Token patterns fix

internal/fixtures/fixtures.go

@@ -12,8 +12,8 @@ import (
 )
 
 const (
-	TestAppToken      = "xoxa-888888888888-888888888888-8888888888888-fffffffffffffffa915fe069d70a8ad81743b0ec4ee9c81540af43f5e143264b"
-	TestBotToken      = "xoxb-888888888888-888888888888-8888888888888-fffffffffffffffa915fe069d70a8ad81743b0ec4ee9c81540af43f5e143264b"
+	TestAppToken      = "xapp-1-A012RNBPFL3-1234567890123-c045facebeefbabecafef624ab2f2fe1cc640babf30e37e6b2d11c6094774782"
+	TestBotToken      = "xoxb-123456789012-1234567890123-qCl4vKrWXWjArO5eoWgEUIPb"
 	TestClientToken   = "xoxc-888888888888-888888888888-8888888888888-fffffffffffffffa915fe069d70a8ad81743b0ec4ee9c81540af43f5e143264b"
 	TestExportToken   = "xoxe-888888888888-888888888888-8888888888888-fffffffffffffffa915fe069d70a8ad81743b0ec4ee9c81540af43f5e143264b"
 	TestPersonalToken = "xoxp-777777777777-888888888888-8888888888888-fffffffffffffffa915fe069d70a8ad81743b0ec4ee9c81540af43f5e143264b"

internal/structures/structures.go

@@ -20,15 +20,21 @@ const (
 
 // tokenRe is a loose regular expression to match Slack API tokens.
 // a - app, b - bot, c - client, e - export, p - legacy
-var tokenRE = regexp.MustCompile(`xox[abcep]-[0-9]+-[0-9]+-[0-9]+-[0-9a-f]{64}`)
+var (
+	tokenRE    = regexp.MustCompile(`\bxox[abcep]-[0-9]+-[0-9]+-[0-9]+-[0-9a-fA-F]{64}\b`)
+	appTokenRE = regexp.MustCompile(`\bx(?:app|oxa)-(?:\d-)?(?:[a-zA-Z0-9]{1,20}-)+[a-fA-F0-9]{1,64}\b`)
+	botTokenRE = regexp.MustCompile(`\bxoxb-(?:[a-zA-Z0-9]{1,20}-){2}[a-zA-Z0-9]{1,40}\b`)
+)
 
-var errInvalidToken = errors.New("token must start with xoxa-, xoxb-, xoxc-, xoxe- or xoxp- and be followed by 3 group of numbers and then 64 hexadecimal characters")
+var ErrInvalidToken = errors.New("token must start with xoxa-, xoxb-, xoxc-, xoxe- or xoxp- and be followed by 3 group of numbers and then 64 hexadecimal characters")
 
 func ValidateToken(token string) error {
-	if !tokenRE.MatchString(token) {
-		return errInvalidToken
+	for _, pattern := range []*regexp.Regexp{appTokenRE, botTokenRE, tokenRE} {
+		if pattern.MatchString(token) {
+			return nil
+		}
 	}
-	return nil
+	return ErrInvalidToken
 }
 
 var ErrInvalidDomain = errors.New("invalid domain")

internal/structures/structures_test.go

@@ -50,22 +50,22 @@ func TestValidateToken(t *testing.T) {
 		},
 		{
 			name:    "short token",
-			args:    args{token: "xoxa-123456789012-123456789012-123456789012-1234567890123456789012345678901"},
+			args:    args{token: "xoxc-123456789012-123456789012-123456789012-1234567890123456789012345678901"},
 			wantErr: true,
 		},
 		{
 			name:    "long token",
-			args:    args{token: "xoxa-123456789012-123456789012-123456789012-123456789012345678901234567890123"},
+			args:    args{token: "xoxc-123456789012-123456789012-123456789012-123456789012345678901234567890123"},
 			wantErr: true,
 		},
 		{
 			name:    "non-numeric sections",
-			args:    args{token: "xoxa-123456789012-abcdefg-123456789012-12345678901234567890123456789012"},
+			args:    args{token: "xoxc-123456789012-abcdefg-123456789012-12345678901234567890123456789012"},
 			wantErr: true,
 		},
 		{
 			name:    "non-alphanumeric suffix",
-			args:    args{token: "xoxa-123456789012-123456789012-123456789012-1234567890123456789012345678901!"},
+			args:    args{token: "xoxc-123456789012-123456789012-123456789012-1234567890123456789012345678901!"},
 			wantErr: true,
 		},
 	}

slackdump.1

@@ -236,7 +236,7 @@ avoid bot detection algorithms.
 .Bl -tag -width token+cookie
 .It Em token
 This method requires Application
-.Pq xoxa-
+.Pq xapp-
 , Bot
 .Pq xoxb-
 or a Legacy