Require explicit slack authorization config (#20)

toptal · Apr 11, 2024 · 511d450 · 511d450
1 parent 56a7e87
commit 511d450
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/.env.example b/.env.example
@@ -14,8 +14,8 @@ OPENAI_ASSISTANT_ID_KNOWLEDGE_GAP="asst_???"
 SLACK_APP_TOKEN="xapp-???"
 SLACK_BOT_TOKEN="xoxb-???"
 SLACK_CHANNEL_ID_KNOWLEDGE_GAP_DISCUSSIONS="???"
-# Uncomment and provide values if you want to only allow interactions coming
-# from a specific Slack enterprise (organization) and/or team (workspace).
+# Only handle events coming from specific Slack enterprise (organization) and/or team (workspace)
 # Both values are optional and applied independently.
-# SLACK_REQUIRE_ENTERPRISE_ID="???"
-# SLACK_REQUIRE_TEAM_ID="???"
+# "*" means that any value would be accepted.
+SLACK_ALLOW_ENTERPRISE_ID="*"
+SLACK_ALLOW_TEAM_ID="*"
diff --git a/configuration.py b/configuration.py
@@ -69,5 +69,5 @@ def get_project_root() -> str:
 knowledge_gap_discussions_channel_id = os.environ.get("SLACK_CHANNEL_ID_KNOWLEDGE_GAP_DISCUSSIONS")
 
 # Authorized Slack environments
-slack_require_enterprise_id = os.environ.get("SLACK_REQUIRE_ENTERPRISE_ID", None)
-slack_require_team_id = os.environ.get("SLACK_REQUIRE_TEAM_ID", None)
+slack_allow_enterprise_id = os.environ.get("SLACK_ALLOW_ENTERPRISE_ID")
+slack_allow_team_id = os.environ.get("SLACK_ALLOW_TEAM_ID")
diff --git a/slack/channel_message_handler.py b/slack/channel_message_handler.py
@@ -6,7 +6,7 @@
 from slack_sdk.socket_mode.request import SocketModeRequest
 from slack_sdk.socket_mode.response import SocketModeResponse
 
-from configuration import api_host, api_port, slack_require_enterprise_id, slack_require_team_id
+from configuration import api_host, api_port, slack_allow_enterprise_id, slack_allow_team_id
 from database.interaction_manager import QAInteractionManager
 
 from .event_handler import SlackEventHandler
@@ -43,10 +43,10 @@ def load_processed_data(self):
 
     def is_authorized(self, enterprise_id: str, team_id: str) -> bool:
         """Authorize the request based on the enterprise_id and team_id"""
-        if slack_require_enterprise_id and slack_require_enterprise_id != enterprise_id:
+        if slack_allow_enterprise_id != '*' and slack_allow_enterprise_id != enterprise_id:
             return False
 
-        if slack_require_team_id and slack_require_team_id != team_id:
+        if slack_allow_team_id != '*' and slack_allow_team_id != team_id:
             return False
 
         return True