Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Streaming] Auth and browser compatibility fixes, linting, refactoring #1338

Merged
merged 5 commits into from
Oct 23, 2019
Merged

[Streaming] Auth and browser compatibility fixes, linting, refactoring #1338

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5678070
patch auth in streaming to send token to channel
stevengum Oct 21, 2019
478573e
apply PR feedback for BotFrameworkAdapter
stevengum Oct 22, 2019
0761cf5
move ws server construction to wsNodeWebSocket constructor for browse…
stevengum Oct 22, 2019
1bb56b1
cleanup and cache serviceUrl in authenticateConnection
stevengum Oct 23, 2019
61e18e9
Merge branch 'master' into stgum/streamAuth
stevengum Oct 23, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 31 additions & 15 deletions libraries/botbuilder/src/botFrameworkAdapter.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1003,11 +1003,24 @@ export class BotFrameworkAdapter extends BotAdapter implements IUserTokenProvide
response.statusCode = StatusCodes.BAD_REQUEST;
response.setBody(`Request missing verb and/or path. Verb: ${ request.verb }. Path: ${ request.path }`);
return response;
}
}

if (request.verb.toLocaleUpperCase() === GET && request.path.toLocaleLowerCase() === VERSION_PATH) {
response.statusCode = StatusCodes.OK;
response.setBody({UserAgent: USER_AGENT});

if (!this.credentials.appId || !this.credentials.appPassword) {
response.setBody({UserAgent: USER_AGENT});
return response;
}

try {
response.setBody({UserAgent: USER_AGENT, Token: await this.credentials.getToken()});
} catch (err) {
// If the MicrosoftAppCredentials.getToken() fails, not sending the UserAgent in this
// request will result in the connection being destroyed by the channel.
response.statusCode = StatusCodes.INTERNAL_SERVER_ERROR;
response.setBody(err.message);
}

return response;
}
Expand Down Expand Up @@ -1156,27 +1169,28 @@ export class BotFrameworkAdapter extends BotAdapter implements IUserTokenProvide
return serviceUrl && !serviceUrl.toLowerCase().startsWith('http');
}

private async authenticateConnection(req: WebRequest, appId?: string, appPassword?: string, channelService?: string): Promise<boolean> {
if (!appId || !appPassword) {
private async authenticateConnection(req: WebRequest, channelService?: string): Promise<void> {
if (!this.credentials.appId || !this.credentials.appPassword) {
// auth is disabled
return true;
return;
}

let authHeader: string = req.headers.authorization || req.headers.Authorization || '';
let channelIdHeader: string = req.headers.channelid || req.headers.ChannelId || req.headers.ChannelID || '';
let credentials = new MicrosoftAppCredentials(appId, appPassword);
let credentialProvider = new SimpleCredentialProvider(credentials.appId, credentials.appPassword);
let claims = await JwtTokenValidation.validateAuthHeader(authHeader, credentialProvider, channelService, channelIdHeader);
const authHeader: string = req.headers.authorization || req.headers.Authorization || '';
const channelIdHeader: string = req.headers.channelid || req.headers.ChannelId || req.headers.ChannelID || '';
// Validate the received Upgrade request from the channel.
const claims = await JwtTokenValidation.validateAuthHeader(authHeader, this.credentialsProvider, channelService, channelIdHeader);
// Confirm the bot is able to fetch a token which is required to send Activities.
await this.credentials.getToken();

return claims.isAuthenticated;
if (!claims.isAuthenticated) { throw new Error('Unauthorized Access. Request is not authorized'); }
}

/**
* Connects the handler to a Named Pipe server and begins listening for incoming requests.
* @param pipeName The name of the named pipe to use when creating the server.
* @param logic The logic that will handle incoming requests.
*/
private async useNamedPipe(pipeName: string = defaultPipeName, logic: (context: TurnContext) => Promise<any>): Promise<void>{
public async useNamedPipe(pipeName: string = defaultPipeName, logic: (context: TurnContext) => Promise<any>): Promise<void>{
if (!logic) {
throw new Error('Bot logic needs to be provided to `useNamedPipe`');
}
Expand Down Expand Up @@ -1209,10 +1223,12 @@ export class BotFrameworkAdapter extends BotAdapter implements IUserTokenProvide
throw new Error("ClaimUpgrade is required for creating WebSocket connection.");
}

const authenticated = await this.authenticateConnection(req, this.settings.appId, this.settings.appPassword, this.settings.channelService);
if (!authenticated) {
try {
await this.authenticateConnection(req, this.settings.channelService);
} catch (err) {
res.status(StatusCodes.UNAUTHORIZED);
return Promise.resolve();
res.send(err.message);
return;
}

const upgrade = (res as any).claimUpgrade();
Expand Down
1 change: 0 additions & 1 deletion libraries/botbuilder/tests/botFrameworkAdapter.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ const assert = require('assert');
const { TurnContext } = require('botbuilder-core');
const connector = require('botframework-connector');
const { BotFrameworkAdapter } = require('../');
const os = require('os');

const reference = {
activityId: '1234',
Expand Down