Expose optional State parameter returned from Add to Slack button

[aok-solutions]

The Add to Slack button also allows for an optional state parameter that will be returned on completion of the request. The creating and created callbacks include an options hash where this value can be accessed (to check for forgery attacks for instance).

auth = OpenSSL::HMAC.hexdigest("SHA256", "key", "data")

<a href="https://slack.com/oauth/authorize?scope=bot&client_id=<%= ENV['SLACK_CLIENT_ID'] %>&state=#{auth)"> ... </a>

instance = SlackRubyBotServer::Service.instance
instance.on :creating do |team, error, options|
  raise "Unauthorized response" unless options[:state] == auth
end

[dblock]

I think we don't want state in the model. Otherwise it's close.

[dblock]

This should be if params.key?(:state), because a blank state is different from absence of state.

[dblock]

I think you want to change create! to take options = {} in which you pass in whatever was in params for future compatibility.

[dblock]

State is unlikely to be used other than to verify something once, lets not add it to the model.

[dblock]

Rather that state this is options, let's just rename.

But just use slice, so

options = params.slice(:state)
Service.instance.create!(team, options)

[dblock]

Add another integration spec in https://github.com/slack-ruby/slack-ruby-bot-server/blob/master/spec/integration/teams_spec.rb#L12 for state as well, please.

[dblock]

Merged, thank you.

Any interest to help co-maintain this gem? No obligations other than whatever time permitting. Maybe you can make the next release? If yes, email me your rubygems email/username to dblock at dblock dot org.

[aok-solutions]

Any interest to help co-maintain this gem? No obligations other than whatever time permitting. Maybe you can make the next release? If yes, email me your rubygems email/username to dblock at dblock dot org.

I would be absolutely honored to. Sending the email now