Remove all the scoped app token properties

[earlduque]

To safeguard users from accidentally getting their tokens disabled

The following must occur together for this issue to be resolved:

• Remove all scoped app token properties
• point all gs.getProperty() calls for scoped app token properties to global properties.
• Update all custom parsers (on github) that use scoped app tokens to have a disclaimer that asks for users to create a global property for the token
• Update this repo's documentation to indicate that a user needs to create these global properties themselves for their bot to work.

[chelming]

Maybe a fix script that creates the properties? I'm wondering what the easiest way would be to "set it up" 🤔

Perhaps a new UI action that pops a modal with those properties? "Set up bot"

[johndahl-now]

Are there any parsers that directly access the token? They should all be calling the Slacker script include, which in turn retrieves the token.

Should the global property be protected with read (bot) and write (admin) roles? I'm not sure if that matters on the sndevprogram instance, but good practice is good practice.

[chelming]

yes. there ~are~ is.

~/git/SlackerBot/Parsers$ grep -rn 'getProperty' .
./Admin tool - Whois.js:12:  rm.setRequestHeader('authorization', 'Bearer '+gs.urlEncode(gs.getProperty('x_snc_slackerbot.SlackerBot.token')));
./Admin tool - Whois.js:14://   bodyString += 'token=' + gs.urlEncode(gs.getProperty('x_snc_slackerbot.SlackerBot.token'));

[johndahl-now]

oh, those are just the admin tools...figures they would violate best practices and coding standards. Who do they think they are? 🤷

[earlduque]

not a dig at me, i'm not an admin :P