data_import: Protect better against bad Slack tokens.

An invalid token would be treated the same as a token with no scopes; differentiate these better.
2025-10-23 04:52:12 +00:00 · 2021-05-27 18:27:19 -07:00
parent a659944fe3
commit af5958e407
1 changed files with 2 additions and 0 deletions
--- a/zerver/data_import/slack.py
+++ b/zerver/data_import/slack.py
@@ -1391,6 +1391,8 @@ def check_token_access(token: str) -> None:
        data = requests.get(
            "https://slack.com/api/team.info", headers={"Authorization": "Bearer {}".format(token)}
        )
+        if data.status_code != 200 or not data.json()["ok"]:
+            raise ValueError("Invalid Slack token: {}".format(token))
        has_scopes = set(data.headers.get("x-oauth-scopes", "").split(","))
        required_scopes = set(["emoji:read", "users:read", "users:read.email", "team:read"])
        missing_scopes = required_scopes - has_scopes