"""A Python module for interacting with Slack's Web API."""
import asyncio
import copy
import hashlib
import hmac
import io
import json
import logging
import mimetypes
import os
import re
import uuid
import warnings
from http.client import HTTPResponse
from typing import BinaryIO, Dict, List
from typing import Optional, Union
from urllib.error import HTTPError
from urllib.parse import urlencode
from urllib.parse import urljoin
from urllib.request import Request, urlopen
import aiohttp
from aiohttp import FormData, BasicAuth
import slack.errors as err
from slack.errors import SlackRequestError
from slack.web import convert_bool_to_0_or_1, get_user_agent
from slack.web.classes.attachments import Attachment
from slack.web.classes.blocks import Block
from slack.web.slack_response import SlackResponse
class BaseClient:
BASE_URL = "https://www.slack.com/api/"
def __init__(
self,
token=None,
base_url=BASE_URL,
timeout=30,
loop: Optional[asyncio.AbstractEventLoop] = None,
ssl=None,
proxy=None,
run_async=False,
use_sync_aiohttp=False,
session=None,
headers: Optional[dict] = None,
):
self.token = None if token is None else token.strip()
self.base_url = base_url
self.timeout = timeout
self.ssl = ssl
self.proxy = proxy
self.run_async = run_async
self.use_sync_aiohttp = use_sync_aiohttp
self.session = session
self.headers = headers or {}
self._logger = logging.getLogger(__name__)
self._event_loop = loop
def _get_event_loop(self):
"""Retrieves the event loop or creates a new one."""
try:
return asyncio.get_event_loop()
except RuntimeError:
loop = asyncio.new_event_loop()
asyncio.set_event_loop(loop)
return loop
def _get_headers(
self,
*,
token: Optional[str],
has_json: bool,
has_files: bool,
request_specific_headers: Optional[dict],
):
"""Constructs the headers need for a request.
Args:
has_json (bool): Whether or not the request has json.
has_files (bool): Whether or not the request has files.
request_specific_headers (dict): Additional headers specified by the user for a specific request.
Returns:
The headers dictionary.
e.g. {
'Content-Type': 'application/json;charset=utf-8',
'Authorization': 'Bearer xoxb-1234-1243',
'User-Agent': 'Python/3.6.8 slack/2.1.0 Darwin/17.7.0'
}
"""
final_headers = {
"User-Agent": get_user_agent(),
"Content-Type": "application/x-www-form-urlencoded",
}
if token:
final_headers.update({"Authorization": "Bearer {}".format(token)})
# Merge headers specified at client initialization.
final_headers.update(self.headers)
# Merge headers specified for a specific request. e.g. oauth.access
if request_specific_headers:
final_headers.update(request_specific_headers)
if has_json:
final_headers.update({"Content-Type": "application/json;charset=utf-8"})
if has_files:
# These are set automatically by the aiohttp library.
final_headers.pop("Content-Type", None)
return final_headers
def api_call(
self,
api_method: str,
*,
http_verb: str = "POST",
files: dict = None,
data: Union[dict, FormData] = None,
params: dict = None,
json: dict = None,
headers: dict = None,
auth: dict = None,
) -> Union[asyncio.Future, SlackResponse]:
"""Create a request and execute the API call to Slack.
Args:
api_method (str): The target Slack API method.
e.g. 'chat.postMessage'
http_verb (str): HTTP Verb. e.g. 'POST'
files (dict): Files to multipart upload.
e.g. {image OR file: file_object OR file_path}
data: The body to attach to the request. If a dictionary is
provided, form-encoding will take place.
e.g. {'key1': 'value1', 'key2': 'value2'}
params (dict): The URL parameters to append to the URL.
e.g. {'key1': 'value1', 'key2': 'value2'}
json (dict): JSON for the body to attach to the request
(if files or data is not specified).
e.g. {'key1': 'value1', 'key2': 'value2'}
Returns:
(SlackResponse)
The server's response to an HTTP request. Data
from the response can be accessed like a dict.
If the response included 'next_cursor' it can
be iterated on to execute subsequent requests.
Raises:
SlackApiError: The following Slack API call failed:
'chat.postMessage'.
SlackRequestError: Json data can only be submitted as
POST requests.
"""
has_json = json is not None
has_files = files is not None
if has_json and http_verb != "POST":
msg = "Json data can only be submitted as POST requests. GET requests should use the 'params' argument."
raise err.SlackRequestError(msg)
api_url = self._get_url(api_method)
if auth:
auth = BasicAuth(auth["client_id"], auth["client_secret"])
if data is not None and isinstance(data, dict):
data = {k: v for k, v in data.items() if v is not None}
if files is not None and isinstance(files, dict):
files = {k: v for k, v in files.items() if v is not None}
if params is not None and isinstance(params, dict):
params = {k: v for k, v in params.items() if v is not None}
token: Optional[str] = self.token
if params is not None and "token" in params:
token = params.pop("token")
if json is not None and "token" in json:
token = json.pop("token")
req_args = {
"headers": self._get_headers(
token=token,
has_json=has_json,
has_files=has_files,
request_specific_headers=headers,
),
"data": data,
"files": files,
"params": params,
"json": json,
"ssl": self.ssl,
"proxy": self.proxy,
"auth": auth,
}
show_2020_01_deprecation(api_method)
if self.run_async or self.use_sync_aiohttp:
if self._event_loop is None:
self._event_loop = self._get_event_loop()
future = asyncio.ensure_future(
self._send(http_verb=http_verb, api_url=api_url, req_args=req_args),
loop=self._event_loop,
)
if self.run_async:
return future
if self.use_sync_aiohttp:
# Using this is no longer recommended - just keep this for backward-compatibility
return self._event_loop.run_until_complete(future)
else:
return self._sync_send(api_url=api_url, req_args=req_args)
def _get_url(self, api_method):
"""Joins the base Slack URL and an API method to form an absolute URL.
Args:
api_method (str): The Slack Web API method. e.g. 'chat.postMessage'
Returns:
The absolute API URL.
e.g. 'https://www.slack.com/api/chat.postMessage'
"""
return urljoin(self.base_url, api_method)
# =================================================================
# aiohttp based async WebClient
# =================================================================
async def _send(self, http_verb, api_url, req_args):
"""Sends the request out for transmission.
Args:
http_verb (str): The HTTP verb. e.g. 'GET' or 'POST'.
api_url (str): The Slack API url. e.g. 'https://slack.com/api/chat.postMessage'
req_args (dict): The request arguments to be attached to the request.
e.g.
{
json: {
'attachments': [{"pretext": "pre-hello", "text": "text-world"}],
'channel': '#random'
}
}
Returns:
The response parsed into a SlackResponse object.
"""
open_files = []
files = req_args.pop("files", None)
if files is not None:
for k, v in files.items():
if isinstance(v, str):
f = open(v.encode("utf-8", "ignore"), "rb")
open_files.append(f)
req_args["data"].update({k: f})
else:
req_args["data"].update({k: v})
if "params" in req_args:
# True/False -> "1"/"0"
req_args["params"] = convert_bool_to_0_or_1(req_args["params"])
res = await self._request(
http_verb=http_verb, api_url=api_url, req_args=req_args
)
for f in open_files:
f.close()
data = {
"client": self,
"http_verb": http_verb,
"api_url": api_url,
"req_args": req_args,
"use_sync_aiohttp": self.use_sync_aiohttp,
}
return SlackResponse(**{**data, **res}).validate()
async def _request(self, *, http_verb, api_url, req_args):
"""Submit the HTTP request with the running session or a new session.
Returns:
A dictionary of the response data.
"""
session = None
use_running_session = self.session and not self.session.closed
if use_running_session:
session = self.session
else:
session = aiohttp.ClientSession(
timeout=aiohttp.ClientTimeout(total=self.timeout),
auth=req_args.pop("auth", None),
)
response = None
try:
async with session.request(http_verb, api_url, **req_args) as res:
data = {}
try:
data = await res.json()
except aiohttp.ContentTypeError:
self._logger.debug(
f"No response data returned from the following API call: {api_url}."
)
response = {
"data": data,
"headers": res.headers,
"status_code": res.status,
}
finally:
if not use_running_session:
await session.close()
return response
# =================================================================
# urllib based WebClient
# =================================================================
def _sync_send(self, api_url, req_args):
params = req_args["params"] if "params" in req_args else None
data = req_args["data"] if "data" in req_args else None
files = req_args["files"] if "files" in req_args else None
_json = req_args["json"] if "json" in req_args else None
headers = req_args["headers"] if "headers" in req_args else None
token = params.get("token") if params and "token" in params else None
auth = (
req_args["auth"] if "auth" in req_args else None
) # Basic Auth for oauth.v2.access / oauth.access
if auth is not None:
if isinstance(auth, BasicAuth):
headers["Authorization"] = auth.encode()
elif isinstance(auth, str):
headers["Authorization"] = auth
else:
self._logger.warning(
f"As the auth: {auth}: {type(auth)} is unsupported, skipped"
)
body_params = {}
if params:
body_params.update(params)
if data:
body_params.update(data)
return self._urllib_api_call(
token=token,
url=api_url,
query_params={},
body_params=body_params,
files=files,
json_body=_json,
additional_headers=headers,
)
def _request_for_pagination(self, api_url, req_args) -> Dict[str, any]:
"""This method is supposed to be used only for SlackResponse pagination
You can paginate using Python's for iterator as below:
for response in client.conversations_list(limit=100):
# do something with each response here
"""
response = self._perform_urllib_http_request(url=api_url, args=req_args)
return {
"status_code": int(response["status"]),
"headers": dict(response["headers"]),
"data": json.loads(response["body"]),
}
def _urllib_api_call(
self,
*,
token: str = None,
url: str,
query_params: Dict[str, str] = {},
json_body: Dict = {},
body_params: Dict[str, str] = {},
files: Dict[str, io.BytesIO] = {},
additional_headers: Dict[str, str] = {},
) -> SlackResponse:
"""Performs a Slack API request and returns the result.
:param token: Slack API Token (either bot token or user token)
:param url: a complete URL (e.g., https://www.slack.com/api/chat.postMessage)
:param query_params: query string
:param json_body: json data structure (it's still a dict at this point),
if you give this argument, body_params and files will be skipped
:param body_params: form params
:param files: files to upload
:param additional_headers: request headers to append
:return: API response
"""
files_to_close: List[BinaryIO] = []
try:
# True/False -> "1"/"0"
query_params = convert_bool_to_0_or_1(query_params)
body_params = convert_bool_to_0_or_1(body_params)
if self._logger.level <= logging.DEBUG:
def convert_params(values: dict) -> dict:
if not values or not isinstance(values, dict):
return {}
return {
k: ("(bytes)" if isinstance(v, bytes) else v)
for k, v in values.items()
}
headers = {
k: "(redacted)" if k.lower() == "authorization" else v
for k, v in additional_headers.items()
}
self._logger.debug(
f"Sending a request - url: {url}, "
f"query_params: {convert_params(query_params)}, "
f"body_params: {convert_params(body_params)}, "
f"files: {convert_params(files)}, "
f"json_body: {json_body}, "
f"headers: {headers}"
)
request_data = {}
if files is not None and isinstance(files, dict) and len(files) > 0:
if body_params:
for k, v in body_params.items():
request_data.update({k: v})
for k, v in files.items():
if isinstance(v, str):
f: BinaryIO = open(v.encode("utf-8", "ignore"), "rb")
files_to_close.append(f)
request_data.update({k: f})
elif isinstance(v, bytearray):
request_data.update({k: io.BytesIO(v)})
else:
request_data.update({k: v})
request_headers = self._build_urllib_request_headers(
token=token or self.token,
has_json=json is not None,
has_files=files is not None,
additional_headers=additional_headers,
)
request_args = {
"headers": request_headers,
"data": request_data,
"params": body_params,
"files": files,
"json": json_body,
}
if query_params:
q = urlencode(query_params)
url = f"{url}&{q}" if "?" in url else f"{url}?{q}"
response = self._perform_urllib_http_request(url=url, args=request_args)
if response.get("body", None):
response_body_data: dict = json.loads(response["body"])
else:
response_body_data: dict = None
if query_params:
all_params = copy.copy(body_params)
all_params.update(query_params)
else:
all_params = body_params
request_args["params"] = all_params # for backward-compatibility
return SlackResponse(
client=self,
http_verb="POST", # you can use POST method for all the Web APIs
api_url=url,
req_args=request_args,
data=response_body_data,
headers=dict(response["headers"]),
status_code=response["status"],
use_sync_aiohttp=False,
).validate()
finally:
for f in files_to_close:
if not f.closed:
f.close()
def _perform_urllib_http_request(
self, *, url: str, args: Dict[str, Dict[str, any]]
) -> Dict[str, any]:
"""Performs an HTTP request and parses the response.
:param url: a complete URL (e.g., https://www.slack.com/api/chat.postMessage)
:param args: args has "headers", "data", "params", and "json"
"headers": Dict[str, str]
"data": Dict[str, any]
"params": Dict[str, str],
"json": Dict[str, any],
:return: dict {status: int, headers: Headers, body: str}
"""
headers = args["headers"]
if args["json"]:
body = json.dumps(args["json"])
headers["Content-Type"] = "application/json;charset=utf-8"
elif args["data"]:
boundary = f"--------------{uuid.uuid4()}"
sep_boundary = b"\r\n--" + boundary.encode("ascii")
end_boundary = sep_boundary + b"--\r\n"
body = io.BytesIO()
data = args["data"]
for key, value in data.items():
readable = getattr(value, "readable", None)
if readable and value.readable():
filename = "Uploaded file"
name_attr = getattr(value, "name", None)
if name_attr:
filename = (
name_attr.decode("utf-8")
if isinstance(name_attr, bytes)
else name_attr
)
if "filename" in data:
filename = data["filename"]
mimetype = (
mimetypes.guess_type(filename)[0] or "application/octet-stream"
)
title = (
f'\r\nContent-Disposition: form-data; name="{key}"; filename="{filename}"\r\n'
+ f"Content-Type: {mimetype}\r\n"
)
value = value.read()
else:
title = f'\r\nContent-Disposition: form-data; name="{key}"\r\n'
value = str(value).encode("utf-8")
body.write(sep_boundary)
body.write(title.encode("utf-8"))
body.write(b"\r\n")
body.write(value)
body.write(end_boundary)
body = body.getvalue()
headers["Content-Type"] = f"multipart/form-data; boundary={boundary}"
headers["Content-Length"] = len(body)
elif args["params"]:
body = urlencode(args["params"])
headers["Content-Type"] = "application/x-www-form-urlencoded"
else:
body = None
if isinstance(body, str):
body = body.encode("utf-8")
# NOTE: Intentionally ignore the `http_verb` here
# Slack APIs accepts any API method requests with POST methods
try:
# urllib not only opens http:// or https:// URLs, but also ftp:// and file://.
# With this it might be possible to open local files on the executing machine
# which might be a security risk if the URL to open can be manipulated by an external user.
if url.lower().startswith("http"):
req = Request(method="POST", url=url, data=body, headers=headers)
if self.proxy is not None:
if isinstance(self.proxy, str):
host = re.sub("^https?://", "", self.proxy)
req.set_proxy(host, "http")
req.set_proxy(host, "https")
else:
raise SlackRequestError(
f"Invalid proxy detected: {self.proxy} must be a str value"
)
resp: HTTPResponse = urlopen(
req, context=self.ssl, timeout=self.timeout
)
charset = resp.headers.get_content_charset()
body: str = resp.read().decode(charset) # read the response body here
return {"status": resp.code, "headers": resp.headers, "body": body}
raise SlackRequestError(f"Invalid URL detected: {url}")
except HTTPError as e:
resp = {"status": e.code, "headers": e.headers}
if e.code == 429:
# for compatibility with aiohttp
resp["headers"]["Retry-After"] = resp["headers"]["retry-after"]
charset = e.headers.get_content_charset()
body: str = e.read().decode(charset) # read the response body here
resp["body"] = body
return resp
except Exception as err:
self._logger.error(f"Failed to send a request to Slack API server: {err}")
raise err
def _build_urllib_request_headers(
self, token: str, has_json: bool, has_files: bool, additional_headers: dict
):
headers = {
"User-Agent": get_user_agent(),
"Content-Type": "application/x-www-form-urlencoded",
}
headers.update(self.headers)
if token:
headers.update({"Authorization": "Bearer {}".format(token)})
if additional_headers:
headers.update(additional_headers)
if has_json:
headers.update({"Content-Type": "application/json;charset=utf-8"})
if has_files:
# will be set afterwards
headers.pop("Content-Type", None)
return headers
# =================================================================
@staticmethod
def validate_slack_signature(
*, signing_secret: str, data: str, timestamp: str, signature: str
) -> bool:
"""
Slack creates a unique string for your app and shares it with you. Verify
requests from Slack with confidence by verifying signatures using your
signing secret.
On each HTTP request that Slack sends, we add an X-Slack-Signature HTTP
header. The signature is created by combining the signing secret with the
body of the request we're sending using a standard HMAC-SHA256 keyed hash.
https://api.slack.com/docs/verifying-requests-from-slack#how_to_make_a_request_signature_in_4_easy_steps__an_overview
Args:
signing_secret: Your application's signing secret, available in the
Slack API dashboard
data: The raw body of the incoming request - no headers, just the body.
timestamp: from the 'X-Slack-Request-Timestamp' header
signature: from the 'X-Slack-Signature' header - the calculated signature
should match this.
Returns:
True if signatures matches
"""
warnings.warn(
"As this method is deprecated since slackclient 2.6.0, "
"use `from slack.signature import SignatureVerifier` instead",
DeprecationWarning,
)
format_req = str.encode(f"v0:{timestamp}:{data}")
encoded_secret = str.encode(signing_secret)
request_hash = hmac.new(encoded_secret, format_req, hashlib.sha256).hexdigest()
calculated_signature = f"v0={request_hash}"
return hmac.compare_digest(calculated_signature, signature)
@staticmethod
def _parse_web_class_objects(kwargs) -> None:
def to_dict(obj: Union[Dict, Block, Attachment]):
if isinstance(obj, Block):
return obj.to_dict()
if isinstance(obj, Attachment):
return obj.to_dict()
return obj
blocks = kwargs.get("blocks", None)
if blocks is not None and isinstance(blocks, list):
dict_blocks = [to_dict(b) for b in blocks]
kwargs.update({"blocks": dict_blocks})
attachments = kwargs.get("attachments", None)
if attachments is not None and isinstance(attachments, list):
dict_attachments = [to_dict(a) for a in attachments]
kwargs.update({"attachments": dict_attachments})
@staticmethod
def _update_call_participants(kwargs, users: Union[str, List[Dict[str, str]]]):
if users is None:
return
if isinstance(users, list):
kwargs.update({"users": json.dumps(users)})
elif isinstance(users, str):
kwargs.update({"users": users})
else:
raise SlackRequestError("users must be either str or List[Dict[str, str]]")
# https://api.slack.com/changelog/2020-01-deprecating-antecedents-to-the-conversations-api
deprecated_method_prefixes_2020_01 = ["channels.", "groups.", "im.", "mpim."]
def show_2020_01_deprecation(method_name: str):
skip_deprecation = os.environ.get(
"SLACKCLIENT_SKIP_DEPRECATION"
) # for unit tests etc.
if skip_deprecation:
return
if not method_name:
return
matched_prefixes = [
prefix
for prefix in deprecated_method_prefixes_2020_01
if method_name.startswith(prefix)
]
if len(matched_prefixes) > 0:
message = (
f"{method_name} is deprecated. Please use the Conversations API instead. "
"For more info, go to "
"https://api.slack.com/changelog/2020-01-deprecating-antecedents-to-the-conversations-api"
)
warnings.warn(message)
