Below are the slides my presentation at the Maine OWASP chapter meetup on Janurary 23, 2020.
I have seen the script running in the Heroku cloud before but could not find any good instructions to install or run set it
This post covers the steps I went through to
Both of these API keys will be used towards the end of the setup. Next, fork the slackin repo to your
Once the repo is forked to your account you will need to create a Heroku account (if you do not have one already). The free tier was sufficient for me to run the slackin.
Once you have logged into Heroku you will want to choose “New” and select “Create new app” in the upper right-hand corner. On the next screen, you will enter the App name, this will be used in the URL Heroku will generate for you.
Once you click the Create app button you will be sent to the Deploy tab. On this screen, select Github under the “Deployment method” section. (If you have not already connected your Github account to Heroku and you will need to and allow Heroku access to your repos.) Once connected, search for the forked slackin repo usually named “slackin” and click the Connect button.
Once connected you will need to deploy it to Heroku. There are a few options to deploy the app, for the first deployment I ran a Manual deploy by clicking the Deploy Branch button. This will take a while and will display any errors that occur.
Moving forward if you wish to have Heroku automatically deploy any changes you make in Github to the slackin app click the “Enable Automatic Deploys” button.
After the deploy is complete, select the Settings tab and add a few Config Vars. There are two settings that are required for slackin to operate. In these variables, we will enter the API keys you gathered earlier. The Google reCAPTCHA keys go into GOOGLE_CAPCHA_SECRET and GOOGLE_CAPCHA_SITEKEY. The Slack API keys go in SLACK_API_TOKEN and SLACK_SUBDOMAIN. the SLACK_SUBDOMAIN is the name of the Slack team that you are inviting users to.
Finally, to gather the URL that was assigned to the site you can scroll down on the Settings page to the Domains section and it is shown there.
You will now have a slackin instance setup for users to invite themselves to a slack team. For the mainesec team, I set up to domain redirection to the Heroku URL to make things a little simpler. If you encounter issues with slackin there is a lot of useful information in the Github issues for the main slackin repo.