creating a slack command without slash - slack-api

There is this API with response of operator-city string.
https://nbhyb3s7db.execute-api.us-east-1.amazonaws.com/v1?mnumber=9819838466
I can check that it is working as expected. But when I create a command for this in slack, it does not work. It tries to visit the following URL that has extra slash / in it.
https://nbhyb3s7db.execute-api.us-east-1.amazonaws.com/v1?/mnumber=9819838466
How do I create a command without slash?
Update:
As per the docs, (Invoke external services with slash commands) response_type and text are the two essential keys those should be there in the reponse.
https://api.slack.com/custom-integrations
Is this correct or I am missing something?

You can easily build a test script that simulates slash commands from Slack. All you need is to send a HTTP POST request to your service with the correct parameters. A simple HTML page with a form will do the trick. Or you can use a more sophisticated PHP script, that will also be able to interpret the and output the result of your service in a nice way (that is what I am doing to test my services).
Here is an example from the documentation how the POST request needs to look like:
token=gIkuvaNzQIHg97ATvDxqgjtO
team_id=T0001
team_domain=example
channel_id=C2147483705
channel_name=test
user_id=U2147483697
user_name=Steve
command=/weather
text=94070
response_url=https://hooks.slack.com/commands/1234/5678

Related

Secure Code Warrior Server-Side Request Forgery

I am currently doing a problem on Secure Code Warrior's Java basic package, and the topic is server-side request forgery. The task is to try and access the "/vault" api through a parameter url. One of the files requires that the ip address starts with 127.0 or ::1, which I'm pretty sure means that we just have to access this /vault api from within the local system. However, I have been unsuccessful in trying to access /vault through changing the url parameter in the question.
I've just done it, and here is how. You should input everything beginning from statements
https://..../statements/13?url=http://127.0.0.1:5000/vault

Post Slack message as specific user

I'm building a Slack bot with slash commands and I would like to post a message with an attachment as a specific user (specifically, the user that called the slash command).
I know this is possible because the Giphy Slack integration does so when responding to the /giphy [image] command, by responding as the user with a gif image.
I tried using the chat.meMessage method but this does not appear to support attachments.
I tried using the as_user argument in the chat.postMessage method, but this inherits the authenticated user rather than the user that called the slash command.
Responding to the slash command immediately or performing a delayed response (using response_url) doesn't seem to support non-bot responses. If they do, I can't seem to find where it's documented.
In the slash request Slack does provide both user_id and user_name parameters, so I imagine I can make use of those.
I reached out to Slack with this question, and unfortunately at this time it doesn't look like what I'm asking for is possible. The Giphy Slack integration was internally built.
Maybe in the future!

How can my slack custom command produce /remind me like links

I am writting a custom slack command that implements a
task manager like interface (I know ... there are many out there :-), mine interfaces with odesk/upwork to outsource my micro-tasks :-) ) .
Anyway, I like a lot how the /remind command included Complete Delete etc links in its output to facilitate subsequent interactions with the user that entered the command and I am trying to figure out how to do the same trick.
What I have thought so far is to include links in my output that are ... GET /slack-link?method=POST&token=xxx&team_id=xx&command=.. ie carry in their query string the complete json payload that slack would have produced from a normal custom command. slack-link acts as a "proxy" whose sole role is to submit a POST back to my normal slack endpoint. I can even reuse the same response_url for these command-links.
I have not tried it but I think these URLs will just open another window so that path wont exactly work...
Has anybody tried something like that before?
As you've learned, those are currently only available to built-in commands. However, as I was curious and wanted to know how those are done, I looked in the API and found out that the URLs are just formatted normally but have a special "protocol":
You asked me to remind you to “test”.
​_<slack-action://BSLACKBOT/reminders/complete/D01234567/1234//0/0/5678|Mark as complete>
or remind me later: <slack-action://BSLACKBOT/reminders/snooze/D01234567/1234//0/0/5678/15|15 mins> [...]
Clicking on such a link results in an API request to method chat.action, with the following parameters:
bot: BSLACKBOT
payload: reminders/complete/D01234567/1234//0/0/5678
token: xoxs-tokenhere-nowayiampostingithere
So it looks like those URLs have three parts:
<slack-action://BSLACKBOT/reminders/complete/[...]|Mark as complete>
slack-action://: the "protocol" like prefix to let Slack know this is a chat action URL.
BSLACKBOT: the bot which (who?) will receive the payload. Can only be a bot user and the ID must start with B, or the API request will fail with invalid_bot.
the rest of the URL: the payload that gets passed to the bot. It doesn't look like this is parsed nor handled specially by Slack.
This is actually not a new feature, since they used to have API URLs back in late 2013 or early 2014 (I don't remember precisely) which they removed for "security reasons".
It could be interesting to see if we can use chat actions with custom bots, and if so, what we could do with it.
I got the answer from Slack support:
In regard to your original question: currently Slack doesn't provide
the ability to embed 'action' links in our custom integrations. Only
built-in features like /remind can utilize these at the moment. For
external services, you'll need to link to a URL that opens in an
external web browser.
We do hope to provide a similar function for custom integrations in
the future, allowing for interactive messages.
Thanks,
Ben

Command pathing and 404 errors

I'm working on the most basic Valence use just to prove it works -- using php to run a "whoami" query.
I authenticate fine, get the userId, userKey, and userSig back. I set these in the userContext object. The call to createAuthenticatedUri seems to work well -- all parameters are in the GET url I would expect to see.
I've also verified that the command path (/d2l/api/lp/1.0/users/whoami/) is valid, from another developer who is connecting to a a completely different server.
However, when I try to make the request, D2L tells me "404 Page not found".
I can make a call to /d2l/api/versions/ and that returns just fine.
Anyone have any suggestions?
Thanks in advance.
Please note that your path /d2l/api/lp/1.0/users/whoami/ is not valid: the proper route for the whoami API call is /d2l/api/lp/{ver}/users/whoami without the trailing slash, and with the right version number filled in to target the API contract you want to target among those offered by the LMS -- in your case, that might be /d2l/api/lp/1.0/users/whoami, but it's also likely that you have more modern API contracts available on your LMS as well, which you can determine using the call to retrieve the LMS' version table.

http POST method for web server

I'm looking at HTTP POST method to create a web page.
I'm a tad unfamiliar with it, and was looking for some explanation on how this works.
I'm simply wanting to use their seemingly simplistic page for my own server needs.
My question is this, how does this curl link really work?
curl --data-binary #audio2.flac --header 'Content-type: audio/x-flac; rate=16000' 'https://www.google.com/speech-api/v1/recognize?xjerr=1&client=chromium&pfilter=0&maxresults=1&lang="en-US"'
So I got it to work by using curl, by sending a flac file as you can see, and it responds with
this JSon stuff
{"status":0,"id":"3b7853241a0dded048f84744cc1ab896-1","hypotheses":[{"utterance":"ice cream","confidence":0.88215643}]}
Please correct me if I'm wrong:
So I believe this is a post method as it has the ? mark with it to send the name value pair.
I have no idea how they got the link https://www.google.com/speech-api/v1/recognize
to only accept POST requests without having a script name like this at the end
https://www.google.com/speech-api/v1/recognize/scriptName.pl
How do I write something to accept a post request at that given page without a .pl or .py extension? How can I put it in a certain directory on the server.
In addition for my purposes can I also send a file back to them once I process / zip?
Any ideas on how to do that?
Thanks so much for your time and generous help!
It seems that if you use --data/--data-binary/--form that the request is POSTed.
I first totally misunderstood your question and though you wanted to know how to use the interface, but you got that working.
The serverside can be achieved by multiple means, totally depending on the infrastructure and software used.
With the Webserver apache for example, you could use Rewrite or something in a HtAccess file to obfuscate/change the requested file. So looking at the extension (or the absence of it) is not helpful.
Please also see various options mentioned here
Running PHP without extension without using mod_rewrite?
or
ForceType/htaccess file extension question - extensionless files?
to see how you could achieve the same.
Only accepting POST data is then again dependant on the programming/scripting technique you employ at your server side, PHP e.g. distinguishes between multiple superglobals like $_GET and $_POST.

Resources