slack-bolt icon indicating copy to clipboard operation
slack-bolt copied to clipboard
verified publisher icon khrj

[Question] The error message and the conditional expression do not seem to match?

Open gatchan0807 opened this issue 4 years ago • 0 comments

About

I think the condition of this code as written is the opposite.

if (signatureHash === hmac.hex()) {
    throw new Error(`${verifyErrorPrefix}: signature mismatch`)
}

If I'm wrong about any part of this, I'd like to know about it 🙇

Detail

I'm currently using this Bolt library to create a Slack Bot. I have a question about this message that I sometimes receive during the development process.

[WARN]   Request verification failed: Failed to verify authenticity: signature mismatch

When I checked where this error message was being output, I noticed that the conditional expression was the opposite.

https://github.com/khrj/slack-bolt/blob/52a8c52955e2a4dcca11e55717be4ab6ea4fd051/src/receivers/verify-request.ts#L85

I checked the relevant part of the library for Node.js and the flow described in the documentation, but it looked different from here.

  • https://github.com/slackapi/node-slack-sdk/blob/2a9df19b29951931edee0c0e6f8435bbc1ffb501/packages/events-api/src/http-handler.ts#L53
  • https://api.slack.com/authentication/verifying-requests-from-slack#verifying-requests-from-slack-using-signing-secrets__a-recipe-for-security__step-by-step-walk-through-for-validating-a-request

If this is intentional and caused by me missing something, please don't worry about it. If not, please respond and provide a new version. I would appreciate it if you could respond.

Thanks.

gatchan0807 avatar Dec 10 '21 09:12 gatchan0807