github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 10:12:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(slack): replace files.uploadV2 with 3-step upload flow to fix missing_scope error (#17558)

Browse Source 
* fix(slack): replace files.uploadV2 with 3-step upload flow

files.uploadV2 from @slack/web-api internally calls the deprecated
files.upload endpoint, which fails with missing_scope even when
files:write is correctly granted in the bot token scopes.

Replace with Slack's recommended 3-step upload flow:
1. files.getUploadURLExternal - get presigned URL + file_id
2. fetch(upload_url) - upload file content
3. files.completeUploadExternal - finalize & share to channel/thread

This preserves all existing behavior including thread replies via
thread_ts and caption via initial_comment.

* fix(slack): harden external upload flow and tests

---------

Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>
This commit is contained in:
Oleksandr Zakotyanskyi
2026-03-01 18:37:18 +01:00
committed by GitHub
parent 39a45121d9
commit 2a409bbba0
3 changed files with 129 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
src/slack/send.upload.test.ts
View File

@@ -1,9 +1,22 @@
import type { WebClient } from "@slack/web-api";
import { describe, expect, it, vi } from "vitest";
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
import { installSlackBlockTestMocks } from "./blocks.test-helpers.js";
// --- Module mocks (must precede dynamic import) ---
installSlackBlockTestMocks();
const fetchWithSsrFGuard = vi.fn(
async (params: { url: string; init?: RequestInit }) =>
({
response: await fetch(params.url, params.init),
finalUrl: params.url,
release: async () => {},
}) as const,
);
vi.mock("../infra/net/fetch-guard.js", () => ({
fetchWithSsrFGuard: (...args: unknown[]) =>
fetchWithSsrFGuard(...(args as [params: { url: string; init?: RequestInit }])),
}));
vi.mock("../web/media.js", () => ({
loadWebMedia: vi.fn(async () => ({
@@ -19,7 +32,10 @@ const { sendMessageSlack } = await import("./send.js");
type UploadTestClient = WebClient & {
conversations: { open: ReturnType<typeof vi.fn> };
chat: { postMessage: ReturnType<typeof vi.fn> };
files: { uploadV2: ReturnType<typeof vi.fn> };
files: {
getUploadURLExternal: ReturnType<typeof vi.fn>;
completeUploadExternal: ReturnType<typeof vi.fn>;
};
};
function createUploadTestClient(): UploadTestClient {
@@ -31,13 +47,30 @@ function createUploadTestClient(): UploadTestClient {
postMessage: vi.fn(async () => ({ ts: "171234.567" })),
},
files: {
uploadV2: vi.fn(async () => ({ files: [{ id: "F001" }] })),
getUploadURLExternal: vi.fn(async () => ({
ok: true,
upload_url: "https://uploads.slack.test/upload",
file_id: "F001",
})),
completeUploadExternal: vi.fn(async () => ({ ok: true })),
},
} as unknown as UploadTestClient;
}
describe("sendMessageSlack file upload with user IDs", () => {
it("resolves bare user ID to DM channel before files.uploadV2", async () => {
const originalFetch = globalThis.fetch;
beforeEach(() => {
globalThis.fetch = vi.fn(async () => new Response("ok", { status: 200 })) as typeof fetch;
fetchWithSsrFGuard.mockClear();
});
afterEach(() => {
globalThis.fetch = originalFetch;
vi.restoreAllMocks();
});
it("resolves bare user ID to DM channel before completing upload", async () => {
const client = createUploadTestClient();
// Bare user ID — parseSlackTarget classifies this as kind="channel"
@@ -52,16 +85,15 @@ describe("sendMessageSlack file upload with user IDs", () => {
users: "U2ZH3MFSR",
});
// files.uploadV2 should receive the resolved DM channel ID, not the user ID
expect(client.files.uploadV2).toHaveBeenCalledWith(
expect(client.files.completeUploadExternal).toHaveBeenCalledWith(
expect.objectContaining({
channel_id: "D99RESOLVED",
filename: "screenshot.png",
files: [expect.objectContaining({ id: "F001", title: "screenshot.png" })],
}),
);
});
it("resolves prefixed user ID to DM channel before files.uploadV2", async () => {
it("resolves prefixed user ID to DM channel before completing upload", async () => {
const client = createUploadTestClient();
await sendMessageSlack("user:UABC123", "image", {
@@ -73,7 +105,7 @@ describe("sendMessageSlack file upload with user IDs", () => {
expect(client.conversations.open).toHaveBeenCalledWith({
users: "UABC123",
});
expect(client.files.uploadV2).toHaveBeenCalledWith(
expect(client.files.completeUploadExternal).toHaveBeenCalledWith(
expect.objectContaining({ channel_id: "D99RESOLVED" }),
);
});
@@ -88,7 +120,7 @@ describe("sendMessageSlack file upload with user IDs", () => {
});
expect(client.conversations.open).not.toHaveBeenCalled();
expect(client.files.uploadV2).toHaveBeenCalledWith(
expect(client.files.completeUploadExternal).toHaveBeenCalledWith(
expect.objectContaining({ channel_id: "C123CHAN" }),
);
});
@@ -105,8 +137,44 @@ describe("sendMessageSlack file upload with user IDs", () => {
expect(client.conversations.open).toHaveBeenCalledWith({
users: "U777TEST",
});
expect(client.files.uploadV2).toHaveBeenCalledWith(
expect(client.files.completeUploadExternal).toHaveBeenCalledWith(
expect.objectContaining({ channel_id: "D99RESOLVED" }),
);
});
it("uploads bytes to the presigned URL and completes with thread+caption", async () => {
const client = createUploadTestClient();
await sendMessageSlack("channel:C123CHAN", "caption", {
token: "xoxb-test",
client,
mediaUrl: "/tmp/threaded.png",
threadTs: "171.222",
});
expect(client.files.getUploadURLExternal).toHaveBeenCalledWith({
filename: "screenshot.png",
length: Buffer.from("fake-image").length,
});
expect(globalThis.fetch).toHaveBeenCalledWith(
"https://uploads.slack.test/upload",
expect.objectContaining({
method: "POST",
}),
);
expect(fetchWithSsrFGuard).toHaveBeenCalledWith(
expect.objectContaining({
url: "https://uploads.slack.test/upload",
proxy: "env",
auditContext: "slack-upload-file",
}),
);
expect(client.files.completeUploadExternal).toHaveBeenCalledWith(
expect.objectContaining({
channel_id: "C123CHAN",
initial_comment: "caption",
thread_ts: "171.222",
}),
);
});
});