Slash commands for single teams

[entropitor]

botkit/lib/SlackBot.js

Line 79 in 9ca6d2e

// FIX THIS

I'm not sure why the check for team is necessary? I think it should be done by the client, not by the lib. What's wrong with having a team that is null?

[wilg]

I've just encountered this as well. It seems like this is for authentication purposes according to the documentation at https://api.slack.com/slash-commands, but I'm not sure why it can't just load up a team either way or use the verification token in some way.

[wilg]

I solved this by just saving the team when the bot boots:

bot = controller.spawn()
bot.api.team.info {}, (err, response) ->
  controller.saveTeam(response.team, ->
    console.log "Saved the team information..."
  )

[entropitor]

Isn't the team id that's in the message itself enough?

But indeed, I've solved it in a similair matter. But it's also a bit weird that it's not documented, because it's kind of a weird error.

[wilg]

I think the idea is you need to capture a "known good" team ID, which you can do by directly asking the Slack API for it, and compare that with the untrusted team ID coming from the slash command web request.

[entropitor]

well, you don't. The id itself is enough. If i have the next code snippet in the beginning of my app, the thing works.

(payload is the payload from the RTM api, but that doesn't really matter, the thing is that there is no real info in the team object)

  //Fix for https://github.com/howdyai/botkit/issues/108
  controller.storage.teams.save({id: payload.team.id, foo:"bar"}, function(err){
    if(err)
      console.error(err)
  });

[timche]

I still can't figure out how this works in combination with express and the slash command.

I'm saving the team id like you did @caske33 and finally got rid of the error Received slash command, but could not load team, but whenever I try to execute the slash command now, I still got Darn – that slash command didn't work (error message:Timeout was reached). in Slack, without any errors in the console.

Can you maybe post an example how it should work?

My code:

let bot = controller.spawn({
    token: process.env.SLACK_TOKEN
}).startRTM()

bot.api.team.info({}, (err, res) => {
    controller.storage.teams.save({id: res.team.id}, (err) => {
        if (err) {
            console.error(err)
        }
    })
})

controller.setupWebserver(process.env.PORT, (err, webserver) => {
  controller.createWebhookEndpoints(controller.webserver)
})

controller.on('james', (bot, message) => {
    bot.replyPublic(message,'Everyone can see this part of the slash command')
})

Thanks.

[entropitor]

@timche Can you try bot.replyPrivate(message, '') before your public reply? (I'm not 100% sure it will work, but just a guess)

[timche]

@caske33 Nope, didn't work :(

Just to clarify: controller.on('james', (bot, message) => { is james the slash command I've set up in Slack or the text that comes after /james <text>?

[timche]

I've solved the problem.

I've just changed 'james' to 'slash_command'. That part was a bit confusing and I thought I have to replace slash_command with the slash command I've set up in Slack.

Before:

controller.on('james', (bot, message) => {
    bot.replyPublic(message,'Everyone can see this part of the slash command')
})

After:

controller.on('slash_command', (bot, message) => {
    bot.replyPublic(message,'Everyone can see this part of the slash command')
})

Now everything is working like expected.

Thanks anyway for that issue above, was very helpful. Couldn't figure it out by myself.

[entropitor]

@timche you can check which command was used by checking the value of the message.command attribute

[benjamincharity]

A bit of clarity for anyone else coming to this issue for a solution.. @timche did find the solution but as there is a missing ' before slash_command I didn't even see the trailing apostraphe... I've been banging my head against this wondering how he could be getting anything other than an slash_command is undefined error.

That, on top of the fact that I assumed this was set similar to hear() etc in that the command would be passed in (ie /foobar).

So to reiterate @timche's find.. full correct code:

controller.on('slash_command', function (bot, message) {
    console.log('Here is the actual slash command used: ', message.command);

    bot.replyPublic(message, '<@' + message.user + '> is cool!');
});

[timche]

Oh wow, sorry @benjamincharity! Didn't realize that a ' is missing :/ I'll fix that.

[benjamincharity]

No worries @timche. Not so late at night and I probably would have noticed much sooner! 😪

[selfcontained]

I'd second that there isn't a need to check the team id, but it should be checking the slack verify token (I don't think it is currently, maybe I missed it though?). One of the greatest strengths of webhooks over a websocket is that it can be stateless, which makes everything much simpler to deal with at scale.

[benbrown]

This has finally been fixed!

@selfcontained thanks to another PR, there is now an option to verify all these requests with the token!

[Jon-Biz]

Has this issue been re-introduced with the new slack interactive messages?

I am experiencing this issue when trying to receive a response from an interactive message, and resolved it with @wilg's workaround above: #108 (comment)

[benbrown]

@Jon-Biz No, it has not been re-introduced. Slack message buttons, unlike slash commands, are limited ONLY to apps using the slack button oauth system, so the team should always be present in the datastore.

[Jon-Biz]

👍

Was just coming back here to update my comment :)