Giters

slackapi / java-slack-sdk

Slack Developer Kit (including Bolt for Java) for any JVM language

Home Page:https://slack.dev/java-slack-sdk/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Slack couldn't verify messages with *(bold) w/ Spring Boot

noy-duany opened this issue · comments

commented

Hi all,

I have slack app and I'm using interactivity feature.

I have a button and a restapi accepting the requests, and I'm using slack sdk to verify the message came from slack.

I'm facing a problem - the verification fails in case the message have **(bold) text inside, but when I remove the **, it works.

Why does it happens?

This is the code. I'm using Java with Spring.

  @PostMapping("/interactions")
  public ResponseEntity<String> handleSlackInteractions(
      final HttpServletRequest request,
      @RequestBody String requestBody,
      @RequestParam("payload") String rawPayload) {


    try {
      if (!slackVerifier.verifyRequest(request, requestBody)) {
        throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Verification failed");
      } 

  public SlackVerifier(String slackSigningSecret) {
    this.verifier = new SlackSignature.Verifier(new SlackSignature.Generator(slackSigningSecret));
  }

  public boolean verifyRequest(HttpServletRequest request, String requestBody) {
    try {
      String requestTimestamp =
          request.getHeader(SlackSignature.HeaderNames.X_SLACK_REQUEST_TIMESTAMP);
      String slackSignature = request.getHeader(SlackSignature.HeaderNames.X_SLACK_SIGNATURE);

      return verifier.isValid(requestTimestamp, requestBody, slackSignature);

    } catch (Exception e) {
      logger.error("Error verifying Slack request", e);
      return false;
    }
  }

Thanks!

commented

Hi @noy-duany, thanks for asking the question!

Since the request validation for Slack event payload requires no modification of the text request body, you cannot use Spring's request parser for the endpoint. This means @RequestParam etc. never works in many patterns.

For this reason, please use the base servlet class (com.slack.api.bolt.jakarta_servlet.SlackAppServlet or com.slack.api.bolt.servlet.SlackAppServlet) we provide instead.

For more detailed information, here are helpful resources:

We don't have anything further to share on this, so let me close this issue now. Thanks again for posting the question!