I’m looking for some extra pairs of eyes on the plugin I’ve implemented for this feature:
Slack posts a request to
yourdomain.com/slackdoor over https (assuming your site has it enabled) with an
x-www-form-urlencoded body that includes a token, which is generated on their side when you set up the outgoing webook.
token=XXXXXXXXXXXXXXXXXX team_id=T0001 team_domain=example channel_id=C2147483705 channel_name=test timestamp=1355517523.000005 user_id=U2147483697 user_name=Steve text=googlebot: What is the air-speed velocity of an unladen swallow? trigger_word=googlebot:
The request can’t include an API Key or username, but a required SiteSetting for username determines which user is used to access the topic.
These are all checked
before_filter methods in the Controller class:
In order to bypass the default authentication logic, I have overridden these methods in the plugin’s controller:
Check out this file for the full plugin: discourse-slackdoor/plugin.rb at master · mcwumbly/discourse-slackdoor · GitHub
Please let me know if you see any issues with this approach… Thanks!