Previously, when a bot name wasn't found, the Botserver threw
an ImportError with an error message. This results in an
intimidating traceback which is in most cases not helpful to
the user. This commit replaces the ImportError with sys.exit.
Previously, the botserver would accept any message sent
to it. This was a security hazard, since an attacker could
impersonate arbitrary users with arbitrary messages. We only
want the Zulip instance where a bot is registered to be able
to send out messages for that bot. To do this, this commits
adds a check for the security token associated with each
outgoing webhook bot. For each bot, its token is stored in
the botserverrc file. The server sends the token along with
each message.
Previously, messages weren't stripped at all. This
caused most bots to break and send replies similar to
"I didn't understand your command". Nobody noticed,
because the tests were only validating that replies
were sent, but not the content in them. Thus, this
commit also adds tests to avoid further regressions.
Previously, the botserver `handle_bot` routine did two checks
on an incoming message:
* First, it checked if the bot email matches
an email in the flaskbotrc.
* Second, it checked if the bot name that corresponds to an email
has a lib module loaded. However, this must be the case, because
all lib modules for all emails are loaded on initialization. Thus,
this commit removes the second check.
This is the first step in validating the bot responses for the
botserver. The default value for `message` was nonsense and
wouldn't trigger a bot in real life. Additionally, we'll want
each test to use a proper message tailored to the test. Thus,
this commit removes a 'default' message alltogether.
Previously, the Botserver determined which bot to run by dispatching on
a unique URL endpoint /bots/<botname> for each bot.
Now, instead, the Botserver determines which bot to run by the section
header of the bot in the flaskbotrc.
The zulip and zulip_botserver packages specify mock as a runtime
dependency, which is only needed for testing during development.
So, it made more sense to move it to requirements.txt so that
it can be installed by ./tools/provision during development.
Before this change, we were looking for config files in
default locations in source control, which is not a good
place to look for them. Now `run.py` and friends have a
command line argument where users can specify the config
files.
Note that the change to server.py is only a partial fix
to make it so that bots that don't use third party config
files won't crash. That program needs an overhaul, anyway.
This makes the StateHandler functional. To reduce the
number of server roundtrips when fetching/updating the
state, the entire state is fetched ocne at bot
initialization and cached. All changes are stored in the
cache and only saved externally after handle_message()
has been executed.
Fixes#141.
In zulip_bots/setup.py, we now don't specify a minimum version when
checking for dependency on the zulip package. We just want the
latest one.
In zulip_botserver/setup.py, we now don't specify a minimum version
when checking for dependencies on the zulip and zulip_bots package.
We just want the latest ones.
As the first unittest, this creates a test directory and
abnd adds it tho the excluded pip package files.
There are two `tests` directories now, one in zulip_botserver and one in
zulip. This confuses the unittest runner, leading to failed test imports.
Therefore, we need to tell the package importer that there are multiple
tests directories, all of which should be considered for a search.
This adds support to check and raise a BadRequest when either the
configuration of bot couldn't be found or the BotHandler code of bot
couldn't be fetched. There can be cases where flaskbotrc contains config
details of a bot, but the user hasn't added it's handler class code. This
fixes server to handle such cases, by reporting it to user.
This also fixes the response of bot server to make it possible to skip
the response message.
