Improve the installation data queries to always return the latest bot token (#1223)

Author: seratch

slack_sdk/oauth/installation_store/amazon_s3/__init__.py

@@ -213,7 +213,29 @@ def find_installation(
             self.logger.debug(f"S3 get_object response: {fetch_response}")
             body = fetch_response["Body"].read().decode("utf-8")
             data = json.loads(body)
-            return Installation(**data)
+            installation = Installation(**data)
+
+            if installation is not None and user_id is not None:
+                # Retrieve the latest bot token, just in case
+                # See also: https://github.com/slackapi/bolt-python/issues/664
+                latest_bot_installation = self.find_installation(
+                    enterprise_id=enterprise_id,
+                    team_id=team_id,
+                    is_enterprise_install=is_enterprise_install,
+                )
+                if latest_bot_installation is not None and installation.bot_token != latest_bot_installation.bot_token:
+                    # NOTE: this logic is based on the assumption that every single installation has bot scopes
+                    # If you need to installation patterns without bot scopes in the same S3 bucket,
+                    # please fork this code and implement your own logic.
+                    installation.bot_id = latest_bot_installation.bot_id
+                    installation.bot_user_id = latest_bot_installation.bot_user_id
+                    installation.bot_token = latest_bot_installation.bot_token
+                    installation.bot_scopes = latest_bot_installation.bot_scopes
+                    installation.bot_refresh_token = latest_bot_installation.bot_refresh_token
+                    installation.bot_token_expires_at = latest_bot_installation.bot_token_expires_at
+
+            return installation
+
         except Exception as e:  # skipcq: PYL-W0703
             message = f"Failed to find an installation data for enterprise: {e_id}, team: {t_id}: {e}"
             self.logger.warning(message)

slack_sdk/oauth/installation_store/file/__init__.py

@@ -164,9 +164,32 @@ def find_installation(
             installation_filepath = f"{self.base_dir}/{e_id}-{t_id}/installer-{user_id}-latest"
 
         try:
+            installation: Optional[Installation] = None
             with open(installation_filepath) as f:
                 data = json.loads(f.read())
-                return Installation(**data)
+                installation = Installation(**data)
+
+            if installation is not None and user_id is not None:
+                # Retrieve the latest bot token, just in case
+                # See also: https://github.com/slackapi/bolt-python/issues/664
+                latest_bot_installation = self.find_installation(
+                    enterprise_id=enterprise_id,
+                    team_id=team_id,
+                    is_enterprise_install=is_enterprise_install,
+                )
+                if latest_bot_installation is not None and installation.bot_token != latest_bot_installation.bot_token:
+                    # NOTE: this logic is based on the assumption that every single installation has bot scopes
+                    # If you need to installation patterns without bot scopes in the same S3 bucket,
+                    # please fork this code and implement your own logic.
+                    installation.bot_id = latest_bot_installation.bot_id
+                    installation.bot_user_id = latest_bot_installation.bot_user_id
+                    installation.bot_token = latest_bot_installation.bot_token
+                    installation.bot_scopes = latest_bot_installation.bot_scopes
+                    installation.bot_refresh_token = latest_bot_installation.bot_refresh_token
+                    installation.bot_token_expires_at = latest_bot_installation.bot_token_expires_at
+
+            return installation
+
         except FileNotFoundError as e:
             message = f"Installation data missing for enterprise: {e_id}, team: {t_id}: {e}"
             self.logger.debug(message)

slack_sdk/oauth/installation_store/sqlalchemy/__init__.py

@@ -258,10 +258,11 @@ def find_installation(
 
         query = self.installations.select().where(where_clause).order_by(desc(c.installed_at)).limit(1)
 
+        installation: Optional[Installation] = None
         with self.engine.connect() as conn:
             result: object = conn.execute(query)
             for row in result:  # type: ignore
-                return Installation(
+                installation = Installation(
                     app_id=row["app_id"],
                     enterprise_id=row["enterprise_id"],
                     enterprise_name=row["enterprise_name"],
@@ -288,7 +289,28 @@ def find_installation(
                     token_type=row["token_type"],
                     installed_at=row["installed_at"],
                 )
-            return None
+
+        if user_id is not None and installation is not None:
+            # Retrieve the latest bot token, just in case
+            # See also: https://github.com/slackapi/bolt-python/issues/664
+            where_clause = and_(
+                c.client_id == self.client_id,
+                c.enterprise_id == enterprise_id,
+                c.team_id == team_id,
+                c.bot_token.is_not(None),  # the latest one that has a bot token
+            )
+            query = self.installations.select().where(where_clause).order_by(desc(c.installed_at)).limit(1)
+            with self.engine.connect() as conn:
+                result: object = conn.execute(query)
+                for row in result:  # type: ignore
+                    installation.bot_token = row["bot_token"]
+                    installation.bot_id = row["bot_id"]
+                    installation.bot_user_id = row["bot_user_id"]
+                    installation.bot_scopes = row["bot_scopes"]
+                    installation.bot_refresh_token = row["bot_refresh_token"]
+                    installation.bot_token_expires_at = row["bot_token_expires_at"]
+
+        return installation
 
     def delete_bot(self, *, enterprise_id: Optional[str], team_id: Optional[str]) -> None:
         table = self.bots

slack_sdk/oauth/installation_store/sqlite3/__init__.py

@@ -489,6 +489,42 @@ def find_installation(
                         token_type=row[22],
                         installed_at=row[23],
                     )
+
+                    if user_id is not None:
+                        # Retrieve the latest bot token, just in case
+                        # See also: https://github.com/slackapi/bolt-python/issues/664
+                        cur = conn.execute(
+                            """
+                            select
+                                bot_token,
+                                bot_id,
+                                bot_user_id,
+                                bot_scopes,
+                                bot_refresh_token,
+                                bot_token_expires_at
+                            from
+                                slack_installations
+                            where
+                                client_id = ?
+                                and
+                                enterprise_id = ?
+                                and
+                                team_id = ?
+                                and
+                                bot_token is not null
+                            order by installed_at desc
+                            limit 1
+                            """,
+                            [self.client_id, enterprise_id or "", team_id],
+                        )
+                        row = cur.fetchone()
+                        installation.bot_token = row[0]
+                        installation.bot_id = row[1]
+                        installation.bot_user_id = row[2]
+                        installation.bot_scopes = row[3]
+                        installation.bot_refresh_token = row[4]
+                        installation.bot_token_expires_at = row[5]
+
                     return installation
                 return None