Validating slackbot tokens (#3695)

* added missing dependency, missing api key placeholder, updated docs * Apply black formatting and validate bot token functionality * acknowledging black formatting * added the validation to update tokens as well * Made the token validation errors looks nicer * getting rif of duplicate dependency
2025-03-17 13:22:42 +01:00 · 2025-01-17 14:50:22 -05:00 · 2025-01-17 14:50:22 -05:00 · 880c42ad41
commit 880c42ad41
parent c9e0d77c93
5 changed files with 62 additions and 4 deletions
--- a/.vscode/env_template.txt
+++ b/.vscode/env_template.txt
@ -29,6 +29,7 @@ REQUIRE_EMAIL_VERIFICATION=False

 # Set these so if you wipe the DB, you don't end up having to go through the UI every time
 GEN_AI_API_KEY=<REPLACE THIS>
+OPENAI_API_KEY=<REPLACE THIS>
 # If answer quality isn't important for dev, use gpt-4o-mini since it's cheaper
 GEN_AI_MODEL_VERSION=gpt-4o
 FAST_GEN_AI_MODEL_VERSION=gpt-4o
--- a/CONTRIBUTING_VSCODE.md
+++ b/CONTRIBUTING_VSCODE.md
@ -17,9 +17,10 @@ Before starting, make sure the Docker Daemon is running.
 1. Open the Debug view in VSCode (Cmd+Shift+D on macOS)
 2. From the dropdown at the top, select "Clear and Restart External Volumes and Containers" and press the green play button
 3. From the dropdown at the top, select "Run All Onyx Services" and press the green play button
-4. Now, you can navigate to onyx in your browser (default is http://localhost:3000) and start using the app
-5. You can set breakpoints by clicking to the left of line numbers to help debug while the app is running
-6. Use the debug toolbar to step through code, inspect variables, etc.
+4. CD into web, run "npm i" followed by npm run dev.
+5. Now, you can navigate to onyx in your browser (default is http://localhost:3000) and start using the app
+6. You can set breakpoints by clicking to the left of line numbers to help debug while the app is running
+7. Use the debug toolbar to step through code, inspect variables, etc.

 ## Features

--- a/backend/onyx/server/manage/slack_bot.py
+++ b/backend/onyx/server/manage/slack_bot.py
@ -27,6 +27,8 @@ from onyx.server.manage.models import SlackBot
 from onyx.server.manage.models import SlackBotCreationRequest
 from onyx.server.manage.models import SlackChannelConfig
 from onyx.server.manage.models import SlackChannelConfigCreationRequest
+from onyx.server.manage.validate_tokens import validate_app_token
+from onyx.server.manage.validate_tokens import validate_bot_token
 from onyx.utils.telemetry import create_milestone_and_report


@ -222,6 +224,9 @@ def create_bot(
    _: User | None = Depends(current_admin_user),
    tenant_id: str | None = Depends(get_current_tenant_id),
 ) -> SlackBot:
+    validate_app_token(slack_bot_creation_request.app_token)
+    validate_bot_token(slack_bot_creation_request.bot_token)
+
    slack_bot_model = insert_slack_bot(
        db_session=db_session,
        name=slack_bot_creation_request.name,
@ -248,6 +253,8 @@ def patch_bot(
    db_session: Session = Depends(get_session),
    _: User | None = Depends(current_admin_user),
 ) -> SlackBot:
+    validate_bot_token(slack_bot_creation_request.bot_token)
+    validate_app_token(slack_bot_creation_request.app_token)
    slack_bot_model = update_slack_bot(
        db_session=db_session,
        slack_bot_id=slack_bot_id,
--- a/backend/onyx/server/manage/validate_tokens.py
+++ b/backend/onyx/server/manage/validate_tokens.py
@ -0,0 +1,43 @@
+import requests
+from fastapi import HTTPException
+
+SLACK_API_URL = "https://slack.com/api/auth.test"
+SLACK_CONNECTIONS_OPEN_URL = "https://slack.com/api/apps.connections.open"
+
+
+def validate_bot_token(bot_token: str) -> bool:
+    headers = {"Authorization": f"Bearer {bot_token}"}
+    response = requests.post(SLACK_API_URL, headers=headers)
+
+    if response.status_code != 200:
+        raise HTTPException(
+            status_code=500, detail="Error communicating with Slack API."
+        )
+
+    data = response.json()
+    if not data.get("ok", False):
+        raise HTTPException(
+            status_code=400,
+            detail=f"Invalid bot token: {data.get('error', 'Unknown error')}",
+        )
+
+    return True
+
+
+def validate_app_token(app_token: str) -> bool:
+    headers = {"Authorization": f"Bearer {app_token}"}
+    response = requests.post(SLACK_CONNECTIONS_OPEN_URL, headers=headers)
+
+    if response.status_code != 200:
+        raise HTTPException(
+            status_code=500, detail="Error communicating with Slack API."
+        )
+
+    data = response.json()
+    if not data.get("ok", False):
+        raise HTTPException(
+            status_code=400,
+            detail=f"Invalid app token: {data.get('error', 'Unknown error')}",
+        )
+
+    return True
--- a/web/src/app/admin/bots/SlackTokensForm.tsx
+++ b/web/src/app/admin/bots/SlackTokensForm.tsx
@ -64,7 +64,13 @@ export const SlackTokensForm = ({
          router.push(`/admin/bots/${encodeURIComponent(botId)}`);
        } else {
          const responseJson = await response.json();
-          const errorMsg = responseJson.detail || responseJson.message;
+          let errorMsg = responseJson.detail || responseJson.message;
+
+          if (errorMsg.includes("Invalid bot token:")) {
+            errorMsg = "Slack Bot Token is invalid";
+          } else if (errorMsg.includes("Invalid app token:")) {
+            errorMsg = "Slack App Token is invalid";
+          }
          setPopup({
            message: isUpdate
              ? `Error updating Slack Bot - ${errorMsg}`