Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

handleInstallPath throws an error when stateVerification is false #1506

Closed
1 of 6 tasks
rockingskier opened this issue Jul 3, 2022 · 4 comments
Closed
1 of 6 tasks

handleInstallPath throws an error when stateVerification is false #1506

rockingskier opened this issue Jul 3, 2022 · 4 comments
Assignees
@seratch
Labels
bug M-T: A confirmed bug report. Issues are confirmed when the reproduction steps are documented pkg:oauth applies to `@slack/oauth-helper`
Milestone
oauth@2.5.4

Comments

@rockingskier
Copy link
Contributor

rockingskier commented Jul 3, 2022
edited

I have my app enabled for org-wide installs.
Org apps require stateVerification is set to false, however, this breaks the /slack/install handler.

A stateStore is only created if you have stateVerification=true: https://github.com/slackapi/node-slack-sdk/blob/main/packages/oauth/src/install-provider.ts#L133

Down the line in handleInstallPath it bails out when no stateStore exists: https://github.com/slackapi/node-slack-sdk/blob/main/packages/oauth/src/install-provider.ts#L340-L342

I believe this was introduced in #1436.

It's very possible I'm missing something but it was working with "@slack/bolt": "^3.10.0",.

Packages:

  • @slack/web-api
  • @slack/rtm-api
  • @slack/webhooks
  • @slack/oauth
  • @slack/socket-mode
  • I don't know

Reproducible in:

Definitely 2.5.3
Probably from 2.5.0 (this was the first release after #1436)

"slack/bolt": "^3.11.3",
"slack/logger": "^3.0.0",
"slack/web-api": "^6.7.2",

Node.js runtime version

v16.14.0

OS info

ProductName:	macOS
ProductVersion:	11.6.7

Steps to reproduce:

  1. Enable the app for org installation
  2. Pass stateVerification as false
new ExpressReceiver({
    // config
    installerOptions: {
      stateVerification: false,
    },
    // more config
})
  1. Run the app
  2. Visit /slack/install

Expected result:

A nice "Add to Slack" button

Actual result:

Error: StateStore is not properly configured
    at new GenerateInstallUrlError (/MY_APP/node_modules/@slack/oauth/src/errors.ts:22:1)
    at InstallProvider.<anonymous> (/MY_APP/node_modules/@slack/oauth/src/install-provider.ts:341:13)
    at step (/MY_APP/node_modules/@slack/oauth/dist/install-provider.js:44:23)
    at Object.next (/MY_APP/node_modules/@slack/oauth/dist/install-provider.js:25:53)
    at /MY_APP/node_modules/@slack/oauth/dist/install-provider.js:19:71
    at new Promise (<anonymous>)
    at __awaiter (/MY_APP/node_modules/@slack/oauth/dist/install-provider.js:15:12)
    at InstallProvider.handleInstallPath (/MY_APP/node_modules/@slack/oauth/dist/install-provider.js:295:16)
    at /MY_APP/node_modules/@slack/bolt/src/receivers/ExpressReceiver.ts:283:29
    at Layer.handle [as handle_request] (/MY_APP/node_modules/@slack/bolt/node_modules/express/lib/router/layer.js:95:5)

Requirements

Please read the Contributing guidelines and Code of Conduct before creating this issue or pull request. By submitting, you are agreeing to those rules.
@rockingskier rockingskier mentioned this issue Jul 3, 2022
Merged
2 tasks
@seratch seratch added bug M-T: A confirmed bug report. Issues are confirmed when the reproduction steps are documented pkg:oauth applies to `@slack/oauth-helper` and removed untriaged labels Jul 3, 2022
@seratch seratch self-assigned this Jul 3, 2022
@seratch seratch added this to the oauth@2.5.4 milestone Jul 3, 2022
@seratch
Copy link
Member

seratch commented Jul 3, 2022

@rockingskier Thanks for taking the time to report this. I agree that this should be improved in future releases.

@rockingskier
Copy link
Contributor Author

Happy to help 👍

@seratch
Copy link
Member

seratch commented Jul 7, 2022

Fixed by #1507

@seratch seratch closed this as completed Jul 7, 2022
@filmaj
Copy link
Contributor

filmaj commented Jul 8, 2022

This is now published and live in @slack/oauth v2.5.4 - thanks again @rockingskier !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seratch seratch

Labels
bug M-T: A confirmed bug report. Issues are confirmed when the reproduction steps are documented pkg:oauth applies to `@slack/oauth-helper`
Projects
None yet
Milestone
oauth@2.5.4
Development

No branches or pull requests
3 participants
@seratch @filmaj @rockingskier