I'm creating an interactive message on Slack, so when you click on a button it returns the value to my API. I'm having issues validating the response as it's done here.
If I use the values the document says as an example my test passes but if I use the real response body it fails. I reckon the only thing it can be causing the error is not properly retrieving the response body.
The example data is like:
token=xyzz0WbapA4vBCDEFasx0q6G&team_id=T1DC2JH3J&team_domain=testteamnow&channel_id=G8PSS9T3V&channel_name=foobar&user_id=U2CERLKJA&user_name=roadrunner&command=%2Fwebhook-collect&text=&response_url=https%3A%2F%2Fhooks.slack.com%2Fcommands%2FT1DC2JH3J%2F397700885554%2F96rGlfmibIGlgcZRskXaIFfN&trigger_id=398738663015.47445629121.803a0bc887a14d10d2c447fce8b6703c
But my data looks like a json object:
{""type"":""block_actions"",""team"":{""id"":""TKAKBLC56"",""domain"":""removed""},""user"":{""id"":""UJZ6URSMR"",""username"":""removed"",""name"":""removed"",""team_id"":""removed""},""api_app_id"":""removed"",""token"":""removed"",""container"":{""type"":""message"",""message_ts"":""1562642155.000100"",""channel_id"":""CKCEGGARM"",""is_ephemeral"":false},""trigger_id"":""693043647686.656657692176.b781b587db5dde32e149e03e3442d5ec"",""channel"":{""id"":""CKCEGGARM"",""name"":""general""},""message"":{""type"":""message"",""subtype"":""bot_message"",""text"":""test1"",""ts"":""1562642155.000100"",""username"":""removed"",""bot_id"":""BKE0G32UX"",""blocks"":[{""type"":""actions"",""block_id"":""O4i1"",""elements"":[{""type"":""button"",""action_id"":""DKC"",""text"":{""type"":""plain_text"",""text"":""Farmhouse"",""emoji"":true},""value"":""click_me_123""},{""type"":""button"",""action_id"":""rRVe1"",""text"":{""type"":""plain_text"",""text"":""Kin Khao"",""emoji"":true},""value"":""click_me_123""},{""type"":""button"",""action_id"":""3nT"",""text"":{""type"":""plain_text"",""text"":""Ler Ros"",""emoji"":true},""value"":""click_me_123""}]}]},""response_url"":""https:\/\/hooks.slack.com\/actions\/TKAKBLC56\/690896030256\/yAQ7AGoHcX8HgTcQQH1YnmOM"",""actions"":[{""action_id"":""DKC"",""block_id"":""O4i1"",""text"":{""type"":""plain_text"",""text"":""Farmhouse"",""emoji"":true},""value"":""click_me_123"",""type"":""button"",""action_ts"":""1562799606.639327""}]}
UPDATE:
My action method looks like this:
[HttpPost]
public IHttpActionResult ProcessResponse(FormDataCollection response)
{
var rawPayload = response.Get("payload");
var slackSignature = Request.Headers.GetValues("X-Slack-Signature").FirstOrDefault();
var timestampString = Request.Headers.GetValues("X-Slack-Request-Timestamp").FirstOrDefault();
if (slackSignature.IsNullOrWhiteSpace() || timestampString.IsNullOrWhiteSpace()) return Unauthorized();
if (!int.TryParse(timestampString, out int timestamp)) return BadRequest();
if (DateTimeOffset.Now.ToUnixTimeSeconds() - timestamp > 60 * 5) return BadRequest();
var signingSecret = ConfigurationManager.AppSettings["SlackSigningSecret"];
var isValid = uSlack.Security.Security.IsValidSlackSignature(timestamp, rawPayload, slackSignature, signingSecret);
return Ok();
}
I don't put the the code in IsValidSlackSignature method as that is actually working with Slack's demo data.
In your code you are only including the data of the payload property as basis to calculate the signature:
var rawPayload = response.Get("payload");
But you need to include the complete body including the payload property.