Fix #158 by adding token_verification_enabled option to App

seratch · seratch · commit edd927965169 · 2020-12-19T08:49:03.000+09:00
diff --git a/slack_bolt/app/app.py b/slack_bolt/app/app.py
@@ -76,6 +76,7 @@ def __init__(
         signing_secret: Optional[str] = None,
         # for single-workspace apps
         token: Optional[str] = None,
+        token_verification_enabled: bool = True,
         client: Optional[WebClient] = None,
         # for multi-workspace apps
         authorize: Optional[Callable[..., AuthorizeResult]] = None,
@@ -95,6 +96,7 @@ def __init__(
         :param process_before_response: True if this app runs on Function as a Service. (Default: False)
         :param signing_secret: The Signing Secret value used for verifying requests from Slack.
         :param token: The bot access token required only for single-workspace app.
+        :param token_verification_enabled: Verifies the validity of the given token if True.
         :param client: The singleton slack_sdk.WebClient instance for this app.
         :param authorize: The function to authorize an incoming request from Slack
             by checking if there is a team/user in the installation data.
@@ -227,9 +229,11 @@ def __init__(
         )
 
         self._init_middleware_list_done = False
-        self._init_middleware_list()
+        self._init_middleware_list(
+            token_verification_enabled=token_verification_enabled
+        )
 
-    def _init_middleware_list(self):
+    def _init_middleware_list(self, token_verification_enabled: bool):
         if self._init_middleware_list_done:
             return
         self._middleware_list.append(
@@ -240,7 +244,9 @@ def _init_middleware_list(self):
         if self._oauth_flow is None:
             if self._token is not None:
                 try:
-                    auth_test_result = self._client.auth_test(token=self._token)
+                    auth_test_result = None
+                    if token_verification_enabled:
+                        auth_test_result = self._client.auth_test(token=self._token)
                     self._middleware_list.append(
                         SingleTeamAuthorization(auth_test_result=auth_test_result)
                     )
diff --git a/tests/scenario_tests/test_app.py b/tests/scenario_tests/test_app.py
@@ -67,6 +67,20 @@ def test_token_absence(self):
         with pytest.raises(BoltError):
             App(signing_secret="valid", token="")
 
+    def test_token_verification_enabled_False(self):
+        App(
+            signing_secret="valid",
+            client=self.web_client,
+            token_verification_enabled=False,
+        )
+        App(
+            signing_secret="valid",
+            token="xoxb-invalid",
+            token_verification_enabled=False,
+        )
+
+        assert self.mock_received_requests.get("/auth.test") is None
+
     # --------------------------
     # multi teams auth
     # --------------------------
