Releases: slackapi/bolt-python
version 1.9.0
New Features
More Customization for Apps
Since this release, developers can customize listener_executor in apps. Also, to support the use case where Enterprise Grid Org admins install apps from their app management page, we've added a new option to disable state parameter validation in the OAuth flow. Please note that we still don't recommend disabling the state validation for usual OAuth apps.
Changes
- #452 #453 Enable to customize the
listener_executorinApp- Thanks @chrisbouchard - #455 #454 Add
oauth_settings.state_validation_enabledto customize the OAuth flow - Thanks @seratch
References
Contributors
Assets 2
version 1.8.1
Changes
- #451 Fix cookie extraction during OAuth for REST based AWS API GW + Lambda app - Thanks @naveensan1
- #449 Fix typo in
App/AsyncAppcomments and API documents - Thanks @objectfox - #446 Update the entity name - Thanks @seratch
References
Contributors
Assets 2
version 1.8.0
Changes
- #436 Fix #409 Custom token rotation expiration time does not work if installation_store is passed at top level - Thanks @seratch
- #437 Fix a token rotation bug where a bot token is not refreshed if a user token does not exist - Thanks @seratch
- #431 Fix #430 by adding a new option to customize dev server (http.server) logging - Thanks @seratch @cole-wilson
- #432 Update Sanic adapter and its tests to be compatible with sanic v21 - Thanks @seratch
- #416 Fix type hint errors detected by pytype 2021.7.19 - Thanks @seratch
Document Updates
- #442 #444 Added basic lazy lambda example setup and deploy instructions - Thanks @filmaj
- #418 #414 Add Japanese translation of "token rotation" document - Thanks @hirosassa
- #426 #406 Add Japanese translation of "Getting started over HTTP" and "Getting started" documents - Thanks @hirosassa
- #415 #412 #429 Update "incoming events" to "incoming requests" in documents - Thanks @RhnSharma @Shoryu-N
References
Contributors
Assets 2
version 1.8.0rc1
Refer to the v1.8.0 release note
version 1.7.0
New Features
Token Rotation Support
This version includes the support for the apps enabling the newly released token rotation for better security. Refer to the API document for the general information about the feature.
How to handle token rotation with this SDK
If you use any of the built-in InstallationStore, there is nothing else to change on your application code side. If you use the relational database tables along with a built-in InstallationStore, refer to the latest table schema here.
If you use your own custom authorize, not the built-in InstallationStoreAuthorize, the authorize function needs to be updated to run the token rotation. Refer to the InstallationStoreAuthorize's code to learn what to do for it.
Migration guide for Django users
If you operate Django apps based on the example app in this repository and would like to enable token rotation for the apps, check this commit to learn the required changes for it.
Migration guide for SQLAlchemyInstallationStore users
If your app uses the built-in SQLAlchemyInstallationStore for managing Slack app installations, adding the following database columns is required for this version upgrade. Refer to the code to check the complete ones.
Also, since this version, all the table columns for string data have their max length for better compatibility with MySQL. We recommend setting the same ones for your models.
slack_installations
Column("bot_refresh_token", String(200)),Column("bot_token_expires_at", DateTime),Column("user_refresh_token", String(200)),Column("user_token_expires_at", DateTime),
slack_bots
Column("bot_refresh_token", String(200)),Column("bot_token_expires_at", DateTime),
Changes
- #404 Fix #400 token rotation feature support - Thanks @seratch
- #387 #386 Replace re.search() with re.findall() in MessgeListenerMatches middleware to provide better matching results - Thanks @albeec13
- #379 Make cookies extraction on AWS Lambda compatible with its format v1.0 - Thanks @tattee
- #375 Update install page to avoid favicon downloads - Thanks @Bhavya6187
- #401 Fix #378 by adding middleware error handlers - Thanks @seratch @jeremyschulman
- #403 Fix #377 Better log messages for AsyncApp when a listener is missing - Thanks @seratch
- #394 Fix #370 by adding an alias of next arg (next_) in middleware arguments - Thanks @seratch
- #402 Fix #372 by adding listener matcher docs - Thanks @seratch
- #389 Add reference to WorkflowStepBuilder in docs - Thanks @misscoded
References
version 1.6.1
Changes
- #331 #330 Potentially request.body can be None when using a custom adapter - Thanks @matteobaldelli @seratch
- #363 Fix #346 Allow unfurl_media / unfurl_links in ack / respond - Thanks @gburek-fastly @seratch
References
version 1.6.0
New Features
Code Suggestion for Missing Listeners
Since this version, the warning message for unhandled requests is even more helpful!
Let's say you've configured the "message" event subscription in the Slack App configuration page, and the Slack server-side started sending message events to your app. However, your app does not have the corresponding event listener yet. In this case, Bolt suggests the missing listener with a working code snippet.
WARNING:slack_bolt.App:Unhandled request ({'type': 'event_callback', 'event': {'type': 'message'}})
---
[Suggestion] You can handle this type of event with the following listener function:
@app.event("message")
def handle_message_events(body, logger):
logger.info(body)
The new suggestion logging should be helpful for the developers who are new to Bolt and the Slack platform.
Options For Turning the Built-in Middleware Off
Developers can turn any of the built-in middleware off if they would like to do so for some reason.
app = App(
token=os.environ["SLACK_BOT_TOKEN"],
signing_secret=os.environ["SLACK_SIGNING_SECRET"],
# Verify request signature
request_verification_enabled = False, # default: True
# Skip processing the events generated by this app's bot user itself
ignoring_self_events_enabled = False, # default: True
# Respond to ssl_check requests
ssl_check_enabled = False, # default: True
# Respond to url_verification requests in the Events API configuration steps
url_verification_enabled = False, # default: True
)Please make sure if it's safe enough when you turn a built-in middleware off. We strongly recommend using RequestVerification for better security. If you have a proxy that verifies request signature in front of the Bolt app, it's totally fine to disable RequestVerification to avoid duplication of work. Don't turn it off just for easiness of development.
Changes
- #323 Add missing listener suggestion to the default unhandled error message - Thanks @seratch
- #310 Fix #307 Add options to disable the built-in middleware - Thanks @seratch @hubhanker99
- #311 Fix #309 Fallback to no-emoji boot message on any platforms - Thanks @seratch @christheodosius
- #315 #316 Fix Chalice deployment failures caused by #270 - Thanks @jlujan-invitae
- #313 Fix #312 Type hint errors with pytype 2021.4.26 - Thanks @seratch
References
version 1.5.0
New Features
Underlying SDK Upgrade
This release upgrades the underlying slack-sdk package from 3.4 to 3.5 (or higher). Refer to the package's release note for more details: https://github.com/slackapi/python-slack-sdk/releases/tag/v3.5.0
Built-in Token Revocation Handlers
Since this version, the out-of-the-box support for the following events is available:
To use this feature, all you need to do are:
- Enable
installation_storeof the OAuth settings (see the document) - Call
enable_token_revocation_listeners()method of theApp/AsyncAppinstance
app = App(
# Enabling installation_store required
)
app.enable_token_revocation_listeners()This is equivalent to the following code:
app = App() # installation_store required
app.event("tokens_revoked")(app.default_tokens_revoked_event_listener)
app.event("app_uninstalled")(app.default_app_uninstalled_event_listener)These event listeners properly utilize the data deletion methods in the InstallationStore you use. If you have your own InstallationStore implementation, please implement deletion methods in the classes. Refer to slackapi/python-slack-sdk#995 for more details.
Customize Unhandled Error Handling
Handling unmatched request patterns had not been customizable in the past versions. The pull request #290 introduced a new option to enable using @app.error handlers for unmatched requests. The default is set to False, which is fully backward compatible. If the option is True, Bolt raises a BoltUnhandledRequestError with sufficient information. @app.error handler can customize the behavior for the patterns (e.g., having custom logging, changing HTTP status from 404 to something else).
app = App(
token=os.environ["SLACK_BOT_TOKEN"],
signing_secret=os.environ["SLACK_SIGNING_SECRET"],
# enable @app.error handler to catch the patterns
raise_error_for_unhandled_request=True,
)
@app.error
def handle_errors(error):
if isinstance(error, BoltUnhandledRequestError):
# You may want to have debug/info logging here
return BoltResponse(status=200, body="")
else:
# other error patterns
return BoltResponse(status=500, body="Something wrong")Add respond to app.view Listeners
When an input block in your modal has response_url_enabled: true, view_submission payloads can have response_urls. Since this version, you can use respond utility to use the primary element in the array.
@app.view("view-id")
def check(ack, respond):
# if there is an input block with response_url_enabled: true
respond("This message will be posted in the selected channel")
ack()see also:
Better Compatibility with Thread-local feature based Libraries
ListenerCompletionHandler is a new addition, which enables developers to customize callbacks for listener runner completion. The callbacks can be useful, especially when you use a library/framework that utilizes thread-local variables (e.g., Django ORM, thread-local sessions in SQLAlchemy) along with Bolt for Python.
If you're interested in how it works, check the updated Django adapter implementation for details: https://github.com/slackapi/bolt-python/blob/v1.5.0/slack_bolt/adapter/django/handler.py
from django.db import connections
class DjangoListenerCompletionHandler(ListenerCompletionHandler):
def handle(self, request: BoltRequest, response: Optional[BoltResponse]) -> None:
# closes all the thread-local connections in the current thread
connections.close_all()Changes
- #270 Add support for lazy listeners when running with chalice local - Thanks @jlujan-invitae
- #281 Fix #280 Django thread-local connection cleanup in multi threads - Thanks @seratch
- #287 Enable installation_store authorize to fallback to bots (prep for #254) - Thanks @seratch
- #289 Fix #254 Add built-in tokens_revoked/app_uninstalled event handlers - Thanks @seratch
- #288 Fix #260 Enable to use respond utility in app.view listeners (only when response_urls exists) - Thanks @seratch
- #290 Fix #273 Enable developers to customize the way to handle unmatched requests - Thanks @seratch
