-
-
Notifications
You must be signed in to change notification settings - Fork 9.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature #39606 [Notifier] [Slack] Validate token syntax (OskarStark)
This PR was squashed before being merged into the 5.3-dev branch. Discussion ---------- [Notifier] [Slack] Validate token syntax | Q | A | ------------- | --- | Branch? | 5.x | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | --- | License | MIT | Doc PR | - This PR follows #39560 @odolbeau @malteschlueter @norkunas @fabpot can you confirm all your tokens start with `xox`? _From the Slack documentation:_ * Bot user token strings begin with `xoxb-` * User token strings begin with `xoxp-` * Workspace access token strings begin with `xoxa-2` Commits ------- 59f29c5 [Notifier] [Slack] Validate token syntax
- Loading branch information
Showing
4 changed files
with
26 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
b6fdd6d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know this is well intended, but in my opinion we should revert this change. For two reasons:
This change means that we will have to be permanently in sync with the Slack token syntax rules. We will receive bug reports when our validation is outdated, then we'll have to change our code, release a new version, etc. Why waste our precious time in this?
This hides any potential useful message that Slack may include when using a wrong token. We include
https://api.slack.com/authentication/token-types
in our error message ... but that resource may not be always the best or Slack may decide to include further resources in their error message.So, I would only validate the syntax of universal standards (email addresses, IP addresses, etc.) and I wouldn't try to do the same with proprietary tokens. Thanks!
b6fdd6d
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@javiereguiluz I have mixed feelings about this feature as well, see my comment on the PR: #39606 (comment)