Commit graph

25 commits

Author SHA1 Message Date
Robert Hönig f4e0808a87 botserver: Validate token before accepting message.
Previously, the botserver would accept any message sent
to it. This was a security hazard, since an attacker could
impersonate arbitrary users with arbitrary messages. We only
want the Zulip instance where a bot is registered to be able
to send out messages for that bot. To do this, this commits
adds a check for the security token associated with each
outgoing webhook bot. For each bot, its token is stored in
the botserverrc file. The server sends the token along with
each message.
2018-05-30 09:37:33 -04:00
Robert Hönig 762118bbea Rename flaskbotrc to botserverrc. 2018-05-29 10:19:50 +02:00
Robert Hönig e6ef34a964 botserver: Strip messages like we do in zulip-run-bot.
Previously, messages weren't stripped at all. This
caused most bots to break and send replies similar to
"I didn't understand your command". Nobody noticed,
because the tests were only validating that replies
were sent, but not the content in them. Thus, this
commit also adds tests to avoid further regressions.
2018-05-29 10:05:19 +02:00
Robert Hönig f1bcf3b9a4 botserver: Remove redundant message check.
Previously, the botserver `handle_bot` routine did two checks
on an incoming message:
* First, it checked if the bot email matches
an email in the flaskbotrc.
* Second, it checked if the bot name that corresponds to an email
has a lib module loaded. However, this must be the case, because
all lib modules for all emails are loaded on initialization. Thus,
this commit removes the second check.
2018-05-29 09:52:14 +02:00
Robert Hönig 5c062cee0d botserver: Verify bot response.
This allows for more realistic testing.
2018-05-28 11:13:56 -07:00
Robert Hönig 4285cef29c assert_bot_server_response: Mock ExternalBotHandler. 2018-05-28 11:13:56 -07:00
Robert Hönig 27938a926b Rename assert_bot_server_response param message to event.
It's an event, not a message.
2018-05-28 11:13:56 -07:00
Robert Hönig 48f2c2ae36 Remove default value from assert_bot_server_response message parameter.
This is the first step in validating the bot responses for the
botserver. The default value for `message` was nonsense and
wouldn't trigger a bot in real life. Additionally, we'll want
each test to use a proper message tailored to the test. Thus,
this commit removes a 'default' message alltogether.
2018-05-28 11:13:55 -07:00
Robert Hönig 6a8cb2965c zulip_botserver: Handle all requests from the root / endpoint.
Previously, the Botserver determined which bot to run by dispatching on
a unique URL endpoint /bots/<botname> for each bot.
Now, instead, the Botserver determines which bot to run by the section
header of the bot in the flaskbotrc.
2018-05-28 15:09:39 +02:00
dkvasov 79899dba30 zulip_botserver: More test cases. 2018-05-17 09:43:00 -07:00
dkvasov fe801d08eb zulip_botserver: Add test for config parsing. 2018-05-17 09:42:52 -07:00
dkvasov 40785d3116 zulip_botserver: Add test for default input parameters. 2018-05-17 09:40:44 -07:00
dkvasov a06fb98f21 zulip_bots and zulip_botserver: Extract common function. 2018-05-17 17:35:09 +03:00
dkvasov d3b99959c6 zulip_botserver: Add test to check two bots working together. 2018-05-16 10:50:43 -07:00
Guitar1st f90913d54c zulip_botserver: Get rid of some global variables. 2018-05-15 12:32:57 -07:00
Guitar1st 2ba6f75fb3 zulip_botserver: Change style of type annotations to python3 2018-05-14 20:00:44 +00:00
Guitar1st 641665c338 zulip_botserver: Remove unused imports and do some other cleanup. 2018-05-14 20:00:44 +00:00
derAnfaenger 2736223073 bots: Make StateHandler store state on Zulip server.
This makes the StateHandler functional. To reduce the
number of server roundtrips when fetching/updating the
state, the entire state is fetched ocne at bot
initialization and cached. All changes are stored in the
cache and only saved externally after handle_message()
has been executed.

Fixes #141.
2017-11-18 08:58:47 -08:00
neiljp (Neil Pilgrim) d929cdb91e botserver testing: Move to six.assertRaisesRegex from Regexp variant.
This ensures 2/3 compatibility. The mypy test also now passes, though
the six stubs appear very minimal - maybe incorrect?
2017-11-15 13:43:08 -08:00
derAnfaenger fa9e5a8e26 zulip_botserver: Test for import error with wrong credentials. 2017-11-10 18:36:20 -08:00
derAnfaenger fb116259d0 zulip_botserver: Make tests more realistic.
Specifically, this invokes server.load_lib_modules()
and server.load_bot_handlers() to generate the modules
and handlers, instead of hardcoding them.
2017-11-10 18:36:20 -08:00
derAnfaenger bcc8bd7d38 zulip_botserver: Don't reinstantiate ExternalBotHandlers.
Fixes #147.
2017-11-07 05:06:12 -08:00
derAnfaenger e5576388dd botserver: Remove obsolete state_handler param from handle_message(). 2017-10-31 12:24:10 +01:00
vaibhav c4876dddae bot server: Raise BadRequest when bot code can't be imported.
This adds support to check and raise a BadRequest when either the
configuration of bot couldn't be found or the BotHandler code of bot
couldn't be fetched. There can be cases where flaskbotrc contains config
details of a bot, but the user hasn't added it's handler class code. This
fixes server to handle such cases, by reporting it to user.
This also fixes the response of bot server to make it possible to skip
the response message.
2017-07-27 11:03:33 -07:00
Eeshan Garg 928d5ca16d flask_server: Move the server to its own package. 2017-07-18 01:31:54 -02:30
Renamed from tests/test_bot_server.py (Browse further)