slackdump icon indicating copy to clipboard operation
slackdump copied to clipboard
verified publisher icon rusq

Simplify manual token extraction steps

Open mootari opened this issue 3 years ago • 9 comments

Describe the bug

It seems that the instructions for manual token extraction are too complicated. As far as I'm aware dealing with network requests isn't necessary, as the required information can be found in localStorage.

This snippet, when executed in the dev tools console, extracts the current team ID from the URL and retrieves the token:

JSON.parse(localStorage.localConfig_v2).teams[document.location.pathname.match(/^\/client\/(T[A-Z0-9]+)/)[1]].token

Or a bit more readable:

JSON.parse(
  localStorage.localConfig_v2
).teams[
  // Conservative matching of the team ID
  document.location.pathname.match(/^\/client\/(T[A-Z0-9]+)/)[1]
].token

mootari avatar Aug 30 '22 20:08 mootari

Hey @mootari thanks for the suggestion. I agree that getting token manually is a pesky process :)

I can see the benefit of getting the token from the browser in a proposed way. The biggest problem I can see is connecting to the browser, as slackdump is completely separate process.

Possibly the "playwright", which is used for automatic login (EZ-Login 3000) could be used for connecting to existing browser with some preliminary discovery. I will need to play around with it.

I'm keen to understand why did you choose using the manual token extraction over the automatic login?

rusq avatar Aug 30 '22 20:08 rusq

I'm keen to understand why did you choose using the manual token extraction over the automatic login?

I didn't. 🙂 I only just started looking into slackdump, haven't even run a single extraction yet.

The above is stuff from an older project (extracting custom emojis manually) which I felt might be worth sharing.

mootari avatar Aug 30 '22 20:08 mootari

The biggest problem I can see is connecting to the browser, as slackdump is completely separate process.

I'm actually hoping that we can simplify https://github.com/rusq/slackdump/blob/master/doc/login-manual.rst#manual-authentication into a single dev tools console command that will produce the required config format, ready to be copy-pasted.

mootari avatar Aug 30 '22 20:08 mootari

Thanks, I see :) I implemented the automatic login for the same reason that this issue was created for.

Have you seen this project?

Before implementing Automatic login, I thought about using the instructions for emojime https://github.com/jackellenberger/emojme/issues/66. The author of this repo has another one with a chrome browser extension, which, when clicked, produces token and cookie for the slack workspace currently open. I was also looking at using json payload generated as an auth for slackdump.

However, automatic login seemed more solid and easier and to use, so I never ended up adopting any of the above.

So, the suggestion is to let user run a snippet in browser to extract the token/cookies, that outputs it in some machine readable format, and feed it as a login method to slackdump?

rusq avatar Aug 30 '22 20:08 rusq

Sorry, tunnel vision - I'm all for improving the docs to simplifying it!

rusq avatar Aug 30 '22 21:08 rusq

So, the suggestion is to let user run a snippet in browser to extract the token/cookies, that outputs it in some machine readable format, and feed it as a login method to slackdump?

Yes, but as stated in emojime's docs, the d cookie is httpOnly and cannot be read via JavaScript. As far as I'm aware we won't be able to simplify this step via a console script.

The token extraction could probably be slimmed down to three our four steps at most, though.

mootari avatar Aug 30 '22 21:08 mootari

This command didn't work for me. My document.location.pathname ended with two components, neither of which started with a T. Running JSON.parse(localStorage.localConfig_v2).teams showed two keys, one of which was in document.location.pathname and the other started with a T. The .token property of the one that started with a T worked in a secrets.txt file.

yig avatar May 01 '24 04:05 yig

By any chance, are you on the enterprise instance?

According to this comment, removing T should work fine.

JSON.parse(localStorage.localConfig_v2).teams[document.location.pathname.match(/^\/client\/([A-Z0-9]+)/)[1]].token

rusq avatar May 01 '24 06:05 rusq

Let me know if that works for you, I have updated the instruction, will merge once confirmed.

rusq avatar May 01 '24 07:05 rusq

This is an enterprise instance. I can confirm that the new regular expression does extract a token. I can't check whether it works. Even when I move secrets.txt aside, without putting this new token anywhere, slackdump is still somehow able to authenticate. (When I manually extracted the token from JSON.parse(localStorage.localConfig_v2).teams, I used the key beginning with T. This regular expression extracts the key that begins with E.)

yig avatar May 06 '24 14:05 yig