Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve the default OAuth page content renderer not to embed external parameters as-is #1352

Merged
merged 1 commit into from
Apr 13, 2023
Merged

Improve the default OAuth page content renderer not to embed external parameters as-is #1352

merged 1 commit into from
Apr 13, 2023

Conversation

seratch
Copy link
Member

@seratch seratch commented Apr 13, 2023

Summary

This pull request improves the default OAuth page content renderer not to embed any external parameters without escaping them. It updates the document pages and example code under integration_tests/samples too.

Category (place an x in each of the [ ])

  • slack_sdk.web.WebClient (sync/async) (Web API client)
  • slack_sdk.webhook.WebhookClient (sync/async) (Incoming Webhook, response_url sender)
  • slack_sdk.socket_mode (Socket Mode client)
  • slack_sdk.signature (Request Signature Verifier)
  • slack_sdk.oauth (OAuth Flow Utilities)
  • slack_sdk.models (UI component builders)
  • slack_sdk.scim (SCIM API client)
  • slack_sdk.audit_logs (Audit Logs API client)
  • slack_sdk.rtm_v2 (RTM client)
  • /docs-src (Documents, have you run ./scripts/docs.sh?)
  • /docs-src-v2 (Documents, have you run ./scripts/docs-v2.sh?)
  • /tutorial (PythOnBoardingBot tutorial)
  • tests/integration_tests (Automated tests for this library)

Requirements (place an x in each [ ])

  • I've read and understood the Contributing Guidelines and have done my best effort to follow them.
  • I've read and agree to the Code of Conduct.
  • I've run python3 -m venv .venv && source .venv/bin/activate && ./scripts/run_validation.sh after making the changes.

@seratch seratch added bug M-T: A confirmed bug report. Issues are confirmed when the reproduction steps are documented Version: 3x oauth labels Apr 13, 2023
@seratch seratch added this to the 3.21.1 milestone Apr 13, 2023
@seratch seratch self-assigned this Apr 13, 2023
seratch
seratch commented Apr 13, 2023
View reviewed changes
docs-src/oauth/index.rst
@@ -90,13 +91,11 @@ The redirection gives you a ``code`` parameter. You can exchange the value for a
redirect_uri=redirect_uri,
code=request.args["code"]
)

installed_enterprise = oauth_response.get("enterprise", {})
installed_enterprise = oauth_response.get("enterprise") or {}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated improvements on the document example code

slack_sdk/oauth/redirect_uri_page_renderer/__init__.py
@@ -65,7 +66,7 @@ def render_failure_page(self, reason: str) -> str:
</head>
<body>
<h2>Oops, Something Went Wrong!</h2>
<p>Please try again from <a href="{self.install_path}">here</a> or contact the app owner (reason: {reason})</p>
<p>Please try again from <a href="{html.escape(self.install_path)}">here</a> or contact the app owner (reason: {html.escape(reason)})</p>
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the essential change in this PR. Only this pattern actually has issues.

@seratch seratch force-pushed the improve-default-page-renderer branch from b0c1e80 to 530acf9 Compare April 13, 2023 02:18
@codecov
Copy link

codecov bot commented Apr 13, 2023

Codecov Report

❗ No coverage uploaded for pull request base (main@b085a4c). Click here to learn what that means.
The diff coverage is 100.00%.

❗ Current head 64cf46d differs from pull request most recent head 530acf9. Consider uploading reports for the commit 530acf9 to get more accurate results

@@           Coverage Diff           @@
##             main    #1352   +/-   ##
=======================================
  Coverage        ?   85.37%           
=======================================
  Files           ?      111           
  Lines           ?    11557           
  Branches        ?        0           
=======================================
  Hits            ?     9867           
  Misses          ?     1690           
  Partials        ?        0
Impacted Files Coverage Δ
...k_sdk/oauth/redirect_uri_page_renderer/__init__.py 95.00% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@seratch seratch merged commit 8b7fe5b into slackapi:main Apr 13, 2023
@seratch seratch deleted the improve-default-page-renderer branch April 13, 2023 02:36
This was referenced Apr 13, 2023
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@seratch seratch

Labels
bug M-T: A confirmed bug report. Issues are confirmed when the reproduction steps are documented oauth Version: 3x
Projects
None yet
Milestone
3.21.1
Development

Successfully merging this pull request may close these issues.
1 participant
@seratch