Amazon validation...again :)

[dottxado]

Added all the necessary to pass the automatic validation done by the Alexa developer portal when requesting the skill certification to go out in production.

The Alexa developer portal enforces some security practices that the skill must do to check that the request is really coming from Amazon, otherwise the skill must return a 400 response. In order to configure this new feature, the skill developer has to add to the config array of the driver:

• the enablement of the validation
• the skill id

The enablement is a way to develop the skill without falling into the checks: disable the validation and the skill will act as usual accepting every request, enable the validation and all the messages will be filtered to do the required checks. One of these required checks is on the skill id (given by the Alexa developer portal), so if the validation is enabled the developer must also add the skill id to the configurations.

To manage the case in which the request is not valid, I added an exception without catching it, because it will be the developer of the skill to manage that particular exception in his framework, do what he wants and return a response of 400 to the client. For example, i work with Symfony and i can add an handler on the "Exception" kernel event and manage the response. Just tested with the Alexa developer portal and found 0 errors :)

I've also bumped the phpunit version, because mockery seems to conflit with version beneath the 9.

Sorry for the mess i've made with the previous PR.

[Corlett]

Should this be working now? I am getting "The skill end-point is not validating the signatures for incoming requests and is accepting requests with an invalid signature URL specified. Please make sure that your signature validation is correct."

[dottxado]

@Corlett for what i have tested it works 😄 Have you taken the right branch and configured the driver with the the skill id and a boolean to enable the validation?

[Corlett]

Lol, I'm sure it's user error then. I just did "php artisan botman:install-driver amazon-alexa". Where do I set the skill ID and boolean?

[dottxado]

Ok 😄 my pull request with the Amazon validation is still open and has not been merged, so you won't find it in the master branch. Untill it is not merged, you can find it in my fork. About the configuration, when using a driver you can pass additional configuration to it. In this driver there are no configurations besides the ones that I have introduced, but you can check the official documentation for the Telegram driver to get the point. The keys to use are "enableValidation" (bool), and "skillId" (string, the skill ID from the Amazon developer portal).

[Corlett]

@dottxado, ah that makes sense. Sorry I'm kinda 'noobing out' on Github these days. @mpociot can we do something to get this merged into the main branch?

[Corlett]

@dottxado I'm sorry I thought is made sense, but I seem to be missing something that's probably pretty basic. Can you share relative path to the file that you placed your configuration variables in and how your json looks?
I tried in /config/botman/confif.php with 'botman' => [ 'enableValidation' => 1, 'skillId' => 'amzn1.ask.skill-ID', ], but it didnt work.

[dottxado]

@Corlett I don't use Laravel or Botman Studio, but I will try to help. Into /config/botman/config.php I think you need to have

'amazon-alexa' => [
    'enableValidation' => true,
    'skillId' => 'amzn1.ask.skill-ID',
],

You may also find the tests in my branch, so you can also check your configurations with them.

[Corlett]

hmm... I gave that a try but it didn't change anything. I also tried creating the file amazon-alexa.php in the same directory. Now Alexa only replies with, "There was a problem with the requested skills response."

Perhaps I need to ditch botman studio.

where did you place the 'amazon-alexa' => [ 'enableValidation' => true, 'skillId' => 'amzn1.ask.skill-ID', ],

for your setup?

[Corlett]

@dottxado, I would be happy to pay you for a video walk through on how to get this setup from start to finish.

[dottxado]

@Corlett ok, great! I've just managed to make it work on a Botman Studio instance, and before doing anything I have to add to the instructions the fact that the developer needs to manage and exception (AmazonValidationException) to return 400 to the Amazon service, or the skill certification won't pass the automated tests. But from what i can see your problems are not at that level, so I'm going to make the video for you (and I'll also demonstrate how to manage the exception). How can I contact you to send the video?

[Corlett]

@dottxado, that is great news! I just sent you a message with my contact info on LinkedIn.