Chore: Skip auth instead of fail (#12)

* Skip auth instead of Fail auth on missing slack headers

* Update editorconfig (end-of-file, final newline)

Author: johnkors

source/.editorconfig

@@ -16,7 +16,7 @@ tab_width = 4
 
 # New line preferences
 end_of_line = crlf
-insert_final_newline = false
+insert_final_newline = true
 
 #### .NET Coding Conventions ####
 

source/src/Slackbot.Net.Endpoints/Authentication/SlackbotEventsAuthenticationAuthenticationHandler.cs

@@ -6,6 +6,7 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Primitives;
 
 namespace Slackbot.Net.Endpoints.Authentication;
 
@@ -31,22 +32,28 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 
         string timestamp = headers[TimestampHeaderName].FirstOrDefault();
         string signature = headers[SignatureHeaderName].FirstOrDefault();
-
+        var failures = new StringBuilder();
         if (timestamp == null)
         {
-            return HandleRequestResult.Fail($"Missing header {TimestampHeaderName}");
+            failures.Append($"Missing header {TimestampHeaderName}");
         }
 
         if (signature == null)
         {
-            return HandleRequestResult.Fail($"Missing header {SignatureHeaderName}");
+            failures.Append($"Missing header {TimestampHeaderName}");
+        }
+
+        if (timestamp is null || signature == null)
+        {
+            Logger.LogDebug($"Skipping handler: {failures}");
+            return HandleRequestResult.SkipHandler();
         }
 
         bool isNumber = long.TryParse(timestamp, out long timestampAsLong);
 
         if (!isNumber)
         {
-            return HandleRequestResult.Fail($"Invalid header. Header {TimestampHeaderName} not a number");
+            return HandleRequestResult.Fail($"Invalid formatted headers. {TimestampHeaderName} is not a number. ");
         }
 
         Request.EnableBuffering();
@@ -59,7 +66,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
             return HandleRequestResult.Success(new AuthenticationTicket(new ClaimsPrincipal(), SlackbotEventsAuthenticationConstants.AuthenticationScheme));
         }
 
-        return HandleRequestResult.Fail("Verification of Slack request failed.");
+        return HandleRequestResult.Fail("Slack request failed signature verification.");
 
     }
 

source/src/Slackbot.Net.Endpoints/Middlewares/SlackbotEventAuthMiddleware.cs

@@ -16,23 +16,23 @@ public SlackbotEventAuthMiddleware(RequestDelegate next)
 
     public async Task Invoke(HttpContext ctx, ILogger<SlackbotEventAuthMiddleware> logger)
     {
-        bool success = false;
+        AuthenticateResult res;
         try
         {
-            var res = await ctx.AuthenticateAsync(SlackbotEventsAuthenticationConstants.AuthenticationScheme);
-            success = res.Succeeded;
+            res = await ctx.AuthenticateAsync(SlackbotEventsAuthenticationConstants.AuthenticationScheme);
         }
         catch (InvalidOperationException ioe)
         {
             throw new InvalidOperationException("Did you forget to call services.AddAuthentication().AddSlackbotEvents()?", ioe);
         }
 
-        if (success)
+        if (res.Succeeded)
         {
             await _next(ctx);
         }
         else
         {
+            logger.LogWarning($"Unauthorized callback from Slack");
             ctx.Response.StatusCode = StatusCodes.Status401Unauthorized;
             await ctx.Response.WriteAsync("UNAUTHORIZED");
         }