From 59f29c592b2e7d55fca7b9efdbffcb507b729c31 Mon Sep 17 00:00:00 2001 From: Oskar Stark Date: Tue, 22 Dec 2020 10:44:23 +0100 Subject: [PATCH] [Notifier] [Slack] Validate token syntax --- .../Notifier/Bridge/Slack/CHANGELOG.md | 1 + .../Notifier/Bridge/Slack/SlackTransport.php | 5 ++++ .../Slack/Tests/SlackTransportFactoryTest.php | 4 +-- .../Bridge/Slack/Tests/SlackTransportTest.php | 27 ++++++++++++------- 4 files changed, 26 insertions(+), 11 deletions(-) diff --git a/src/Symfony/Component/Notifier/Bridge/Slack/CHANGELOG.md b/src/Symfony/Component/Notifier/Bridge/Slack/CHANGELOG.md index 650a09bc1eec8..bb2c7a9ecc0a0 100644 --- a/src/Symfony/Component/Notifier/Bridge/Slack/CHANGELOG.md +++ b/src/Symfony/Component/Notifier/Bridge/Slack/CHANGELOG.md @@ -6,6 +6,7 @@ CHANGELOG * Check for maximum number of buttons in Slack action block * Add HeaderBlock + * Slack access tokens needs to start with "xox" (see https://api.slack.com/authentication/token-types) 5.2.0 ----- diff --git a/src/Symfony/Component/Notifier/Bridge/Slack/SlackTransport.php b/src/Symfony/Component/Notifier/Bridge/Slack/SlackTransport.php index dba82100503bb..c877d706d2635 100644 --- a/src/Symfony/Component/Notifier/Bridge/Slack/SlackTransport.php +++ b/src/Symfony/Component/Notifier/Bridge/Slack/SlackTransport.php @@ -11,6 +11,7 @@ namespace Symfony\Component\Notifier\Bridge\Slack; +use Symfony\Component\Notifier\Exception\InvalidArgumentException; use Symfony\Component\Notifier\Exception\LogicException; use Symfony\Component\Notifier\Exception\TransportException; use Symfony\Component\Notifier\Exception\UnsupportedMessageTypeException; @@ -35,6 +36,10 @@ final class SlackTransport extends AbstractTransport public function __construct(string $accessToken, string $channel = null, HttpClientInterface $client = null, EventDispatcherInterface $dispatcher = null) { + if (!preg_match('/^xox(b-|p-|a-2)/', $accessToken)) { + throw new InvalidArgumentException('A valid Slack token needs to start with "xoxb-", "xoxp-" or "xoxa-2". See https://api.slack.com/authentication/token-types for further information.'); + } + $this->accessToken = $accessToken; $this->chatChannel = $channel; $this->client = $client; diff --git a/src/Symfony/Component/Notifier/Bridge/Slack/Tests/SlackTransportFactoryTest.php b/src/Symfony/Component/Notifier/Bridge/Slack/Tests/SlackTransportFactoryTest.php index 39c5396179455..74c8147cb3ff1 100644 --- a/src/Symfony/Component/Notifier/Bridge/Slack/Tests/SlackTransportFactoryTest.php +++ b/src/Symfony/Component/Notifier/Bridge/Slack/Tests/SlackTransportFactoryTest.php @@ -24,7 +24,7 @@ public function testCreateWithDsn() { $factory = $this->createFactory(); - $transport = $factory->create(Dsn::fromString('slack://testUser@host.test/?channel=testChannel')); + $transport = $factory->create(Dsn::fromString('slack://xoxb-TestUser@host.test/?channel=testChannel')); $this->assertSame('slack://host.test?channel=testChannel', (string) $transport); } @@ -33,7 +33,7 @@ public function testCreateWithDsnWithoutPath() { $factory = $this->createFactory(); - $transport = $factory->create(Dsn::fromString('slack://testUser@host.test?channel=testChannel')); + $transport = $factory->create(Dsn::fromString('slack://xoxb-TestUser@host.test?channel=testChannel')); $this->assertSame('slack://host.test?channel=testChannel', (string) $transport); } diff --git a/src/Symfony/Component/Notifier/Bridge/Slack/Tests/SlackTransportTest.php b/src/Symfony/Component/Notifier/Bridge/Slack/Tests/SlackTransportTest.php index b97f59c2a74de..6e033c07b4a7a 100644 --- a/src/Symfony/Component/Notifier/Bridge/Slack/Tests/SlackTransportTest.php +++ b/src/Symfony/Component/Notifier/Bridge/Slack/Tests/SlackTransportTest.php @@ -15,6 +15,7 @@ use Symfony\Component\HttpClient\MockHttpClient; use Symfony\Component\Notifier\Bridge\Slack\SlackOptions; use Symfony\Component\Notifier\Bridge\Slack\SlackTransport; +use Symfony\Component\Notifier\Exception\InvalidArgumentException; use Symfony\Component\Notifier\Exception\LogicException; use Symfony\Component\Notifier\Exception\TransportException; use Symfony\Component\Notifier\Exception\UnsupportedMessageTypeException; @@ -31,15 +32,23 @@ public function testToStringContainsProperties() { $channel = 'test Channel'; // invalid channel name to test url encoding of the channel - $transport = new SlackTransport('testToken', $channel, $this->createMock(HttpClientInterface::class)); + $transport = new SlackTransport('xoxb-TestToken', $channel, $this->createMock(HttpClientInterface::class)); $transport->setHost('host.test'); $this->assertSame('slack://host.test?channel=test+Channel', (string) $transport); } + public function testInstatiatingWithAnInvalidSlackTokenThrowsInvalidArgumentException() + { + $this->expectException(InvalidArgumentException::class); + $this->expectExceptionMessage('A valid Slack token needs to start with "xoxb-", "xoxp-" or "xoxa-2". See https://api.slack.com/authentication/token-types for further information.'); + + new SlackTransport('token', 'testChannel', $this->createMock(HttpClientInterface::class)); + } + public function testSupportsChatMessage() { - $transport = new SlackTransport('testToken', 'testChannel', $this->createMock(HttpClientInterface::class)); + $transport = new SlackTransport('xoxb-TestToken', 'testChannel', $this->createMock(HttpClientInterface::class)); $this->assertTrue($transport->supports(new ChatMessage('testChatMessage'))); $this->assertFalse($transport->supports($this->createMock(MessageInterface::class))); @@ -47,7 +56,7 @@ public function testSupportsChatMessage() public function testSendNonChatMessageThrowsLogicException() { - $transport = new SlackTransport('testToken', 'testChannel', $this->createMock(HttpClientInterface::class)); + $transport = new SlackTransport('xoxb-TestToken', 'testChannel', $this->createMock(HttpClientInterface::class)); $this->expectException(UnsupportedMessageTypeException::class); @@ -70,7 +79,7 @@ public function testSendWithEmptyArrayResponseThrows() return $response; }); - $transport = new SlackTransport('testToken', 'testChannel', $client); + $transport = new SlackTransport('xoxb-TestToken', 'testChannel', $client); $transport->send(new ChatMessage('testMessage')); } @@ -93,14 +102,14 @@ public function testSendWithErrorResponseThrows() return $response; }); - $transport = new SlackTransport('testToken', 'testChannel', $client); + $transport = new SlackTransport('xoxb-TestToken', 'testChannel', $client); $transport->send(new ChatMessage('testMessage')); } public function testSendWithOptions() { - $token = 'testToken'; + $token = 'xoxb-TestToken'; $channel = 'testChannel'; $message = 'testMessage'; @@ -129,7 +138,7 @@ public function testSendWithOptions() public function testSendWithNotification() { - $token = 'testToken'; + $token = 'xoxb-TestToken'; $channel = 'testChannel'; $message = 'testMessage'; @@ -172,14 +181,14 @@ public function testSendWithInvalidOptions() return $this->createMock(ResponseInterface::class); }); - $transport = new SlackTransport('testToken', 'testChannel', $client); + $transport = new SlackTransport('xoxb-TestToken', 'testChannel', $client); $transport->send(new ChatMessage('testMessage', $this->createMock(MessageOptionsInterface::class))); } public function testSendWith200ResponseButNotOk() { - $token = 'testToken'; + $token = 'xoxb-TestToken'; $channel = 'testChannel'; $message = 'testMessage'; pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy