From 18e0d936eff8ab3e189f13ac5d9cac37bebe47e5 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Tue, 17 May 2022 13:49:23 -0700
Subject: [PATCH] feat: Match incoming search requests using confirmed email as
 fallback (#3538)

---
 app/scenes/Settings/Slack.tsx |  8 ++++++-
 server/routes/api/hooks.ts    | 42 +++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/app/scenes/Settings/Slack.tsx b/app/scenes/Settings/Slack.tsx
index 78e5fd042..d018aaf79 100644
--- a/app/scenes/Settings/Slack.tsx
+++ b/app/scenes/Settings/Slack.tsx
@@ -92,7 +92,13 @@ function Slack() {
               </Button>
             ) : (
               <SlackButton
-                scopes={["commands", "links:read", "links:write"]}
+                scopes={[
+                  "commands",
+                  "links:read",
+                  "links:write",
+                  "users:read",
+                  "users:read.email",
+                ]}
                 redirectUri={`${env.URL}/auth/slack.commands`}
                 state={team.id}
                 icon={<SlackIcon color="currentColor" />}
diff --git a/server/routes/api/hooks.ts b/server/routes/api/hooks.ts
index 216b049d7..3655ed2ec 100644
--- a/server/routes/api/hooks.ts
+++ b/server/routes/api/hooks.ts
@@ -2,6 +2,7 @@ import invariant from "invariant";
 import Router from "koa-router";
 import { escapeRegExp } from "lodash";
 import { AuthenticationError, InvalidRequestError } from "@server/errors";
+import Logger from "@server/logging/logger";
 import {
   UserAuthentication,
   AuthenticationProvider,
@@ -215,9 +216,50 @@ router.post("hooks.slack", async (ctx) => {
     return;
   }
 
+  // Try to find the user by matching the email address if it is confirmed on
+  // Slack's side. It's always trusted on our side as it is only updatable
+  // through the authentication provider.
+  if (!user) {
+    const auth = await IntegrationAuthentication.findOne({
+      where: {
+        service: "slack",
+        teamId: team.id,
+      },
+    });
+
+    if (auth) {
+      try {
+        const response = await Slack.request("users.info", {
+          token: auth.token,
+          user: user_id,
+        });
+
+        if (response.user.is_email_confirmed && response.user.profile.email) {
+          user = await User.findOne({
+            where: {
+              email: response.user.profile.email,
+              teamId: team.id,
+            },
+          });
+        }
+      } catch (err) {
+        // Old connections do not have the correct permissions to access user info
+        // so errors here are expected.
+        Logger.info(
+          "utils",
+          "Failed requesting users.info from Slack, the Slack integration should be reconnected.",
+          {
+            teamId: auth.teamId,
+          }
+        );
+      }
+    }
+  }
+
   const options = {
     limit: 5,
   };
+
   // If we were able to map the request to a user then we can use their permissions
   // to load more documents based on the collections they have access to. Otherwise
   // just a generic search against team-visible documents is allowed.