Add before_authorize middleware (#869)

Author: seratch

slack_bolt/app/app.py

@@ -101,6 +101,7 @@ def __init__(
         token_verification_enabled: bool = True,
         client: Optional[WebClient] = None,
         # for multi-workspace apps
+        before_authorize: Optional[Union[Middleware, Callable[..., Any]]] = None,
         authorize: Optional[Callable[..., AuthorizeResult]] = None,
         installation_store: Optional[InstallationStore] = None,
         # for either only bot scope usage or v1.0.x compatibility
@@ -155,6 +156,7 @@ def message_hello(message, say):
             token: The bot/user access token required only for single-workspace app.
             token_verification_enabled: Verifies the validity of the given token if True.
             client: The singleton `slack_sdk.WebClient` instance for this app.
+            before_authorize: A global middleware that can be executed right before authorize function
             authorize: The function to authorize an incoming request from Slack
                 by checking if there is a team/user in the installation data.
             installation_store: The module offering save/find operations of installation data
@@ -215,6 +217,17 @@ def message_hello(message, say):
         # Authorize & OAuthFlow initialization
         # --------------------------------------
 
+        self._before_authorize: Optional[Middleware] = None
+        if before_authorize is not None:
+            if isinstance(before_authorize, Callable):
+                self._before_authorize = CustomMiddleware(
+                    app_name=self._name,
+                    func=before_authorize,
+                    base_logger=self._framework_logger,
+                )
+            elif isinstance(before_authorize, Middleware):
+                self._before_authorize = before_authorize
+
         self._authorize: Optional[Authorize] = None
         if authorize is not None:
             if isinstance(authorize, Authorize):
@@ -357,6 +370,9 @@ def _init_middleware_list(
         if request_verification_enabled is True:
             self._middleware_list.append(RequestVerification(self._signing_secret, base_logger=self._base_logger))
 
+        if self._before_authorize is not None:
+            self._middleware_list.append(self._before_authorize)
+
         # As authorize is required for making a Bolt app function, we don't offer the flag to disable this
         if self._oauth_flow is None:
             if self._token is not None:

slack_bolt/app/async_app.py

@@ -2,7 +2,7 @@
 import logging
 import os
 import time
-from typing import Optional, List, Union, Callable, Pattern, Dict, Awaitable, Sequence
+from typing import Optional, List, Union, Callable, Pattern, Dict, Awaitable, Sequence, Any
 
 from aiohttp import web
 
@@ -112,6 +112,7 @@ def __init__(
         token: Optional[str] = None,
         client: Optional[AsyncWebClient] = None,
         # for multi-workspace apps
+        before_authorize: Optional[Union[AsyncMiddleware, Callable[..., Awaitable[Any]]]] = None,
         authorize: Optional[Callable[..., Awaitable[AuthorizeResult]]] = None,
         installation_store: Optional[AsyncInstallationStore] = None,
         # for either only bot scope usage or v1.0.x compatibility
@@ -163,6 +164,7 @@ async def message_hello(message, say):  # async function
             signing_secret: The Signing Secret value used for verifying requests from Slack.
             token: The bot/user access token required only for single-workspace app.
             client: The singleton `slack_sdk.web.async_client.AsyncWebClient` instance for this app.
+            before_authorize: A global middleware that can be executed right before authorize function
             authorize: The function to authorize an incoming request from Slack
                 by checking if there is a team/user in the installation data.
             installation_store: The module offering save/find operations of installation data
@@ -220,6 +222,17 @@ async def message_hello(message, say):  # async function
         # Authorize & OAuthFlow initialization
         # --------------------------------------
 
+        self._async_before_authorize: Optional[AsyncMiddleware] = None
+        if before_authorize is not None:
+            if isinstance(before_authorize, Callable):
+                self._async_before_authorize = AsyncCustomMiddleware(
+                    app_name=self._name,
+                    func=before_authorize,
+                    base_logger=self._framework_logger,
+                )
+            elif isinstance(before_authorize, AsyncMiddleware):
+                self._async_before_authorize = before_authorize
+
         self._async_authorize: Optional[AsyncAuthorize] = None
         if authorize is not None:
             if isinstance(authorize, AsyncAuthorize):
@@ -363,6 +376,10 @@ def _init_async_middleware_list(
             )
         if request_verification_enabled is True:
             self._async_middleware_list.append(AsyncRequestVerification(self._signing_secret, base_logger=self._base_logger))
+
+        if self._async_before_authorize is not None:
+            self._async_middleware_list.append(self._async_before_authorize)
+
         # As authorize is required for making a Bolt app function, we don't offer the flag to disable this
         if self._async_oauth_flow is None:
             if self._token:

tests/scenario_tests/test_authorize.py

@@ -5,9 +5,10 @@
 from slack_sdk import WebClient
 from slack_sdk.signature import SignatureVerifier
 
-from slack_bolt import BoltRequest
+from slack_bolt import BoltRequest, BoltResponse
 from slack_bolt.app import App
 from slack_bolt.authorization import AuthorizeResult
+from slack_bolt.request.payload_utils import is_event
 from tests.mock_web_api_server import (
     setup_mock_web_api_server,
     cleanup_mock_web_api_server,
@@ -78,8 +79,37 @@ def build_headers(self, timestamp: str, body: str):
             "x-slack-request-timestamp": [timestamp],
         }
 
-    def build_valid_request(self) -> BoltRequest:
+    def build_block_actions_request(self) -> BoltRequest:
         timestamp = str(int(time()))
+        return BoltRequest(body=block_actions_raw_body, headers=self.build_headers(timestamp, block_actions_raw_body))
+
+    def build_message_changed_event_request(self) -> BoltRequest:
+        timestamp = str(int(time()))
+        raw_body = json.dumps(
+            {
+                "token": "verification_token",
+                "team_id": "T111",
+                "enterprise_id": "E111",
+                "api_app_id": "A111",
+                "event": {
+                    "type": "message",
+                    "subtype": "message_changed",
+                    "channel": "C2147483705",
+                    "ts": "1358878755.000001",
+                    "message": {
+                        "type": "message",
+                        "user": "U2147483697",
+                        "text": "Hello, world!",
+                        "ts": "1355517523.000005",
+                        "edited": {"user": "U2147483697", "ts": "1358878755.000001"},
+                    },
+                },
+                "type": "event_callback",
+                "event_id": "Ev111",
+                "event_time": 1599616881,
+                "authed_users": ["W111"],
+            }
+        )
         return BoltRequest(body=raw_body, headers=self.build_headers(timestamp, raw_body))
 
     def test_success(self):
@@ -90,7 +120,7 @@ def test_success(self):
         )
         app.action("a")(simple_listener)
 
-        request = self.build_valid_request()
+        request = self.build_block_actions_request()
         response = app.dispatch(request)
         assert response.status == 200
         assert response.body == ""
@@ -104,7 +134,7 @@ def test_failure(self):
         )
         app.action("a")(simple_listener)
 
-        request = self.build_valid_request()
+        request = self.build_block_actions_request()
         response = app.dispatch(request)
         assert response.status == 200
         assert response.body == ""
@@ -118,7 +148,7 @@ def test_bot_context_attributes(self):
         )
         app.action("a")(assert_bot_context_attributes)
 
-        request = self.build_valid_request()
+        request = self.build_block_actions_request()
         response = app.dispatch(request)
         assert response.status == 200
         assert response.body == ""
@@ -132,14 +162,40 @@ def test_user_context_attributes(self):
         )
         app.action("a")(assert_user_context_attributes)
 
-        request = self.build_valid_request()
+        request = self.build_block_actions_request()
         response = app.dispatch(request)
         assert response.status == 200
         assert response.body == ""
         assert_auth_test_count(self, 1)
 
+    def test_before_authorize(self):
+        def skip_message_changed_events(body: dict, payload: dict, next_):
+            if is_event(body) and payload.get("type") == "message" and payload.get("subtype") == "message_changed":
+                return BoltResponse(status=200, body="as expected")
+            next_()
+
+        app = App(
+            client=self.web_client,
+            before_authorize=skip_message_changed_events,
+            authorize=user_authorize,
+            signing_secret=self.signing_secret,
+        )
+        app.action("a")(assert_user_context_attributes)
+
+        request = self.build_block_actions_request()
+        response = app.dispatch(request)
+        assert response.status == 200
+        assert response.body == ""
+        assert_auth_test_count(self, 1)
+
+        request = self.build_message_changed_event_request()
+        response = app.dispatch(request)
+        assert response.status == 200
+        assert response.body == "as expected"
+        assert_auth_test_count(self, 1)  # should be skipped
+
 
-body = {
+block_actions_body = {
     "type": "block_actions",
     "user": {
         "id": "W99999",
@@ -176,7 +232,7 @@ def test_user_context_attributes(self):
     ],
 }
 
-raw_body = f"payload={quote(json.dumps(body))}"
+block_actions_raw_body = f"payload={quote(json.dumps(block_actions_body))}"
 
 
 def simple_listener(ack, body, payload, action):

tests/scenario_tests_async/test_authorize.py

@@ -7,9 +7,11 @@
 from slack_sdk.signature import SignatureVerifier
 from slack_sdk.web.async_client import AsyncWebClient
 
+from slack_bolt import BoltResponse
 from slack_bolt.app.async_app import AsyncApp
 from slack_bolt.authorization import AuthorizeResult
 from slack_bolt.request.async_request import AsyncBoltRequest
+from slack_bolt.request.payload_utils import is_event
 from tests.mock_web_api_server import (
     setup_mock_web_api_server,
     cleanup_mock_web_api_server,
@@ -84,8 +86,37 @@ def build_headers(self, timestamp: str, body: str):
             "x-slack-request-timestamp": [timestamp],
         }
 
-    def build_valid_request(self) -> AsyncBoltRequest:
+    def build_block_actions_request(self) -> AsyncBoltRequest:
         timestamp = str(int(time()))
+        return AsyncBoltRequest(body=block_actions_raw_body, headers=self.build_headers(timestamp, block_actions_raw_body))
+
+    def build_message_changed_event_request(self) -> AsyncBoltRequest:
+        timestamp = str(int(time()))
+        raw_body = json.dumps(
+            {
+                "token": "verification_token",
+                "team_id": "T111",
+                "enterprise_id": "E111",
+                "api_app_id": "A111",
+                "event": {
+                    "type": "message",
+                    "subtype": "message_changed",
+                    "channel": "C2147483705",
+                    "ts": "1358878755.000001",
+                    "message": {
+                        "type": "message",
+                        "user": "U2147483697",
+                        "text": "Hello, world!",
+                        "ts": "1355517523.000005",
+                        "edited": {"user": "U2147483697", "ts": "1358878755.000001"},
+                    },
+                },
+                "type": "event_callback",
+                "event_id": "Ev111",
+                "event_time": 1599616881,
+                "authed_users": ["W111"],
+            }
+        )
         return AsyncBoltRequest(body=raw_body, headers=self.build_headers(timestamp, raw_body))
 
     @pytest.mark.asyncio
@@ -97,7 +128,7 @@ async def test_success(self):
         )
         app.action("a")(simple_listener)
 
-        request = self.build_valid_request()
+        request = self.build_block_actions_request()
         response = await app.async_dispatch(request)
         assert response.status == 200
         assert response.body == ""
@@ -112,7 +143,7 @@ async def test_failure(self):
         )
         app.block_action("a")(simple_listener)
 
-        request = self.build_valid_request()
+        request = self.build_block_actions_request()
         response = await app.async_dispatch(request)
         assert response.status == 200
         assert response.body == ""
@@ -127,7 +158,7 @@ async def test_bot_context_attributes(self):
         )
         app.action("a")(assert_bot_context_attributes)
 
-        request = self.build_valid_request()
+        request = self.build_block_actions_request()
         response = await app.async_dispatch(request)
         assert response.status == 200
         assert response.body == ""
@@ -142,14 +173,41 @@ async def test_user_context_attributes(self):
         )
         app.action("a")(assert_user_context_attributes)
 
-        request = self.build_valid_request()
+        request = self.build_block_actions_request()
         response = await app.async_dispatch(request)
         assert response.status == 200
         assert response.body == ""
         await assert_auth_test_count_async(self, 1)
 
+    @pytest.mark.asyncio
+    async def test_user_context_attributes(self):
+        async def skip_message_changed_events(body: dict, payload: dict, next_):
+            if is_event(body) and payload.get("type") == "message" and payload.get("subtype") == "message_changed":
+                return BoltResponse(status=200, body="as expected")
+            await next_()
+
+        app = AsyncApp(
+            client=self.web_client,
+            before_authorize=skip_message_changed_events,
+            authorize=user_authorize,
+            signing_secret=self.signing_secret,
+        )
+        app.action("a")(assert_user_context_attributes)
+
+        request = self.build_block_actions_request()
+        response = await app.async_dispatch(request)
+        assert response.status == 200
+        assert response.body == ""
+        await assert_auth_test_count_async(self, 1)
+
+        request = self.build_message_changed_event_request()
+        response = await app.async_dispatch(request)
+        assert response.status == 200
+        assert response.body == "as expected"
+        await assert_auth_test_count_async(self, 1)  # should be skipped
+
 
-body = {
+block_actions_body = {
     "type": "block_actions",
     "user": {
         "id": "W99999",
@@ -186,7 +244,7 @@ async def test_user_context_attributes(self):
     ],
 }
 
-raw_body = f"payload={quote(json.dumps(body))}"
+block_actions_raw_body = f"payload={quote(json.dumps(block_actions_body))}"
 
 
 async def simple_listener(ack, body, payload, action):