This improves the ability of a bot to specify how to mention it,
which varies at run-time depending upon the identity used to run it;
this is commonly used in many bot help commands.
Previously, the botserver would accept any message sent
to it. This was a security hazard, since an attacker could
impersonate arbitrary users with arbitrary messages. We only
want the Zulip instance where a bot is registered to be able
to send out messages for that bot. To do this, this commits
adds a check for the security token associated with each
outgoing webhook bot. For each bot, its token is stored in
the botserverrc file. The server sends the token along with
each message.
Previously, messages weren't stripped at all. This
caused most bots to break and send replies similar to
"I didn't understand your command". Nobody noticed,
because the tests were only validating that replies
were sent, but not the content in them. Thus, this
commit also adds tests to avoid further regressions.
Previously, the botserver `handle_bot` routine did two checks
on an incoming message:
* First, it checked if the bot email matches
an email in the flaskbotrc.
* Second, it checked if the bot name that corresponds to an email
has a lib module loaded. However, this must be the case, because
all lib modules for all emails are loaded on initialization. Thus,
this commit removes the second check.
This is the first step in validating the bot responses for the
botserver. The default value for `message` was nonsense and
wouldn't trigger a bot in real life. Additionally, we'll want
each test to use a proper message tailored to the test. Thus,
this commit removes a 'default' message alltogether.
Previously, the Botserver determined which bot to run by dispatching on
a unique URL endpoint /bots/<botname> for each bot.
Now, instead, the Botserver determines which bot to run by the section
header of the bot in the flaskbotrc.
The monkeytestit tests fail on Python3.4 because
one of their dependencies only works on Python3.5.
This is a hotfix to make builds pass again. We'll
want to find a proper way of Python version conditional
bot test execution.
We need to import the bot class inside the tests, so
we are able to temporarily resolve problems with the
bot class by simply skipping the test. It also makes
the code look nicer.