Fixes: Oauth error on subdomains authenticating slack post

server/auth/slack.js

@@ -4,7 +4,7 @@ import auth from '../middlewares/authentication';
 import addHours from 'date-fns/add_hours';
 import { stripSubdomain } from '../../shared/utils/domains';
 import { slackAuth } from '../../shared/utils/routeHelpers';
-import { Authentication, Integration, User, Team } from '../models';
+import { Authentication, Collection, Integration, User, Team } from '../models';
 import * as Slack from '../slack';
 
 const router = new Router();
@@ -121,21 +121,36 @@ router.get('slack.commands', auth({ required: false }), async ctx => {
   ctx.redirect('/settings/integrations/slack');
 });
 
-router.get('slack.post', auth(), async ctx => {
+router.get('slack.post', auth({ required: false }), async ctx => {
   const { code, error, state } = ctx.request.query;
+  const user = ctx.state.user;
   ctx.assertPresent(code || error, 'code is required');
 
+  const collectionId = state;
+  ctx.assertUuid(collectionId, 'collectionId must be an uuid');
+
   if (error) {
     ctx.redirect(`/settings/integrations/slack?error=${error}`);
     return;
   }
 
-  const collectionId = state;
-  ctx.assertUuid(collectionId, 'collectionId must be an uuid');
+  // this code block accounts for the root domain being unable to
+  // access authentcation for subdomains. We must forward to the
+  // appropriate subdomain to complete the oauth flow
+  if (!user) {
+    try {
+      const collection = await Collection.findById(state);
+      const team = await Team.findById(collection.teamId);
+      return ctx.redirect(
+        `${team.url}/auth${ctx.request.path}?${ctx.request.querystring}`
+      );
+    } catch (err) {
+      return ctx.redirect(`/settings/integrations/slack?error=unauthenticated`);
+    }
+  }
 
   const endpoint = `${process.env.URL || ''}/auth/slack.post`;
   const data = await Slack.oauthAccess(code, endpoint);
-  const user = ctx.state.user;
 
   const authentication = await Authentication.create({
     service: 'slack',