We can now specify path to a bot's python file as the ini section
header in the botserver's config file. For example:
[~/Documents/helloworld.py]
email=a@b.com
key=XXXX
site=https://b.com
token=XXXX
This commit changes the default behavior for a hypothetical bot
named 'bot_one' to the following with the config file:
1. Find and load section named 'bot_one', else...
2. Find and load the first section, else...
3. Exit with error message.
Also, we now gracefully show missing options in a config section
instead of printing the whole stacktrace of the exception.
Previously, when a user tried to run the Botserver with a
zuliprc but forgot to set the bot name, they were told to
edit the botserverrc file. However, the recommended approach
is to specify the botname with the -b option. This commit
adds an error message specific for this case. It recognizes
zuliprc files by their section header `api`.
Previously, when a bot name wasn't found, the Botserver threw
an ImportError with an error message. This results in an
intimidating traceback which is in most cases not helpful to
the user. This commit replaces the ImportError with sys.exit.
Previously, the botserver would accept any message sent
to it. This was a security hazard, since an attacker could
impersonate arbitrary users with arbitrary messages. We only
want the Zulip instance where a bot is registered to be able
to send out messages for that bot. To do this, this commits
adds a check for the security token associated with each
outgoing webhook bot. For each bot, its token is stored in
the botserverrc file. The server sends the token along with
each message.
Previously, messages weren't stripped at all. This
caused most bots to break and send replies similar to
"I didn't understand your command". Nobody noticed,
because the tests were only validating that replies
were sent, but not the content in them. Thus, this
commit also adds tests to avoid further regressions.
Previously, the botserver `handle_bot` routine did two checks
on an incoming message:
* First, it checked if the bot email matches
an email in the flaskbotrc.
* Second, it checked if the bot name that corresponds to an email
has a lib module loaded. However, this must be the case, because
all lib modules for all emails are loaded on initialization. Thus,
this commit removes the second check.
