slackapi
403 when using special characters
Issue: When using special characters like "ö" app_handler.handle(request) will return Unauthorized.
Tools: I'm using FastAPI AsyncSlackRequestHandler adapter. I don't know if this happends in without adapters on others, this is my use case.
With this code can be reproduced: https://github.com/slackapi/bolt-python/blob/main/examples/fastapi/async_app.py
Simply using the mention listener and as a user on slack send a special character, 403 will be returned.
Hypothesis: I believe is the way the raw body is handled, that when using special characters is not well decoded or something, I'll keep looking to see if I find a solution, in the meantime reporting this as issue since seems pretty clear is one
More support of evidence:
I've tried creating the app like this:
slack_app = AsyncApp(
authorize=authorize,
signing_secret=os.environ.get("SLACK_SIGNING_SECRET"),
request_verification_enabled=False # Switching this off
)
and it works, so in deed there's something with the auth.
I've also tried to implement my own checks while request_verification_enabled=False and still fails with special characters:
async def verify_request_signature(request: Request) -> bool:
raw_body = await request.body()
body = raw_body.decode("utf-8")
signature_verifier = SignatureVerifier(os.environ.get("SLACK_SIGNING_SECRET"))
timestamp = str(request.headers.get("X-Slack-Request-Timestamp"))
signature = str(request.headers.get("X-Slack-Signature"))
if not timestamp or not signature:
return False
return signature_verifier.is_valid(body, timestamp, signature)
Keeps happening, maybe something off with FastAPI raw body or simply slack, I don't know but I hope this helps
@Alw3ys Thanks for sharing this. We will look into it next week. If you find the cause of the issue, sharing it with us would be greatly appericated.
This one is really strange, I try to investigate this. I found that we do decoding (https://github.com/slackapi/bolt-python/blob/main/slack_bolt/adapter/starlette/async_handler.py#L17) for body.
I guess we can change it here (https://github.com/slackapi/bolt-python/blob/15b5ec4e9479753467ef4b41686921f24a14ffc3/slack_bolt/request/async_request.py#L63-L68)
to
try:
if isinstance(body, str):
self.body = parse_body(self.raw_body, self.content_type)
elif isinstance(body, dict):
self.body = body
else:
self.body = {}
except Exception as e:
print(f"Error parsing the body: {e}")
self.body = {}
Also, for headers, we can try to change to
resp.headers['Content-Type'] = 'text/html; charset=utf-8'
@seratch, any thoughts about this?
@Alw3ys Sorry, I had been busy for other tasks. I just quickly tried to reproduce your issue but I was not able to manage to see the same situation. I simply sent a message like @my-app can you parse ö correctly? and my example app handled the request payload without any issues.
Here is my code. I ran the app by uvicorn app:api --reload --port 3000 --log-level debug.
from slack_bolt.async_app import AsyncApp
from slack_bolt.adapter.fastapi.async_handler import AsyncSlackRequestHandler
app = AsyncApp()
app_handler = AsyncSlackRequestHandler(app)
@app.event("app_mention")
async def handle_app_mentions(body, say, logger):
await say("What's up?")
from fastapi import FastAPI, Request
api = FastAPI()
@api.post("/slack/events")
async def endpoint(req: Request):
return await app_handler.handle(req)
My app responded as expected:
Could you provide the steps to reproduce the issue? If the above bot mentioning string does not work for you, the cause of the issue might not be the FastAPI adapter code. This means that something in your environment, such as proxy servers, may prevent delivering the raw payload string to your FastAPI app.
Once again, I am sorry for my slow response here. I look forward to hearing from you.
Hi there,
Ok, that's def weird. No worries, first of all thanks for taking the time, to try it out, I'll give it another go this week and provide you with an example if the issue still persist