A lot of these bot dependencies are pretty hefty and shouldn't be
installed as part of the zulip_bots package. So the installation of
these belongs in tools/provision, not in setup.py.
Previously, when a user tried to run the Botserver with a
zuliprc but forgot to set the bot name, they were told to
edit the botserverrc file. However, the recommended approach
is to specify the botname with the -b option. This commit
adds an error message specific for this case. It recognizes
zuliprc files by their section header `api`.
Previously, when a bot name wasn't found, the Botserver threw
an ImportError with an error message. This results in an
intimidating traceback which is in most cases not helpful to
the user. This commit replaces the ImportError with sys.exit.
Previously, the responses set in bot test fixtures
where handled as JSON objects. This works fine for
most bot tests, because most of the APIs that bots
are calling return a JSON-formatted response object.
However, some, like Trello, do return raw data.
This hasn't been noticed so far, because the respective
Trello test needed internet access. Tests shouldn't
need internet access.
This commit makes that Trello test use a fixture. To
work properly, it also adds a way to make http_mock_config
parse the response object as raw data.
This can now be done by modifying the "is_raw_response"
property in a newly introduced "meta" object that can
be used to specify how a fixture should be handled.
Change checking auth_token in `initialize` method by calling
request to get user's information instead of calling POST request
which modifies progress of user's goal.
This improves the ability of a bot to specify how to mention it,
which varies at run-time depending upon the identity used to run it;
this is commonly used in many bot help commands.
Previously, the botserver would accept any message sent
to it. This was a security hazard, since an attacker could
impersonate arbitrary users with arbitrary messages. We only
want the Zulip instance where a bot is registered to be able
to send out messages for that bot. To do this, this commits
adds a check for the security token associated with each
outgoing webhook bot. For each bot, its token is stored in
the botserverrc file. The server sends the token along with
each message.
Previously, messages weren't stripped at all. This
caused most bots to break and send replies similar to
"I didn't understand your command". Nobody noticed,
because the tests were only validating that replies
were sent, but not the content in them. Thus, this
commit also adds tests to avoid further regressions.
Previously, the botserver `handle_bot` routine did two checks
on an incoming message:
* First, it checked if the bot email matches
an email in the flaskbotrc.
* Second, it checked if the bot name that corresponds to an email
has a lib module loaded. However, this must be the case, because
all lib modules for all emails are loaded on initialization. Thus,
this commit removes the second check.