Exemple #1
0
def _is_valid_slack_request(req: request) -> None:
    """
    This function ensures that the request we received came from Slack.
    Details on the algorithm here can be found at:
    https://api.slack.com/docs/verifying-requests-from-slack

    :param req: Flask request object
    :return: bool indicating whether or not the request is valid.
    """
    req_timestamp = req.headers.get("X-Slack-Request-Timestamp")
    if abs(int(datetime.now().timestamp()) - int(req_timestamp)) > 60 * 5:
        logger.error("This request is quite old. Could be a replay attack. Bailing.")
        abort(403)

    req_signature = req.headers.get("X-Slack-Signature")
    req_data = req.get_data().decode("utf-8")
    logger.debug("Request data:" + req_data)
    basestring = f"{VERSION_NUMBER}:{req_timestamp}:{req_data}".encode("utf-8")
    expected_signature = (
        "v0="
        + hmac.new(
            slack_cfg.get("signing_secret").encode("utf-8"), basestring, hashlib.sha256,
        ).hexdigest()
    )
    if not hmac.compare_digest(expected_signature, req_signature):
        logging.error("Request is improperly signed.")
        abort(403)
Exemple #2
0
def extract_slack_info(r: request):
    try:
        data = r.get_data(as_text=True)
        timestamp = r.headers.get("X-Slack-Request-Timestamp")
        signature = r.headers.get("X-Slack-Signature")
        return SlackVerification(data, timestamp, signature)
    except Exception as e:
        # If it makes it here, the request probably isn't from Slack.
        logging.error(e)
        return None
Exemple #3
0
def add_request(req: request, name: str, description: str):
    request_list.append({
        "url": req.base_url,
        "args": req.args,
        "headers": req.headers.to_wsgi_list(),
        "body": req.get_data(as_text=True),
        "name": name,
        "description": description,
        "real_time": datetime.now().strftime(sch.time_format),
        "fake_time": sch.fake_clock.get_time().strftime(sch.time_format)
    })
Exemple #4
0
def persist_request(directory: str, req: request) -> Path:
    vname = "video_%d.mp4" % randint(0, 999999999999)
    vname_path = Path(directory, vname)
    with open(vname_path, 'wb') as f:
        f.write(req.get_data())
    return vname_path