bolt-python
bolt-python copied to clipboard
message event in one app being sent to Request URL in another app
I have two Slack apps under the same team / workspace:
- App 1. Production app that is set to
POST
events to a Request URL / HTTPS endpoint - App 2. Development app that is set to use WebSockets
My goal is to develop under App 2 before deploying to production under App 1. I have App 1 deployed on a k8s cluster in AWS that receives message
events with Bolt just fine, and events are POST
ed to my request URL.
If I do a simple request with App 2's tokens and channel IDs with chat.postMessage/test
endpoint here, it successfully delivers the message to App 2's channel, but I see from App 1's production logs that it also attempts to send a POST request to App 1's Request URL configured. I ensured that App 1 and App 2 tokens are not being mixed up. My assumption was that if I configured my Bolt app with App 2's tokens, then the apps would be isolated (i.e. a message sent to App 2 is not sent to App 1)
Reproducible in:
The slack_bolt
version
# pip freeze | grep slack
slack-bolt==1.18.0
slack-sdk==3.26.1
Python runtime version
# python --version
Python 3.11.7
OS info
# uname -v
#1 SMP PREEMPT Mon Nov 8 11:22:26 UTC 202
I'm running Slack bolt app inside a docker container. The above is running the command inside a running container.
Steps to reproduce:
Configure two apps in the same workspace team
- One with Socket Mode off and
POST
s requests to the Request URL - One with Socket Mode on
- Install both apps in the same workspace (the two apps are listed under the
Apps
section of the sidebar in the Slack desktop app - Visit chat.postMessage/test
- Post a message using App 2's Bot token and channel ID obtained from App 2 in the
Apps
section of the sidebar - Observe that the message was sent to App 2's channel, but it also sent a payload to App 1's endpoint
Expected result:
Message from chat.postMessage/test
is sent only to App 2's channel and payload is NOT sent to App1's Request URL
Actual result:
The chat.postMessage/test
message was sent to App 2's channel successfully, but it also sent a payload to App 1's Request URL.
Here's a snippet of App 1's logs
[2023-12-27 11:58:39] {__init__.py:202} DEBUG - Installation data missing for enterprise: none, team: <redacted>: [Errno 2] No such file or directory: '/mnt/efs/slack/installations/none-<redacted>/installer-<redacted>-latest'
[2023-12-27 11:58:39] {base_client.py:251} DEBUG - Sending a request - url: https://www.slack.com/api/auth.test, query_params: {}, body_params: {'team_id': '<redacted>'}, files: {}, json_body: None, headers: {'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': '(redacted)', 'User-Agent': 'Python/3.11.7 slackclient/3.26.1 Linux/5.10.201-191.748.amzn2.x86_64'}
[2023-12-27 11:58:39] {base_client.py:542} DEBUG - Received the following response - status: 200, headers: {'date': 'Wed, 27 Dec 2023 11:58:39 GMT', 'server': 'Apache', 'vary': 'Accept-Encoding', 'x-slack-req-id': 'a714a5f3b034471fea55b601b501685a', 'x-content-type-options': 'nosniff', 'x-xss-protection': '0', 'pragma': 'no-cache', 'cache-control': 'private, no-cache, no-store, must-revalidate', 'expires': 'Sat, 26 Jul 1997 05:00:00 GMT', 'content-type': 'application/json; charset=utf-8', 'x-oauth-scopes': 'channels:read,groups:read,chat:write,app_mentions:read,channels:history,commands,groups:history,im:history,incoming-webhook,mpim:history,users.profile:read,reactions:read', 'access-control-expose-headers': 'x-slack-req-id, retry-after', 'access-control-allow-headers': 'slack-route, x-slack-version-ts, x-b3-traceid, x-b3-spanid, x-b3-parentspanid, x-b3-sampled, x-b3-flags', 'strict-transport-security': 'max-age=31536000; includeSubDomains; preload', 'referrer-policy': 'no-referrer', 'x-slack-unique-id': 'ZYwRbyiCpuimxPjc3FTrSQAAECE', 'x-slack-backend': 'r', 'access-control-allow-origin': '*', 'content-length': '196', 'via': '1.1 slack-prod.tinyspeck.com, envoy-www-iad-movnsdlb, envoy-edge-pdx-bivryhjg', 'x-envoy-attempt-count': '1', 'x-envoy-upstream-service-time': '153', 'x-backend': 'main_normal main_canary_with_overflow main_control_with_overflow', 'x-server': 'slack-www-hhvm-main-iad-pxeh', 'x-slack-shared-secret-outcome': 'no-match', 'x-edge-backend': 'envoy-www', 'x-slack-edge-shared-secret-outcome': 'no-match', 'connection': 'close'}, body: {"ok":true,"url":"https:\/\/<redacted>.slack.com\/","team":"<redacted>","user":"<redacted>","team_id":"<redacted>","user_id":"<redacted>","bot_id":"<redacted>","is_enterprise_install":false}
[2023-12-27 11:58:39] {listener_error_handler.py:67} ERROR - Failed to run listener function (error: 1 validation error for SlackMessagePayload
event -> client_msg_id
field required (type=value_error.missing))
Traceback (most recent call last):
File "/usr/local/lib/python3.11/site-packages/slack_bolt/listener/thread_runner.py", line 120, in run_ack_function_asynchronously
listener.run_ack_function(request=request, response=response)
File "/usr/local/lib/python3.11/site-packages/slack_bolt/listener/custom_listener.py", line 50, in run_ack_function
return self.ack_function(
^^^^^^^^^^^^^^^^^^
File "/var/www/app/routers/router.py", line 80, in handle_message
message = SlackMessagePayload(**body)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "pydantic/main.py", line 341, in pydantic.main.BaseModel.__init__
pydantic.error_wrappers.ValidationError: 1 validation error for SlackMessagePayload
event -> client_msg_id
field required (type=value_error.missing)
INFO: 172.16.1.83:29506 - "POST /app1/endpoint HTTP/1.1" 200 OK # the endpoint configured in App 1
The Exception above is expected, because my production app is receiving a payload that it's not expecting. This is how the Bolt app is configured in production
oauth_settings = OAuthSettings(
client_id=SLACK_CLIENT_ID,
client_secret=SLACK_CLIENT_SECRET,
scopes=oauth_required_scopes,
installation_store=FileInstallationStore(base_dir="/mnt/efs/slack/installations"),
state_store=FileOAuthStateStore(expiration_seconds=600, base_dir="/mnt/efs/slack/states")
)
bolt_app = App(
signing_secret=SLACK_SIGNING_SECRET,
oauth_settings=oauth_settings
)
bolt_app_handler = SlackRequestHandler(bolt_app)
@bolt_app.event("message")
def handle_message(body, say, logger):
...
## Requirements
Please read the [Contributing guidelines](https://github.com/slackapi/bolt-python/blob/main/.github/contributing.md) and [Code of Conduct](https://slackhq.github.io/code-of-conduct) before creating this issue or pull request. By submitting, you are agreeing to those rules.