true)[ENV['RACK_ENV']]
+db_config = YAML.safe_load(File.read(File.expand_path('config/postgresql.yml', __dir__)), [], [], true)[ENV['RACK_ENV']]
 ActiveRecord::Tasks::DatabaseTasks.create(db_config)
 ActiveRecord::Base.establish_connection(db_config)
 ActiveRecord::Base.logger.level = :info

spec/database_adapters/activerecord/config/postgresql.yml

@@ -0,0 +1,17 @@
+default: &default
+  adapter: postgresql
+  pool: 10
+  timeout: 5000
+  encoding: unicode
+
+development:
+  <<: *default
+  database: slack_ruby_bot_server_development
+
+test:
+  <<: *default
+  database: slack_ruby_bot_server_test
+
+production:
+  <<: *default
+  url: <%= ENV["DATABASE_URL"] %>

spec/database_adapters/mongoid/config/mongoid.yml

@@ -0,0 +1,27 @@
+development:
+  clients:
+    default:
+      database: bot-server_development
+      hosts:
+        - 127.0.0.1:27017
+  options:
+    raise_not_found_error: false
+    use_utc: true
+
+test:
+  clients:
+    default:
+      database: bot-server_test
+      hosts:
+        - 127.0.0.1:27017
+  options:
+    raise_not_found_error: false
+    use_utc: true
+
+production:
+  clients:
+    default:
+      uri: <%= ENV['MONGO_URL'] || ENV['MONGOHQ_URI'] || ENV['MONGOLAB_URI'] || ENV['MONGODB_URI'] %>
+  options:
+    raise_not_found_error: false
+    use_utc: true

spec/database_adapters/mongoid/mongoid.rb

@@ -1,2 +1,2 @@
 Mongo::Logger.logger.level = Logger::INFO
-Mongoid.load!(File.expand_path('../../../sample_apps/sample_app_mongoid/config/mongoid.yml', __dir__), ENV['RACK_ENV'])
+Mongoid.load!(File.expand_path('config/mongoid.yml', __dir__), ENV['RACK_ENV'])

spec/integration/teams_spec.rb

@@ -9,6 +9,7 @@
   after do
     ENV.delete 'SLACK_CLIENT_ID'
     ENV.delete 'SLACK_CLIENT_SECRET'
+    SlackRubyBotServer::Config.oauth_scope = nil
   end
   context 'oauth' do
     before do