def __init__(self, settings: BotFrameworkAdapterSettings):
"""
Initializes a new instance of the :class:`BotFrameworkAdapter` class.
:param settings: The settings to initialize the adapter
:type settings: :class:`BotFrameworkAdapterSettings`
"""
super(BotFrameworkAdapter, self).__init__()
self.settings = settings or BotFrameworkAdapterSettings("", "")
# If settings.certificate_thumbprint & settings.certificate_private_key are provided,
# use CertificateAppCredentials.
if self.settings.certificate_thumbprint and settings.certificate_private_key:
self._credentials = CertificateAppCredentials(
self.settings.app_id,
self.settings.certificate_thumbprint,
self.settings.certificate_private_key,
self.settings.channel_auth_tenant,
)
self._credential_provider = SimpleCredentialProvider(
self.settings.app_id, "")
else:
self._credentials = MicrosoftAppCredentials(
self.settings.app_id,
self.settings.app_password,
self.settings.channel_auth_tenant,
)
self._credential_provider = SimpleCredentialProvider(
self.settings.app_id, self.settings.app_password)
self._is_emulating_oauth_cards = False
# If no channel_service or open_id_metadata values were passed in the settings, check the
# process' Environment Variables for values.
# These values may be set when a bot is provisioned on Azure and if so are required for
# the bot to properly work in Public Azure or a National Cloud.
self.settings.channel_service = self.settings.channel_service or os.environ.get(
AuthenticationConstants.CHANNEL_SERVICE)
self.settings.open_id_metadata = (
self.settings.open_id_metadata or os.environ.get(
AuthenticationConstants.BOT_OPEN_ID_METADATA_KEY))
if self.settings.open_id_metadata:
ChannelValidation.open_id_metadata_endpoint = self.settings.open_id_metadata
GovernmentChannelValidation.OPEN_ID_METADATA_ENDPOINT = (
self.settings.open_id_metadata)
if JwtTokenValidation.is_government(self.settings.channel_service):
self._credentials.oauth_endpoint = (
GovernmentConstants.TO_CHANNEL_FROM_BOT_LOGIN_URL)
self._credentials.oauth_scope = (
GovernmentConstants.TO_CHANNEL_FROM_BOT_OAUTH_SCOPE)
self._connector_client_cache: Dict[str, ConnectorClient] = {}
async def test_emulator_msa_header_correct_app_id_and_service_url_should_validate(
self,
):
header = (
"Bearer "
+ MicrosoftAppCredentials(
"2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F"
).get_access_token()
)
credentials = SimpleCredentialProvider(
"2cd87869-38a0-4182-9251-d056e8f0ac24", ""
)
result = await JwtTokenValidation.validate_auth_header(
header, credentials, "", "https://webchat.botframework.com/"
)
result_with_provider = await JwtTokenValidation.validate_auth_header(
header,
credentials,
SimpleChannelProvider(),
"https://webchat.botframework.com/",
)
assert result
assert result_with_provider
async def test_enterprise_channel_validation_wrong_issuer_fails(self):
credentials = SimpleCredentialProvider(
"2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F")
with pytest.raises(Exception) as excinfo:
await EnterpriseChannelValidation.validate_identity(
ClaimsIdentity({"iss": "peanut"}, True), credentials)
assert "Unauthorized" in str(excinfo.value)
async def test_empty_header_and_no_credential_should_validate(self):
header = ''
credentials = SimpleCredentialProvider('', '')
with pytest.raises(Exception) as excinfo:
await JwtTokenValidation.validate_auth_header(
header, credentials, '', None)
assert 'auth_header' in str(excinfo.value)
async def test_empty_header_and_no_credential_should_throw(self):
header = ""
credentials = SimpleCredentialProvider("", "")
with pytest.raises(Exception) as excinfo:
await JwtTokenValidation.validate_auth_header(
header, credentials, "", None)
assert "auth_header" in str(excinfo.value)
def __init__(self, settings: BotFrameworkAdapterSettings):
super(BotFrameworkAdapter, self).__init__()
self.settings = settings or BotFrameworkAdapterSettings("", "")
self.settings.channel_service = self.settings.channel_service or os.environ.get(
AuthenticationConstants.CHANNEL_SERVICE
)
self.settings.open_id_metadata = (
self.settings.open_id_metadata
or os.environ.get(AuthenticationConstants.BOT_OPEN_ID_METADATA_KEY)
)
self._credentials = MicrosoftAppCredentials(
self.settings.app_id,
self.settings.app_password,
self.settings.channel_auth_tenant,
)
self._credential_provider = SimpleCredentialProvider(
self.settings.app_id, self.settings.app_password
)
self._is_emulating_oauth_cards = False
if self.settings.open_id_metadata:
ChannelValidation.open_id_metadata_endpoint = self.settings.open_id_metadata
GovernmentChannelValidation.OPEN_ID_METADATA_ENDPOINT = (
self.settings.open_id_metadata
)
if JwtTokenValidation.is_government(self.settings.channel_service):
self._credentials.oauth_endpoint = (
GovernmentConstants.TO_CHANNEL_FROM_BOT_LOGIN_URL
)
self._credentials.oauth_scope = (
GovernmentConstants.TO_CHANNEL_FROM_BOT_OAUTH_SCOPE
)
def __init__(self, settings: BotFrameworkAdapterSettings):
super(BotFrameworkAdapter, self).__init__()
self.settings = settings or BotFrameworkAdapterSettings('', '')
self._credentials = MicrosoftAppCredentials(self.settings.app_id,
self.settings.app_password)
self._credential_provider = SimpleCredentialProvider(
self.settings.app_id, self.settings.app_password)
async def test_connector_auth_header_with_different_bot_app_id_should_not_validate(
self,
):
header = (
"Bearer "
+ MicrosoftAppCredentials(
"2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F"
).get_access_token()
)
credentials = SimpleCredentialProvider(
"00000000-0000-0000-0000-000000000000", ""
)
with pytest.raises(Exception) as excinfo:
await JwtTokenValidation.validate_auth_header(
header, credentials, "", "https://webchat.botframework.com/"
)
assert "Unauthorized" in str(excinfo.value)
with pytest.raises(Exception) as excinfo2:
await JwtTokenValidation.validate_auth_header(
header,
credentials,
SimpleChannelProvider(),
"https://webchat.botframework.com/",
)
assert "Unauthorized" in str(excinfo2.value)
def __init__(self, settings: BotFrameworkAdapterSettings):
"""
Initializes a new instance of the :class:`BotFrameworkAdapter` class.
:param settings: The settings to initialize the adapter
:type settings: :class:`BotFrameworkAdapterSettings`
"""
super(BotFrameworkAdapter, self).__init__()
self.settings = settings or BotFrameworkAdapterSettings("", "")
self._credentials = self.settings.app_credentials
self._credential_provider = SimpleCredentialProvider(
self.settings.app_id, self.settings.app_password)
self._channel_provider = self.settings.channel_provider
self._is_emulating_oauth_cards = False
if self.settings.open_id_metadata:
ChannelValidation.open_id_metadata_endpoint = self.settings.open_id_metadata
GovernmentChannelValidation.OPEN_ID_METADATA_ENDPOINT = (
self.settings.open_id_metadata)
# There is a significant boost in throughput if we reuse a ConnectorClient
self._connector_client_cache: Dict[str, ConnectorClient] = {}
# Cache for appCredentials to speed up token acquisition (a token is not requested unless is expired)
self._app_credential_map: Dict[str, AppCredentials] = {}
async def test_empty_header_and_no_credential_should_validate(self):
activity = Activity(service_url = '')
header = ''
credentials = SimpleCredentialProvider('', '')
try:
await JwtTokenValidation.assert_valid_activity(activity, header, credentials)
except:
pytest.fail("Unexpected error")
async def test_emulator_msa_header_correct_app_id_and_service_url_should_validate(self):
activity = Activity(service_url = '')
header = 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlNTUWRoSTFjS3ZoUUVEU0p4RTJnR1lzNDBRMCIsImtpZCI6IlNTUWRoSTFjS3ZoUUVEU0p4RTJnR1lzNDBRMCJ9.eyJhdWQiOiIzOTYxOWE1OS01YTBjLTRmOWItODdjNS04MTZjNjQ4ZmYzNTciLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kNmQ0OTQyMC1mMzliLTRkZjctYTFkYy1kNTlhOTM1ODcxZGIvIiwiaWF0IjoxNTE4MTIzMTQxLCJuYmYiOjE1MTgxMjMxNDEsImV4cCI6MTUxODEyNzA0MSwiYWlvIjoiWTJOZ1lQZ1djOSsrenJvaW9QM28rZmw2OWR1c0FBPT0iLCJhcHBpZCI6IjM5NjE5YTU5LTVhMGMtNGY5Yi04N2M1LTgxNmM2NDhmZjM1NyIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2Q2ZDQ5NDIwLWYzOWItNGRmNy1hMWRjLWQ1OWE5MzU4NzFkYi8iLCJ0aWQiOiJkNmQ0OTQyMC1mMzliLTRkZjctYTFkYy1kNTlhOTM1ODcxZGIiLCJ1dGkiOiJPVXE3M1lSbGtFcVoxQ3p2U3FZQkFBIiwidmVyIjoiMS4wIn0.B0t4sSsqIQ3IT2rfpZXqAdAGJSr3aihwk-jJd8as2pAoeQVcQNir_Anvvnjbo5MsB0DCyWFa9xnEmBRiTW_Ww97Z9bZhnCXq4D4vN8dmgEMV_Aci1tI4agy3coCX4fBRc76SHjqJ_ucl850aqR3d_0sfl0TPoDclE4jWssX2YTNzUAMEgisbYe9xv8FfK7AUR8ABS1teTfnWGVYyVFgC7vptSjw-de8sgz7pv8vVtLEKBrrb1FBSzHbbnZ-cQaLLHeIM4agamXf4w45o7_1uHorrp1Tg5oPrsbiayC-dt4lpC9smU5agpyUWCorKZI0Fp3aryG4519cYuLyXuUVh0A'
credentials = SimpleCredentialProvider('39619a59-5a0c-4f9b-87c5-816c648ff357', '')
try:
await JwtTokenValidation.assert_valid_activity(activity, header, credentials)
except:
pytest.fail("Unexpected error")
async def test_connector_auth_header_correct_app_id_and_service_url_should_validate(self):
activity = Activity(service_url = 'https://webchat.botframework.com/')
header = 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IkdDeEFyWG9OOFNxbzdQd2VBNy16NjVkZW5KUSIsIng1dCI6IkdDeEFyWG9OOFNxbzdQd2VBNy16NjVkZW5KUSJ9.eyJzZXJ2aWNldXJsIjoiaHR0cHM6Ly93ZWJjaGF0LmJvdGZyYW1ld29yay5jb20vIiwiaXNzIjoiaHR0cHM6Ly9hcGkuYm90ZnJhbWV3b3JrLmNvbSIsImF1ZCI6IjM5NjE5YTU5LTVhMGMtNGY5Yi04N2M1LTgxNmM2NDhmZjM1NyIsImV4cCI6MTUxNjczNzUyMCwibmJmIjoxNTE2NzM2OTIwfQ.TBgpxbDS-gx1wm7ldvl7To-igfskccNhp-rU1mxUMtGaDjnsU--usH4OXZfzRsZqMlnXWXug_Hgd_qOr5RH8wVlnXnMWewoZTSGZrfp8GOd7jHF13Gz3F1GCl8akc3jeK0Ppc8R_uInpuUKa0SopY0lwpDclCmvDlz4PN6yahHkt_666k-9UGmRt0DDkxuYjbuYG8EDZxyyAhr7J6sFh3yE2UGRpJjRDB4wXWqv08Cp0Gn9PAW2NxOyN8irFzZH5_YZqE3DXDAYZ_IOLpygXQR0O-bFIhLDVxSz6uCeTBRjh8GU7XJ_yNiRDoaby7Rd2IfRrSnvMkBRsB8MsWN8oXg'
credentials = SimpleCredentialProvider('39619a59-5a0c-4f9b-87c5-816c648ff357', '')
try:
await JwtTokenValidation.assert_valid_activity(activity, header, credentials)
except:
pytest.fail("Unexpected error")
async def test_enterprise_channel_validation_no_audience_fails(self):
credentials = SimpleCredentialProvider("", "")
with pytest.raises(Exception) as excinfo:
await GovernmentChannelValidation.validate_identity(
ClaimsIdentity({"iss": "https://api.botframework.com"}, True),
credentials,
)
assert "Unauthorized" in str(excinfo.value)
async def test_channel_authentication_disabled_should_be_anonymous(self):
activity = Activity(service_url = 'https://webchat.botframework.com/')
header = ''
credentials = SimpleCredentialProvider('', '')
claimsPrincipal = await JwtTokenValidation.authenticate_request(activity, header, credentials)
assert claimsPrincipal == None
async def test_channel_authentication_disabled_service_url_should_not_be_trusted(self):
activity = Activity(service_url = 'https://webchat.botframework.com/')
header = ''
credentials = SimpleCredentialProvider('', '')
await JwtTokenValidation.authenticate_request(activity, header, credentials)
assert not MicrosoftAppCredentials.is_trusted_service('https://webchat.botframework.com/')
async def test_channel_msa_header_Valid_service_url_should_be_trusted(self):
activity = Activity(service_url = 'https://smba.trafficmanager.net/amer-client-ss.msg/')
header = 'Bearer ' + MicrosoftAppCredentials('2cd87869-38a0-4182-9251-d056e8f0ac24', '2.30Vs3VQLKt974F').get_access_token()
credentials = SimpleCredentialProvider('2cd87869-38a0-4182-9251-d056e8f0ac24', '')
await JwtTokenValidation.authenticate_request(activity, header, credentials)
assert MicrosoftAppCredentials.is_trusted_service('https://smba.trafficmanager.net/amer-client-ss.msg/')
async def test_government_channel_validation_no_audience_fails(self):
credentials = SimpleCredentialProvider(
"2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F")
with pytest.raises(Exception) as excinfo:
await GovernmentChannelValidation.validate_identity(
ClaimsIdentity({"iss": "https://api.botframework.us"}, True),
credentials,
)
assert "Unauthorized" in str(excinfo.value)
async def authenticate(self, request, activity):
credential_provider = SimpleCredentialProvider(self.id, self.password)
try:
await JwtTokenValidation.authenticate_request(
activity, request.headers.get("Authorization"),
credential_provider)
return True
except Exception:
return False
def __init__(self, settings: BotFrameworkAdapterSettings):
super(BotFrameworkAdapter, self).__init__()
self.settings = settings or BotFrameworkAdapterSettings('', '')
self._credentials = MicrosoftAppCredentials(
self.settings.app_id, self.settings.app_password,
self.settings.channel_auth_tenant)
self._credential_provider = SimpleCredentialProvider(
self.settings.app_id, self.settings.app_password)
self._is_emulating_oauth_cards = False
async def test_channel_authentication_disabled_should_be_anonymous(self):
activity = Activity(service_url="https://webchat.botframework.com/")
header = ""
credentials = SimpleCredentialProvider("", "")
claims_principal = await JwtTokenValidation.authenticate_request(
activity, header, credentials)
assert (claims_principal.authentication_type ==
AuthenticationConstants.ANONYMOUS_AUTH_TYPE)
async def test_channel_msa_header_invalid_service_url_should_not_be_trusted(self):
activity = Activity(service_url = 'https://webchat.botframework.com/')
header = 'Bearer ' + MicrosoftAppCredentials('2cd87869-38a0-4182-9251-d056e8f0ac24', '2.30Vs3VQLKt974F').get_access_token()
credentials = SimpleCredentialProvider('7f74513e-6f96-4dbc-be9d-9a81fea22b88', '')
with pytest.raises(Exception) as excinfo:
await JwtTokenValidation.authenticate_request(activity, header, credentials)
assert 'Unauthorized' in str(excinfo.value)
assert not MicrosoftAppCredentials.is_trusted_service('https://webchat.botframework.com/')
async def test_connector_auth_header_and_no_credential_should_not_validate(
self):
header = 'Bearer ' + MicrosoftAppCredentials(
'2cd87869-38a0-4182-9251-d056e8f0ac24',
'2.30Vs3VQLKt974F').get_access_token()
credentials = SimpleCredentialProvider('', '')
with pytest.raises(Exception) as excinfo:
await JwtTokenValidation.validate_auth_header(
header, credentials, '', 'https://webchat.botframework.com/')
assert 'Unauthorized' in str(excinfo.value)
async def test_enterprise_channel_validation_succeeds(self):
credentials = SimpleCredentialProvider(
"2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F"
)
await EnterpriseChannelValidation.validate_identity(
ClaimsIdentity(
{"iss": "https://api.botframework.com", "aud": credentials.app_id}, True
),
credentials,
)
async def test_emulator_msa_header_correct_app_id_and_service_url_should_validate(
self):
activity = Activity(service_url='')
header = 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkZTaW11RnJGTm9DMHNKWEdtdjEzbk5aY2VEYyIsImtpZCI6IkZTaW11RnJGTm9DMHNKWEdtdjEzbk5aY2VEYyJ9.eyJhdWQiOiJodHRwczovL2FwaS5ib3RmcmFtZXdvcmsuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvZDZkNDk0MjAtZjM5Yi00ZGY3LWExZGMtZDU5YTkzNTg3MWRiLyIsImlhdCI6MTUyMTgzNzQwMywibmJmIjoxNTIxODM3NDAzLCJleHAiOjE1MjE4NDEzMDMsImFpbyI6IlkyTmdZRmd0SmRpNlErSjVqMGxtOVovaWJwVTJBQT09IiwiYXBwaWQiOiIyM2MzNDFiZi0zMTAwLTRhMDktYTlmMi05YTI5YmY2MzRjMWQiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kNmQ0OTQyMC1mMzliLTRkZjctYTFkYy1kNTlhOTM1ODcxZGIvIiwidGlkIjoiZDZkNDk0MjAtZjM5Yi00ZGY3LWExZGMtZDU5YTkzNTg3MWRiIiwidXRpIjoicm0tb3ItRkU2ME9yZkQ2azBDWURBQSIsInZlciI6IjEuMCJ9.DnQgEoxlQFfMJTUEVAECfRuY4wSvL_aTHXfpnWScOOQrnjwWnJw9s1clcs8-XAuHnBHkqv19SBkNSyoo_Mgeh9dHBvjNmjflwo_GRzpKmDW5i3xF4pal0vTRmn6RHmORB72N9V_OqAmtId_bQeo9qqUbWER6zmZjwX85knhlCE_Ib-id2mDj9edvQuxKjTGjTi9XNbX7WqQ3tstENTFBw1z3uRfcqCGEPnFgvYD-Yd8LA9j28jQoVY0Mn6K0cfKXhBWOqvCLesnVtK07CCXiVS7-jZmBLlXKCgWIHGJM8yuMt_A7nXZbwL9Dx4h-7OerxH5iGEgIg6qayPpidH8CTA'
credentials = SimpleCredentialProvider(
'23c341bf-3100-4a09-a9f2-9a29bf634c1d', '')
try:
await JwtTokenValidation.assert_valid_activity(
activity, header, credentials)
except:
pytest.fail("Unexpected error")
async def jwt_token_validation_validate_auth_header_with_channel_service_succeeds(
app_id: str, pwd: str, channel_service: str, header: str = None):
if header is None:
header = f"Bearer {MicrosoftAppCredentials(app_id, pwd).get_access_token()}"
credentials = SimpleCredentialProvider(app_id, pwd)
result = await JwtTokenValidation.validate_auth_header(
header, credentials, channel_service, "",
"https://webchat.botframework.com/")
assert result.is_authenticated
async def test_enterprise_channel_validation_succeeds(self):
credentials = SimpleCredentialProvider("", "")
await EnterpriseChannelValidation.validate_identity(
ClaimsIdentity(
{
"iss": "https://api.botframework.com",
"aud": credentials.app_id
}, True),
credentials,
)
async def test_emulator_msa_header_and_no_credential_should_not_validate(
self):
header = 'Bearer ' + MicrosoftAppCredentials(
'2cd87869-38a0-4182-9251-d056e8f0ac24',
'2.30Vs3VQLKt974F').get_access_token()
credentials = SimpleCredentialProvider(
'00000000-0000-0000-0000-000000000000', '')
with pytest.raises(Exception) as excinfo:
await JwtTokenValidation.validate_auth_header(
header, credentials, '', None)
assert 'Unauthorized' in excinfo
async def test_emulator_msa_header_correct_app_id_and_service_url_should_validate(
self):
header = 'Bearer ' + MicrosoftAppCredentials(
'2cd87869-38a0-4182-9251-d056e8f0ac24',
'2.30Vs3VQLKt974F').get_access_token()
credentials = SimpleCredentialProvider(
'2cd87869-38a0-4182-9251-d056e8f0ac24', '')
result = await JwtTokenValidation.validate_auth_header(
header, credentials, '', 'https://webchat.botframework.com/')
assert result
async def test_emulator_msa_header_and_no_credential_should_not_validate(
self):
header = (
"Bearer " +
MicrosoftAppCredentials("2cd87869-38a0-4182-9251-d056e8f0ac24",
"2.30Vs3VQLKt974F").get_access_token())
credentials = SimpleCredentialProvider(
"00000000-0000-0000-0000-000000000000", "")
with pytest.raises(Exception) as excinfo:
await JwtTokenValidation.validate_auth_header(
header, credentials, "", None)
assert "Unauthorized" in excinfo
def __init__(
self,
app_id: str,
app_password: str = None,
channel_auth_tenant: str = None,
oauth_endpoint: str = None,
open_id_metadata: str = None,
channel_provider: ChannelProvider = None,
auth_configuration: AuthenticationConfiguration = None,
app_credentials: AppCredentials = None,
credential_provider: CredentialProvider = None,
):
"""
Contains the settings used to initialize a :class:`BotFrameworkAdapter` instance.
:param app_id: The bot application ID.
:type app_id: str
:param app_password: The bot application password.
the value os the `MicrosoftAppPassword` parameter in the `config.py` file.
:type app_password: str
:param channel_auth_tenant: The channel tenant to use in conversation
:type channel_auth_tenant: str
:param oauth_endpoint:
:type oauth_endpoint: str
:param open_id_metadata:
:type open_id_metadata: str
:param channel_provider: The channel provider
:type channel_provider: :class:`botframework.connector.auth.ChannelProvider`. Defaults to SimpleChannelProvider
if one isn't specified.
:param auth_configuration:
:type auth_configuration: :class:`botframework.connector.auth.AuthenticationConfiguration`
:param credential_provider: Defaults to SimpleCredentialProvider if one isn't specified.
:param app_credentials: Allows for a custom AppCredentials. Used, for example, for CertificateAppCredentials.
"""
self.app_id = app_id
self.app_password = app_password
self.app_credentials = app_credentials
self.channel_auth_tenant = channel_auth_tenant
self.oauth_endpoint = oauth_endpoint
self.channel_provider = (channel_provider if channel_provider else
SimpleChannelProvider())
self.credential_provider = (credential_provider if credential_provider
else SimpleCredentialProvider(
self.app_id, self.app_password))
self.auth_configuration = auth_configuration or AuthenticationConfiguration(
)
# If no open_id_metadata values were passed in the settings, check the
# process' Environment Variable.
self.open_id_metadata = (
open_id_metadata if open_id_metadata else os.environ.get(
AuthenticationConstants.BOT_OPEN_ID_METADATA_KEY))
