Incoming webhook URL gets auto-removed - slack

I'm completely new to slack development and I might sound crazy here.
This is what I have noticed. Whenever I use my incoming webhook URL to test messages using postman, it works fine. BUT, when I use it in my app and push the code in github (so it deploys to heroku), the incoming webhook gets removed. Is this something expected and that I missed reading in the documentation?

Ok, got answer to this. Basically, got an email from slack explaining the reason.
We recently discovered a publicly accessible incoming webhook associated with the Journey Alert Bot app installed on your sync.slack.com workspace. This can happen when someone who created or has access to a webhook URL posts it on a public site, such as Github or other code-sharing forums. None of your data is at risk — webhooks can only send messages into Slack and cannot access any data.

Related

Bot Framework dotnet Slack adapter fails to verify Slack request when changing the Events Request Url

I have a Slack bot that is working fine and interacting with users. I'm using Bot Framework composer and the Slack Adapter.
In the Slack API portal I'm trying to change the Events Request Url the app uses to send Slack Events to my bot.
When I do that, slack sends a challenge request to my bot. The bot first tries to verify that the request is really coming from Slack following: https://api.slack.com/authentication/verifying-requests-from-slack#a_recipe_for_security
The problem is that this is failing and I can't understand why.
I see that Slack is sending all the right content, and that the ClientSigningSecret is being read, otherwise the other calls to the bot wouldn't work.
I know it's a bit far fetched to ask this since it seems to be a problem on my side. But since the bot is validating the requests just fine when users talk to the bot, and the code is from the Slack Adapter which is open source and there's nothing else I can thing of..... maybe someone struggled with the same problem.
I created a support ticket to Slack and they came back pretty quickly.
Pre publish state
Before publishing a Slack app the only configs that exist are the ones you see in the App configuration page. Those are what you use to test your app, this includes the secrets to authenticate the incoming messages from Slack into your backend.
After you publish your Slack App for the first time
Once your app is published, the production version that your users use will see the original settings, including the secrets and these are the ones your backend will get.
The settings you see in the configuration page are like development mode and they won't be persisted into the published app until you request Slack to approve your changes. That's sounds great and is what one would expect, but what you don't see and have no way of imagining is happening is that there are some development time secrets that are different from the ones you see on the settings screen.
When you change the endpoint url to be sent to your backend so that it can return the challenge and Slack would accept the new url, the message payload goes with this development secret and not the one you configured your backend with. Thus your backend will reject the call since it thinks it's not coming from Slack.
Proposed solution from Slack
Don't validate the signature of the incoming request for this type of call in an already published app. I don't like it but there was no other workaround unless Slack changes this. So what I did was:
Remove that check only for this request from the backend and publish to production.
Make the url change in Slack.
Revert the change from the backend.
:(

Teams proactive messages with uninstalled app

I'm trying to build a personal Teams bot which has to send proactive messages regularly. I made it work by storing the conversation when the user installed the app, just like the examples here. Now it works great, but I realized that I keep messaging users that have uninstalled my application. I can't seem to find any event that is triggered when a user uninstalls a personal scoped bot (app).
I tried conversation events, but nothing seems to be triggered for personal scoped bots at least.
I'm using the NodeJs botbuilder SDK.
Open to any suggestions, thanks.
To my knowledge, there is no such event unfortunately. I think you'll just receive a 403 at the moment without much info. This is due to change though - Microsoft just made an announcement about this yesterday in fact. See https://developer.microsoft.com/en-us/office/blogs/best-practices-and-updates-for-bot-lifecycle-events-in-microsoft-teams/ in the paragraph "Changes to post uninstall behavior for bots in personal scope":
Moving forward we’ll also align the post uninstall behavior for bots in the personal scope with the teams and groupChat scopes and you will not be able to send or receive messages after an app has been uninstalled. Your bot will receive a 403 response code to new messages posted by your bot. The 403 response code will have fields telling you the reason behind the it – which is either the app was uninstalled or the bot was blocked. We expect these changes to roll out in the coming few months.

How to make Slack app send a private message via an incoming webhook to someone specific?

I created a Slack app that sends a series of interactive messages to a channel. In my Slack API dashboard, I see that I can create and remove hooks. Right now the hook url that I have set up in my code is the one for the Slackbot channel.
But the problem is that such a message only gets sent to me.
I want to send the Slackbot messages to Alice in situation A, and to Bob in situation B. Not just to myself, the guy who configured the app.
What's the best way to do this?
I would suggest that you should not use hooks for this. A more sane way to do this right would be via chat.postMessage Web API method which is documented here!
This is because hooks are tied to specific conversations and that approach quickly hits a wall on what it can really achieve, especially messaging different people. Once you start using the web API it's pretty simple. Just ask for the scope during app installation (remember to add that scope in your dashboard), subscribe to the event in your API dashboard and then you are good to go.
Everytime you send a message via that method, Slack will send you a payload which you can use for testing and logging etc.
You can see all the different ways to message programmatically inside Slack here.

Slack bot responds to slash commands only in first channel

I have created a bot with a slash command that works, but it only responds to the channel in which the first Incoming Webhook was created. I would like it to respond in whatever channel (public or private) in which it was invoked.
I've tried creating a webhook for each channel and reinstalling the bot in my workspace, but it still reverts to the first channel.
I can see how I could hard code a webhook -> channel mapping in my code (php on my webserver) but that seems like a lot of very specific coding, and how would I ever release the bot to another workspace? I'm sure I'm missing something basic, but I can't work it out.
How do I deploy my bot so that it will respond to a slash command in whichever public or private channel it was invoked?
Fixed it. The example I was following had the webhook URL hard coded in the script. I just realised, upon re-reading the docs, that the actual webhook is passed in the POST data as response_url. Now it's all working fine. RTFM next time

Sending messages to my bot via Slack gets no response

I have a bot deployed to our Azure subscription. Using the webchat channel, I can interact with the bot using the url:
http://mybotname.azurewebsites.net/
We have added the bot to Slack as an app. We followed all the instructions given by the documentation on how to add a bot into Slack - https://learn.microsoft.com/en-us/azure/bot-service/bot-service-channel-connect-slack?view=azure-bot-service-3.0
When I send a message to the bot in the Slack channel we have created, I get no response. There is not error message, or in fact anything, returned.
Whereabouts can I start looking to see what the problem could be? Suggestions for error logs, traces, etc would be appreciated. I enabled App insights for the Azure Web App which the bot runs under, but nothing comes up as an error, or warning, or anything. I'm a bit lost here, any suggestions would be appreciated.
Note that I was made aware that, for Slack, I may need to tailor the responses in order for Slack to render them e.g. FormFlow define options for string field
I'm not sure how to do that, or even if this is a case that my bot simply isn't working in Slack regardless of how I'd format the responses.

Resources