Fix #140 by updating the default install page handler

Author: seratch

slack_bolt/oauth/async_oauth_flow.py

@@ -11,6 +11,7 @@
     AsyncFailureArgs,
 )
 from slack_bolt.oauth.async_oauth_settings import AsyncOAuthSettings
+from slack_bolt.oauth.internals import _build_default_install_page_html
 from slack_bolt.request.async_request import AsyncBoltRequest
 from slack_bolt.response import BoltResponse
 from slack_sdk.errors import SlackApiError
@@ -151,26 +152,32 @@ def sqlite3(
 
     async def handle_installation(self, request: AsyncBoltRequest) -> BoltResponse:
         state = await self.issue_new_state(request)
-        return await self.build_authorize_url_redirection(request, state)
+        url = await self.build_authorize_url(state, request)
+        html = await self.build_install_page_html(url, request)
+        set_cookie_value = self.settings.state_utils.build_set_cookie_for_new_state(
+            state
+        )
+        return BoltResponse(
+            status=200,
+            body=html,
+            headers={
+                "Content-Type": "text/html; charset=utf-8",
+                "Content-Length": len(bytes(html, "utf-8")),
+                "Set-Cookie": [set_cookie_value],
+            },
+        )
 
     # ----------------------
     # Internal methods for Installation
 
     async def issue_new_state(self, request: AsyncBoltRequest) -> str:
         return await self.settings.state_store.async_issue()
 
-    async def build_authorize_url_redirection(
-        self, request: AsyncBoltRequest, state: str
-    ) -> BoltResponse:
-        return BoltResponse(
-            status=302,
-            headers={
-                "Location": [self.settings.authorize_url_generator.generate(state)],
-                "Set-Cookie": [
-                    self.settings.state_utils.build_set_cookie_for_new_state(state)
-                ],
-            },
-        )
+    async def build_authorize_url(self, state: str, request: AsyncBoltRequest) -> str:
+        return self.settings.authorize_url_generator.generate(state)
+
+    async def build_install_page_html(self, url: str, request: AsyncBoltRequest) -> str:
+        return _build_default_install_page_html(url)
 
     # -----------------------------
     # Callback

slack_bolt/oauth/internals.py

@@ -64,3 +64,22 @@ def _build_callback_failure_response(  # type: ignore
             },
             body=html,
         )
+
+
+def _build_default_install_page_html(url: str) -> str:
+    return f"""<html>
+<head>
+<style>
+body {{
+  padding: 10px 15px;
+  font-family: verdana;
+  text-align: center;
+}}
+</style>
+</head>
+<body>
+<h2>Slack App Installation</h2>
+<p><a href="{url}"><img alt=""Add to Slack"" height="40" width="139" src="https://platform.slack-edge.com/img/add_to_slack.png" srcset="https://platform.slack-edge.com/img/add_to_slack.png 1x, https://platform.slack-edge.com/img/[email protected] 2x" /></a></p>
+</body>
+</html>
+"""

slack_bolt/oauth/oauth_flow.py

@@ -10,6 +10,7 @@
     DefaultCallbackOptions,
     CallbackOptions,
 )
+from slack_bolt.oauth.internals import _build_default_install_page_html
 
 from slack_bolt.oauth.oauth_settings import OAuthSettings
 from slack_bolt.request import BoltRequest
@@ -151,26 +152,32 @@ def sqlite3(
 
     def handle_installation(self, request: BoltRequest) -> BoltResponse:
         state = self.issue_new_state(request)
-        return self.build_authorize_url_redirection(request, state)
+        url = self.build_authorize_url(state, request)
+        html = self.build_install_page_html(url, request)
+        set_cookie_value = self.settings.state_utils.build_set_cookie_for_new_state(
+            state
+        )
+        return BoltResponse(
+            status=200,
+            body=html,
+            headers={
+                "Content-Type": "text/html; charset=utf-8",
+                "Content-Length": len(bytes(html, "utf-8")),
+                "Set-Cookie": [set_cookie_value],
+            },
+        )
 
     # ----------------------
     # Internal methods for Installation
 
     def issue_new_state(self, request: BoltRequest) -> str:
         return self.settings.state_store.issue()
 
-    def build_authorize_url_redirection(
-        self, request: BoltRequest, state: str
-    ) -> BoltResponse:
-        return BoltResponse(
-            status=302,
-            headers={
-                "Location": [self.settings.authorize_url_generator.generate(state)],
-                "Set-Cookie": [
-                    self.settings.state_utils.build_set_cookie_for_new_state(state)
-                ],
-            },
-        )
+    def build_authorize_url(self, state: str, request: BoltRequest) -> str:
+        return self.settings.authorize_url_generator.generate(state)
+
+    def build_install_page_html(self, url: str, request: BoltRequest) -> str:
+        return _build_default_install_page_html(url)
 
     # -----------------------------
     # Callback

tests/adapter_tests/test_aws_chalice.py

@@ -272,4 +272,7 @@ def install() -> Response:
         response: Dict[str, Any] = LocalGateway(chalice_app, Config()).handle_request(
             method="GET", path="/slack/install", body="", headers={}
         )
-        assert response["statusCode"] == 302
+        assert response["statusCode"] == 200
+        assert response["headers"]["content-type"] == "text/html; charset=utf-8"
+        assert response["headers"]["content-length"] == "565"
+        assert response.get("body") is not None

tests/adapter_tests/test_aws_lambda.py

@@ -283,7 +283,10 @@ def test_oauth(self):
             "isBase64Encoded": False,
         }
         response = SlackRequestHandler(app).handle(event, self.context)
-        assert response["statusCode"] == 302
+        assert response["statusCode"] == 200
+        assert response["headers"]["content-type"] == "text/html; charset=utf-8"
+        assert response["headers"]["content-length"] == "565"
+        assert response.get("body") is not None
 
         event = {
             "body": "",
@@ -293,4 +296,7 @@ def test_oauth(self):
             "isBase64Encoded": False,
         }
         response = SlackRequestHandler(app).handle(event, self.context)
-        assert response["statusCode"] == 302
+        assert response["statusCode"] == 200
+        assert response["headers"]["content-type"] == "text/html; charset=utf-8"
+        assert response["headers"]["content-length"] == "565"
+        assert response.get("body") is not None

tests/adapter_tests/test_bottle_oauth.py

@@ -26,9 +26,6 @@ class TestBottle:
     def test_oauth(self):
         with boddle(method="GET", path="/slack/install"):
             response_body = install()
-            assert response_body == ""
-            assert response.status_code == 302
-            assert re.match(
-                "https://slack.com/oauth/v2/authorize\\?state=[^&]+&client_id=111.111&scope=chat:write,commands&user_scope=",
-                response.headers["Location"],
-            )
+            assert response.status_code == 200
+            assert response.headers.get("content-type") == "text/html; charset=utf-8"
+            assert "https://slack.com/oauth/v2/authorize?state=" in response_body

tests/adapter_tests/test_cherrypy_oauth.py

@@ -49,4 +49,4 @@ def teardown_class(cls):
     def test_oauth(self):
         cherrypy.request.process_request_body = False
         self.getPage("/slack/install", method="GET")
-        self.assertStatus("302 Found")
+        self.assertStatus("200 OK")

tests/adapter_tests/test_django.py

@@ -170,4 +170,9 @@ def test_oauth(self):
         )
         request = self.rf.get("/slack/install")
         response = SlackRequestHandler(app).handle(request)
-        assert response.status_code == 302
+        assert response.status_code == 200
+        assert response.get("content-type") == "text/html; charset=utf-8"
+        assert response.get("content-length") == "565"
+        assert "https://slack.com/oauth/v2/authorize?state=" in response.content.decode(
+            "utf-8"
+        )

tests/adapter_tests/test_falcon.py

@@ -179,8 +179,5 @@ def test_oauth(self):
 
         client = testing.TestClient(api)
         response = client.simulate_get("/slack/install")
-        assert response.status_code == 302
-        assert re.match(
-            "https://slack.com/oauth/v2/authorize\\?state=[^&]+&client_id=111.111&scope=chat:write,commands&user_scope=",
-            response.headers["Location"],
-        )
+        assert response.status_code == 200
+        assert "https://slack.com/oauth/v2/authorize?state=" in response.text

tests/adapter_tests/test_fastapi.py

@@ -192,8 +192,7 @@ async def endpoint(req: Request):
 
         client = TestClient(api)
         response = client.get("/slack/install", allow_redirects=False)
-        assert response.status_code == 302
-        assert re.match(
-            "https://slack.com/oauth/v2/authorize\\?state=[^&]+&client_id=111.111&scope=chat:write,commands&user_scope=",
-            response.headers["Location"],
-        )
+        assert response.status_code == 200
+        assert response.headers.get("content-type") == "text/html; charset=utf-8"
+        assert response.headers.get("content-length") == "565"
+        assert "https://slack.com/oauth/v2/authorize?state=" in response.text