Background: I am using two features from slack API: slash commands and interactions. I have a service that handles both when Slack API redirects.
The problem is:
slash commands are accepted and redirected by slack to my service with no issues:
I can see it in the log coming in
It is handled by the service (shows the modal which the user is about to interact with)
interactions are rejected; Slack API simply gives back 403 to the end-user (shown in the same modal). I know the request is not redirected because my logs don't show it.
Again: slash commands just work with no problems, but interactions don't, even though they are configured with the same Request URL.
I searched for this problem in slack and tried looking in all the configurations in the slack API, but I couldn't find anything useful.
I have tried using a different Request URL (by appending /interactions) but with no avail; slack API still blocks it from my service.
Related
I'd like to see the calls made from a Firefox add-on.
I know it's calling its website's REST API, and I would like to see the requests to better understand the API.
However in the Web Developper Network tab, these calls do not appear. Is there an option to see them ? Whether in dev tools or in about:config ?
Edit: I tried the about:debugging too, but it doesn't seem to capture the requests either. There are some background requests yes, but not the ones I know should be there.
As I don't know if this is generic or specific to the extension I'm looking at I'll detail. I'm trying to look at the requests made by the raindrop.io extension (https://raindrop.io/) that offers an API (https://developer.raindrop.io).
When I click on the extension button, I can create a bookmark for the page. For instance: the one I'm editing right now
This goes through requests to the REST API (at least a POST to https://api.raindrop.io/rest/v1/raindrop). I know because:
I can see similar requests when doing an operation from the website itself
I can send this request via the JS console and make it work
However I do not see this request in the normal Network console, I see no requests from the extensions.
I do not see it either from the debugging one. I see some requests though, but only background GET requests to a /links API that returns the full list of bookmarks. A request is made after I've added my bookmark, but it is clearly not the one that makes the update.
Another way I know the request is being made is that if I try to bookmark something weird (like the debugging tab), the extension displays an error that is the same I get if I manually sent a malformed request to the API.
So these calls happen. But I can't see them anywhere.
Note that the illustration is on this add-on because this is what I'm looking at right now, but I had the issue with others in the past. No way to see the foreground requests of the add-on.
We are using BotFramework Composer to create bots. These bots are supposed to get information from a backend REST service, where we need to know, which user is submitting the request for data. We are currently using {turn.activity.from.id} to get the Teams user's id, and sending it in a special http header in the "Send an HTTP request" action. We then perform a mapping of this id to our internal users.
We are, of course, aware, that this is not secure at all, since anyone who knows this, could get the user's id and send it to our service. We are currently thinking along the lines of generating a short-lived jwt token in the Bot to send to our application. However, we see no direct way of implementing this token generation in the Bot Framework Composer itself.
Also, we don't want to use OAuth, because we don't want the user to have to log in via the bot.
Is there a way to implement custom token generation using C# or js and assigning it to a dialog variable to be used in a "Send an HTTP request" action?
This document discusses how to implement an HTTP request in Composer. The first half is focused on creating a login for OAuth, which I know is not your focus, so look at the second half. If you set up a simple server that can generate a token for you, then you can make a request to it from Composer using the method described.
As links can break and docs can change (and Composer is still in Preview), I would recommend saving the doc somewhere and checking back every so often for any updates.
I've used HTTP requests from within Composer, myself, so I know this will work for you.
Hope of help!
You can create a custom Action or a package component and create any c# methods there for JWT generation. This will keep it all local to the bot.
https://learn.microsoft.com/en-us/composer/how-to-create-custom-actions
When I did research online, most of the solutions are about triggering Slack notification from TravisCI. Now I want to do the reverse direction - type some message in slack, and trigger a build task in TravisCI.
I'm looking at Slack's Outgoing WebHooks - under their "Custom Integrations" in Slack app directory. However, their webhook POST data spec is fixed, not seem to be programmable through just their webpage UI. They have a column in the UI that lets you fill in URL(s) to POST to. But I don't see any ways that I can customize the data field of the POST request.
Same as TravisCI's Triggering Builds API v3, the data fields they expect in the POST are fixed and unchangeable.
I know I can sign up a cloud service, write some code and spin up a server to re-package the parameters to do the work, like a middleware between these 2 APIs. But just want to see if anyone manages to achieve triggering TravisCI by Slack in such way that doesn't involve spinning up a server myself?
I ended up hosting a server and writing the porting logic myself. I guess there's no simple way to do this, after all they are different APIs. Here is the code where I request against travisCI API, and here is the code where I unpack the slack webhook POST request.
Would someone happen to know if Google Calendar has some problems subscribing to iCalendar feeds served on a secure https-address?
I'm developing a website running on an https-address that has an iCalendar feed that users can subscribe to. The feed works just fine in Outlook and iCal, but not in Google Calendar. When a user attempts to subscribe to the feed, they get the error message "Could not fetch the URL".
I suspected that there was something wrong with the feed or the generated iCalendar data, so I ran the .ics file produced through a number of validators, and they were fine. To rule out an error in the feed itself, I put the generated .ics file on the server, to see if a static file would work, and that failed in Google Calendar as well. Then I put the file on a completely different server behind a non-secure (http) url, and that worked!
So I'm beginning to suspect that httpS is the problem. The server's certificate is valid, so that shouldn't be causing any trouble. Besides, the validators could access the feed (and the static file) just fine.
This google groups discussion indicates that others are having similar suspicions: http://productforums.google.com/forum/#!topic/calendar/61-eUd-fyrg
Problem is, the site HAS to run on over https, so I can't just switch to http to make the feed work.
So, if anyone has any information confirming or contradicing my theory, or any ideas about what else might be causing these problems, I would greatly appreciate it.
I can confirm that (today) Google Calendar can successfully subscribe to an HTTPS iCal feed.
You can test this yourself by adding this URL: https://events.stanford.edu/byCategory/2/eventlist.ics
To be extra sure I also did another test of giving it an HTTPS url that didn't also work if you replace the https -> http. That was also fine, so in all cases, HTTPS should work.
What doesn't work in my tests is:
HTTP Authentication (https://myusername:mypw#example.com/) - I got "Could not fetch URL" - but that's not what this question is asking.
Any URL over 256 characters. However, using a link shortener (e.g., goo.gl) works around this issue.
Google has confirmed that it really is an issue with HTTPS, i.e. Google Calendar is unable to subscribe to iCalendar feeds from external encrypted (https) URLs.
My employer has an enterprise account with Google, and we filed a support request with google's enterprise support, with example feeds and our own assesment of the problem.
Today, we finally got a proper answer, confirming our initial analysis and informing us that the correct techincal team has been notified and an internal feature request (for supporting feed from https-urls) has been opened.
We were not given any timeframe for the fix, but I requested that they get back to us when the issue has been resolved. I will add that information to this answer once I receive it.
The issue we've found in our case is that Google Calendar currently ignores the HTTPS indication in the URL and accesses via HTTP instead. If your HTTP requests redirect to HTTPS or just serve up the content over HTTP, then it will work. If you have a firewall blocking port 80, then things hang and its game over.
TL;DR: If your URL works with http in addtion to https, then it will work with Google Calendar when you enter it as https. (That assumes robots.txt does not restrict access.) Otherwise, it will fail.
As of January 2020 the problem appears to be resolved - Google Calendar does not appear to have problems subscribing to and updating valid RFC5545 calendars. The icalender.org validator works well and can test both a file and a link (subscription).
I've been working on creating my own iCal subscription system from scratch and wanted to share something I learned this week, ten years after the start of this discussion.
Like discussed above, importing via URL accepts https:// just fine.
But when creating an "Add to Calendar" URL for Google Calendar I discovered that they still won't accept https:// links.
The "Add to Calendar" URL formula is:
https://calendar.google.com/calendar/u/0/r?pli=1&cid=<iCal-URL-Here>
Some examples to make it clear:
// https will not work:
https://calendar.google.com/calendar/u/0/r?pli=1&cid=https://example.com/ical.ics
// http will work:
https://calendar.google.com/calendar/u/0/r?pli=1&cid=http://example.com/ical.ics
// You may also try using the webcal protocol:
https://calendar.google.com/calendar/u/0/r?pli=1&cid=webcal://example.com/ical.ics
Your mileage may vary depending on your host's handling of unsecured requests. I welcome anyone who runs into trouble to leave a comment.
Before I part, another friendly tip: You need to URI encode your iCal URL when using this import URL.
So, in reality, your link would be:
https://calendar.google.com/calendar/u/0/r?pli=1&cid=http%3A%2F%2Fexample.com%2Fical.ics
In JavaScript, use encodeURIComponent().
if the server has a robots.txt blocking google, this was a cause for failure with google calendar for me too. So, have you tried looking at the robots.txt of your https server?
This being said, is not a limitation of google calendar + https as google calendar provides https for its on "private address" for .ics files and thereof it can also accept https from google.com (though this is only one configuration over many other possible).
I have had a lot of difficulties with this:
It was frustrating because a downloaded file would open in Google Calendar or iCal, but it would not load as feed in either. I would get these errors in Google Calendar when I did add by URL: "Failed to import calendar from" (sitename) or "Could not fetch the URL."
Here's what I had to do:
Have duration or endtime for events, NOT BOTH.
I also had to remove this from the header:
content-disposition: attachment; filename=Schedule.ics;
Also, to check if it's valid, Google ical validator.
My teacher has given me as an assignment to log into gmail and then send one e-mail or read the list of unread e-mails, but I can't use IMAP/POP3/SMTP or anything that isn't HTTP or HTTPS. I've tried looking for libraries in Ruby/Java to do it but nothing really worked for me.
I tried looking at the gmail source code page but I couldn't really understand what was going on. The page seems to call a post method on a link, but sniffing the packets what I saw was a GET apparently using a session generated using the info I send. So sending it "raw" didn't work either.
I've no idea what to do now.
After you authenticate with OAuth, you can get unread emails via an atom feed.
URL to hit: https://mail.google.com/mail/feed/atom/[<label>]
You can toy around with this at the Google oauth playground. Get an access token by continually clicking buttons and authenticating, and then hit discover feeds.
If you want a Java OAuth library, signpost is really good. You'll need to read the google documentation on its open authentication scheme. Specifically, you need to pass a scope query parameter when you attempt to authenticate. This is nonstandard, and it will trick you up if you're not looking for it.
If you're confused about OAuth or why its necessary, you may want to check out this resource.
Check out httplib2—it has (among other things) Google Account Authentication.