Update error msg on stale request (#1503)

* Update error msg on stale request
Co-authored-by: Kazuhiro Sera <[email protected]>

src/receivers/HTTPModuleFunctions.spec.ts

@@ -156,7 +156,7 @@ describe('HTTPModuleFunctions', async () => {
         try {
           await func.parseAndVerifyHTTPRequest({ signingSecret }, req, res);
         } catch (e) {
-          assert.equal((e as any).message, 'Failed to verify authenticity: stale');
+          assert.equal((e as any).message, 'Failed to verify authenticity: x-slack-request-timestamp must differ from system time by no more than 5 minutes or request is stale');
         }
       });
       it('should detect an invalid signature', async () => {

src/receivers/verify-request.spec.ts

@@ -38,7 +38,7 @@ describe('Request verification', async () => {
           body: rawBody,
         });
       } catch (e) {
-        assert.equal((e as any).message, 'Failed to verify authenticity: stale');
+        assert.equal((e as any).message, 'Failed to verify authenticity: x-slack-request-timestamp must differ from system time by no more than 5 minutes or request is stale');
       }
     });
     it('should detect an invalid signature', async () => {

src/receivers/verify-request.ts

@@ -38,13 +38,15 @@ export function verifySlackRequest(options: SlackRequestVerificationOptions): vo
 
   // Calculate time-dependent values
   const nowMs = options.nowMilliseconds ?? Date.now();
-  const fiveMinutesAgoSec = Math.floor(nowMs / 1000) - 60 * 5;
+  const requestTimestampMaxDeltaMin = 5;
+  const fiveMinutesAgoSec = Math.floor(nowMs / 1000) - 60 * requestTimestampMaxDeltaMin;
 
   // Enforce verification rules
 
   // Rule 1: Check staleness
   if (requestTimestampSec < fiveMinutesAgoSec) {
-    throw new Error(`${verifyErrorPrefix}: stale`);
+    throw new Error(`${verifyErrorPrefix}: x-slack-request-timestamp must differ from system time by no more than ${requestTimestampMaxDeltaMin
+    } minutes or request is stale`);
   }
 
   // Rule 2: Check signature