From ff9126ac1e5a18f88c2ac67d391a7c4e330790cd Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Thu, 27 May 2021 18:27:19 -0700 Subject: [PATCH] data_import: Protect better against bad Slack tokens. An invalid token would be treated the same as a token with no scopes; differentiate these better. --- zerver/data_import/slack.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/zerver/data_import/slack.py b/zerver/data_import/slack.py index b7bbe919f4..e5a54fe573 100755 --- a/zerver/data_import/slack.py +++ b/zerver/data_import/slack.py @@ -1362,6 +1362,8 @@ def check_token_access(token: str) -> None: data = requests.get( "https://slack.com/api/team.info", headers={"Authorization": "Bearer {}".format(token)} ) + if data.status_code != 200 or not data.json()["ok"]: + raise ValueError("Invalid Slack token: {}".format(token)) has_scopes = set(data.headers.get("x-oauth-scopes", "").split(",")) required_scopes = set(["emoji:read", "users:read", "users:read.email", "team:read"]) missing_scopes = required_scopes - has_scopes