def __init__(self, settings: BotFrameworkAdapterSettings): """ Initializes a new instance of the :class:`BotFrameworkAdapter` class. :param settings: The settings to initialize the adapter :type settings: :class:`BotFrameworkAdapterSettings` """ super(BotFrameworkAdapter, self).__init__() self.settings = settings or BotFrameworkAdapterSettings("", "") # If settings.certificate_thumbprint & settings.certificate_private_key are provided, # use CertificateAppCredentials. if self.settings.certificate_thumbprint and settings.certificate_private_key: self._credentials = CertificateAppCredentials( self.settings.app_id, self.settings.certificate_thumbprint, self.settings.certificate_private_key, self.settings.channel_auth_tenant, ) self._credential_provider = SimpleCredentialProvider( self.settings.app_id, "") else: self._credentials = MicrosoftAppCredentials( self.settings.app_id, self.settings.app_password, self.settings.channel_auth_tenant, ) self._credential_provider = SimpleCredentialProvider( self.settings.app_id, self.settings.app_password) self._is_emulating_oauth_cards = False # If no channel_service or open_id_metadata values were passed in the settings, check the # process' Environment Variables for values. # These values may be set when a bot is provisioned on Azure and if so are required for # the bot to properly work in Public Azure or a National Cloud. self.settings.channel_service = self.settings.channel_service or os.environ.get( AuthenticationConstants.CHANNEL_SERVICE) self.settings.open_id_metadata = ( self.settings.open_id_metadata or os.environ.get( AuthenticationConstants.BOT_OPEN_ID_METADATA_KEY)) if self.settings.open_id_metadata: ChannelValidation.open_id_metadata_endpoint = self.settings.open_id_metadata GovernmentChannelValidation.OPEN_ID_METADATA_ENDPOINT = ( self.settings.open_id_metadata) if JwtTokenValidation.is_government(self.settings.channel_service): self._credentials.oauth_endpoint = ( GovernmentConstants.TO_CHANNEL_FROM_BOT_LOGIN_URL) self._credentials.oauth_scope = ( GovernmentConstants.TO_CHANNEL_FROM_BOT_OAUTH_SCOPE) self._connector_client_cache: Dict[str, ConnectorClient] = {}
async def test_emulator_msa_header_correct_app_id_and_service_url_should_validate( self, ): header = ( "Bearer " + MicrosoftAppCredentials( "2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F" ).get_access_token() ) credentials = SimpleCredentialProvider( "2cd87869-38a0-4182-9251-d056e8f0ac24", "" ) result = await JwtTokenValidation.validate_auth_header( header, credentials, "", "https://webchat.botframework.com/" ) result_with_provider = await JwtTokenValidation.validate_auth_header( header, credentials, SimpleChannelProvider(), "https://webchat.botframework.com/", ) assert result assert result_with_provider
async def test_enterprise_channel_validation_wrong_issuer_fails(self): credentials = SimpleCredentialProvider( "2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F") with pytest.raises(Exception) as excinfo: await EnterpriseChannelValidation.validate_identity( ClaimsIdentity({"iss": "peanut"}, True), credentials) assert "Unauthorized" in str(excinfo.value)
async def test_empty_header_and_no_credential_should_validate(self): header = '' credentials = SimpleCredentialProvider('', '') with pytest.raises(Exception) as excinfo: await JwtTokenValidation.validate_auth_header( header, credentials, '', None) assert 'auth_header' in str(excinfo.value)
async def test_empty_header_and_no_credential_should_throw(self): header = "" credentials = SimpleCredentialProvider("", "") with pytest.raises(Exception) as excinfo: await JwtTokenValidation.validate_auth_header( header, credentials, "", None) assert "auth_header" in str(excinfo.value)
def __init__(self, settings: BotFrameworkAdapterSettings): super(BotFrameworkAdapter, self).__init__() self.settings = settings or BotFrameworkAdapterSettings("", "") self.settings.channel_service = self.settings.channel_service or os.environ.get( AuthenticationConstants.CHANNEL_SERVICE ) self.settings.open_id_metadata = ( self.settings.open_id_metadata or os.environ.get(AuthenticationConstants.BOT_OPEN_ID_METADATA_KEY) ) self._credentials = MicrosoftAppCredentials( self.settings.app_id, self.settings.app_password, self.settings.channel_auth_tenant, ) self._credential_provider = SimpleCredentialProvider( self.settings.app_id, self.settings.app_password ) self._is_emulating_oauth_cards = False if self.settings.open_id_metadata: ChannelValidation.open_id_metadata_endpoint = self.settings.open_id_metadata GovernmentChannelValidation.OPEN_ID_METADATA_ENDPOINT = ( self.settings.open_id_metadata ) if JwtTokenValidation.is_government(self.settings.channel_service): self._credentials.oauth_endpoint = ( GovernmentConstants.TO_CHANNEL_FROM_BOT_LOGIN_URL ) self._credentials.oauth_scope = ( GovernmentConstants.TO_CHANNEL_FROM_BOT_OAUTH_SCOPE )
def __init__(self, settings: BotFrameworkAdapterSettings): super(BotFrameworkAdapter, self).__init__() self.settings = settings or BotFrameworkAdapterSettings('', '') self._credentials = MicrosoftAppCredentials(self.settings.app_id, self.settings.app_password) self._credential_provider = SimpleCredentialProvider( self.settings.app_id, self.settings.app_password)
async def test_connector_auth_header_with_different_bot_app_id_should_not_validate( self, ): header = ( "Bearer " + MicrosoftAppCredentials( "2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F" ).get_access_token() ) credentials = SimpleCredentialProvider( "00000000-0000-0000-0000-000000000000", "" ) with pytest.raises(Exception) as excinfo: await JwtTokenValidation.validate_auth_header( header, credentials, "", "https://webchat.botframework.com/" ) assert "Unauthorized" in str(excinfo.value) with pytest.raises(Exception) as excinfo2: await JwtTokenValidation.validate_auth_header( header, credentials, SimpleChannelProvider(), "https://webchat.botframework.com/", ) assert "Unauthorized" in str(excinfo2.value)
def __init__(self, settings: BotFrameworkAdapterSettings): """ Initializes a new instance of the :class:`BotFrameworkAdapter` class. :param settings: The settings to initialize the adapter :type settings: :class:`BotFrameworkAdapterSettings` """ super(BotFrameworkAdapter, self).__init__() self.settings = settings or BotFrameworkAdapterSettings("", "") self._credentials = self.settings.app_credentials self._credential_provider = SimpleCredentialProvider( self.settings.app_id, self.settings.app_password) self._channel_provider = self.settings.channel_provider self._is_emulating_oauth_cards = False if self.settings.open_id_metadata: ChannelValidation.open_id_metadata_endpoint = self.settings.open_id_metadata GovernmentChannelValidation.OPEN_ID_METADATA_ENDPOINT = ( self.settings.open_id_metadata) # There is a significant boost in throughput if we reuse a ConnectorClient self._connector_client_cache: Dict[str, ConnectorClient] = {} # Cache for appCredentials to speed up token acquisition (a token is not requested unless is expired) self._app_credential_map: Dict[str, AppCredentials] = {}
async def test_empty_header_and_no_credential_should_validate(self): activity = Activity(service_url = '') header = '' credentials = SimpleCredentialProvider('', '') try: await JwtTokenValidation.assert_valid_activity(activity, header, credentials) except: pytest.fail("Unexpected error")
async def test_emulator_msa_header_correct_app_id_and_service_url_should_validate(self): activity = Activity(service_url = '') header = 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlNTUWRoSTFjS3ZoUUVEU0p4RTJnR1lzNDBRMCIsImtpZCI6IlNTUWRoSTFjS3ZoUUVEU0p4RTJnR1lzNDBRMCJ9.eyJhdWQiOiIzOTYxOWE1OS01YTBjLTRmOWItODdjNS04MTZjNjQ4ZmYzNTciLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kNmQ0OTQyMC1mMzliLTRkZjctYTFkYy1kNTlhOTM1ODcxZGIvIiwiaWF0IjoxNTE4MTIzMTQxLCJuYmYiOjE1MTgxMjMxNDEsImV4cCI6MTUxODEyNzA0MSwiYWlvIjoiWTJOZ1lQZ1djOSsrenJvaW9QM28rZmw2OWR1c0FBPT0iLCJhcHBpZCI6IjM5NjE5YTU5LTVhMGMtNGY5Yi04N2M1LTgxNmM2NDhmZjM1NyIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2Q2ZDQ5NDIwLWYzOWItNGRmNy1hMWRjLWQ1OWE5MzU4NzFkYi8iLCJ0aWQiOiJkNmQ0OTQyMC1mMzliLTRkZjctYTFkYy1kNTlhOTM1ODcxZGIiLCJ1dGkiOiJPVXE3M1lSbGtFcVoxQ3p2U3FZQkFBIiwidmVyIjoiMS4wIn0.B0t4sSsqIQ3IT2rfpZXqAdAGJSr3aihwk-jJd8as2pAoeQVcQNir_Anvvnjbo5MsB0DCyWFa9xnEmBRiTW_Ww97Z9bZhnCXq4D4vN8dmgEMV_Aci1tI4agy3coCX4fBRc76SHjqJ_ucl850aqR3d_0sfl0TPoDclE4jWssX2YTNzUAMEgisbYe9xv8FfK7AUR8ABS1teTfnWGVYyVFgC7vptSjw-de8sgz7pv8vVtLEKBrrb1FBSzHbbnZ-cQaLLHeIM4agamXf4w45o7_1uHorrp1Tg5oPrsbiayC-dt4lpC9smU5agpyUWCorKZI0Fp3aryG4519cYuLyXuUVh0A' credentials = SimpleCredentialProvider('39619a59-5a0c-4f9b-87c5-816c648ff357', '') try: await JwtTokenValidation.assert_valid_activity(activity, header, credentials) except: pytest.fail("Unexpected error")
async def test_connector_auth_header_correct_app_id_and_service_url_should_validate(self): activity = Activity(service_url = 'https://webchat.botframework.com/') header = 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IkdDeEFyWG9OOFNxbzdQd2VBNy16NjVkZW5KUSIsIng1dCI6IkdDeEFyWG9OOFNxbzdQd2VBNy16NjVkZW5KUSJ9.eyJzZXJ2aWNldXJsIjoiaHR0cHM6Ly93ZWJjaGF0LmJvdGZyYW1ld29yay5jb20vIiwiaXNzIjoiaHR0cHM6Ly9hcGkuYm90ZnJhbWV3b3JrLmNvbSIsImF1ZCI6IjM5NjE5YTU5LTVhMGMtNGY5Yi04N2M1LTgxNmM2NDhmZjM1NyIsImV4cCI6MTUxNjczNzUyMCwibmJmIjoxNTE2NzM2OTIwfQ.TBgpxbDS-gx1wm7ldvl7To-igfskccNhp-rU1mxUMtGaDjnsU--usH4OXZfzRsZqMlnXWXug_Hgd_qOr5RH8wVlnXnMWewoZTSGZrfp8GOd7jHF13Gz3F1GCl8akc3jeK0Ppc8R_uInpuUKa0SopY0lwpDclCmvDlz4PN6yahHkt_666k-9UGmRt0DDkxuYjbuYG8EDZxyyAhr7J6sFh3yE2UGRpJjRDB4wXWqv08Cp0Gn9PAW2NxOyN8irFzZH5_YZqE3DXDAYZ_IOLpygXQR0O-bFIhLDVxSz6uCeTBRjh8GU7XJ_yNiRDoaby7Rd2IfRrSnvMkBRsB8MsWN8oXg' credentials = SimpleCredentialProvider('39619a59-5a0c-4f9b-87c5-816c648ff357', '') try: await JwtTokenValidation.assert_valid_activity(activity, header, credentials) except: pytest.fail("Unexpected error")
async def test_enterprise_channel_validation_no_audience_fails(self): credentials = SimpleCredentialProvider("", "") with pytest.raises(Exception) as excinfo: await GovernmentChannelValidation.validate_identity( ClaimsIdentity({"iss": "https://api.botframework.com"}, True), credentials, ) assert "Unauthorized" in str(excinfo.value)
async def test_channel_authentication_disabled_should_be_anonymous(self): activity = Activity(service_url = 'https://webchat.botframework.com/') header = '' credentials = SimpleCredentialProvider('', '') claimsPrincipal = await JwtTokenValidation.authenticate_request(activity, header, credentials) assert claimsPrincipal == None
async def test_channel_authentication_disabled_service_url_should_not_be_trusted(self): activity = Activity(service_url = 'https://webchat.botframework.com/') header = '' credentials = SimpleCredentialProvider('', '') await JwtTokenValidation.authenticate_request(activity, header, credentials) assert not MicrosoftAppCredentials.is_trusted_service('https://webchat.botframework.com/')
async def test_channel_msa_header_Valid_service_url_should_be_trusted(self): activity = Activity(service_url = 'https://smba.trafficmanager.net/amer-client-ss.msg/') header = 'Bearer ' + MicrosoftAppCredentials('2cd87869-38a0-4182-9251-d056e8f0ac24', '2.30Vs3VQLKt974F').get_access_token() credentials = SimpleCredentialProvider('2cd87869-38a0-4182-9251-d056e8f0ac24', '') await JwtTokenValidation.authenticate_request(activity, header, credentials) assert MicrosoftAppCredentials.is_trusted_service('https://smba.trafficmanager.net/amer-client-ss.msg/')
async def test_government_channel_validation_no_audience_fails(self): credentials = SimpleCredentialProvider( "2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F") with pytest.raises(Exception) as excinfo: await GovernmentChannelValidation.validate_identity( ClaimsIdentity({"iss": "https://api.botframework.us"}, True), credentials, ) assert "Unauthorized" in str(excinfo.value)
async def authenticate(self, request, activity): credential_provider = SimpleCredentialProvider(self.id, self.password) try: await JwtTokenValidation.authenticate_request( activity, request.headers.get("Authorization"), credential_provider) return True except Exception: return False
def __init__(self, settings: BotFrameworkAdapterSettings): super(BotFrameworkAdapter, self).__init__() self.settings = settings or BotFrameworkAdapterSettings('', '') self._credentials = MicrosoftAppCredentials( self.settings.app_id, self.settings.app_password, self.settings.channel_auth_tenant) self._credential_provider = SimpleCredentialProvider( self.settings.app_id, self.settings.app_password) self._is_emulating_oauth_cards = False
async def test_channel_authentication_disabled_should_be_anonymous(self): activity = Activity(service_url="https://webchat.botframework.com/") header = "" credentials = SimpleCredentialProvider("", "") claims_principal = await JwtTokenValidation.authenticate_request( activity, header, credentials) assert (claims_principal.authentication_type == AuthenticationConstants.ANONYMOUS_AUTH_TYPE)
async def test_channel_msa_header_invalid_service_url_should_not_be_trusted(self): activity = Activity(service_url = 'https://webchat.botframework.com/') header = 'Bearer ' + MicrosoftAppCredentials('2cd87869-38a0-4182-9251-d056e8f0ac24', '2.30Vs3VQLKt974F').get_access_token() credentials = SimpleCredentialProvider('7f74513e-6f96-4dbc-be9d-9a81fea22b88', '') with pytest.raises(Exception) as excinfo: await JwtTokenValidation.authenticate_request(activity, header, credentials) assert 'Unauthorized' in str(excinfo.value) assert not MicrosoftAppCredentials.is_trusted_service('https://webchat.botframework.com/')
async def test_connector_auth_header_and_no_credential_should_not_validate( self): header = 'Bearer ' + MicrosoftAppCredentials( '2cd87869-38a0-4182-9251-d056e8f0ac24', '2.30Vs3VQLKt974F').get_access_token() credentials = SimpleCredentialProvider('', '') with pytest.raises(Exception) as excinfo: await JwtTokenValidation.validate_auth_header( header, credentials, '', 'https://webchat.botframework.com/') assert 'Unauthorized' in str(excinfo.value)
async def test_enterprise_channel_validation_succeeds(self): credentials = SimpleCredentialProvider( "2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F" ) await EnterpriseChannelValidation.validate_identity( ClaimsIdentity( {"iss": "https://api.botframework.com", "aud": credentials.app_id}, True ), credentials, )
async def test_emulator_msa_header_correct_app_id_and_service_url_should_validate( self): activity = Activity(service_url='') header = 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkZTaW11RnJGTm9DMHNKWEdtdjEzbk5aY2VEYyIsImtpZCI6IkZTaW11RnJGTm9DMHNKWEdtdjEzbk5aY2VEYyJ9.eyJhdWQiOiJodHRwczovL2FwaS5ib3RmcmFtZXdvcmsuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvZDZkNDk0MjAtZjM5Yi00ZGY3LWExZGMtZDU5YTkzNTg3MWRiLyIsImlhdCI6MTUyMTgzNzQwMywibmJmIjoxNTIxODM3NDAzLCJleHAiOjE1MjE4NDEzMDMsImFpbyI6IlkyTmdZRmd0SmRpNlErSjVqMGxtOVovaWJwVTJBQT09IiwiYXBwaWQiOiIyM2MzNDFiZi0zMTAwLTRhMDktYTlmMi05YTI5YmY2MzRjMWQiLCJhcHBpZGFjciI6IjEiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9kNmQ0OTQyMC1mMzliLTRkZjctYTFkYy1kNTlhOTM1ODcxZGIvIiwidGlkIjoiZDZkNDk0MjAtZjM5Yi00ZGY3LWExZGMtZDU5YTkzNTg3MWRiIiwidXRpIjoicm0tb3ItRkU2ME9yZkQ2azBDWURBQSIsInZlciI6IjEuMCJ9.DnQgEoxlQFfMJTUEVAECfRuY4wSvL_aTHXfpnWScOOQrnjwWnJw9s1clcs8-XAuHnBHkqv19SBkNSyoo_Mgeh9dHBvjNmjflwo_GRzpKmDW5i3xF4pal0vTRmn6RHmORB72N9V_OqAmtId_bQeo9qqUbWER6zmZjwX85knhlCE_Ib-id2mDj9edvQuxKjTGjTi9XNbX7WqQ3tstENTFBw1z3uRfcqCGEPnFgvYD-Yd8LA9j28jQoVY0Mn6K0cfKXhBWOqvCLesnVtK07CCXiVS7-jZmBLlXKCgWIHGJM8yuMt_A7nXZbwL9Dx4h-7OerxH5iGEgIg6qayPpidH8CTA' credentials = SimpleCredentialProvider( '23c341bf-3100-4a09-a9f2-9a29bf634c1d', '') try: await JwtTokenValidation.assert_valid_activity( activity, header, credentials) except: pytest.fail("Unexpected error")
async def jwt_token_validation_validate_auth_header_with_channel_service_succeeds( app_id: str, pwd: str, channel_service: str, header: str = None): if header is None: header = f"Bearer {MicrosoftAppCredentials(app_id, pwd).get_access_token()}" credentials = SimpleCredentialProvider(app_id, pwd) result = await JwtTokenValidation.validate_auth_header( header, credentials, channel_service, "", "https://webchat.botframework.com/") assert result.is_authenticated
async def test_enterprise_channel_validation_succeeds(self): credentials = SimpleCredentialProvider("", "") await EnterpriseChannelValidation.validate_identity( ClaimsIdentity( { "iss": "https://api.botframework.com", "aud": credentials.app_id }, True), credentials, )
async def test_emulator_msa_header_and_no_credential_should_not_validate( self): header = 'Bearer ' + MicrosoftAppCredentials( '2cd87869-38a0-4182-9251-d056e8f0ac24', '2.30Vs3VQLKt974F').get_access_token() credentials = SimpleCredentialProvider( '00000000-0000-0000-0000-000000000000', '') with pytest.raises(Exception) as excinfo: await JwtTokenValidation.validate_auth_header( header, credentials, '', None) assert 'Unauthorized' in excinfo
async def test_emulator_msa_header_correct_app_id_and_service_url_should_validate( self): header = 'Bearer ' + MicrosoftAppCredentials( '2cd87869-38a0-4182-9251-d056e8f0ac24', '2.30Vs3VQLKt974F').get_access_token() credentials = SimpleCredentialProvider( '2cd87869-38a0-4182-9251-d056e8f0ac24', '') result = await JwtTokenValidation.validate_auth_header( header, credentials, '', 'https://webchat.botframework.com/') assert result
async def test_emulator_msa_header_and_no_credential_should_not_validate( self): header = ( "Bearer " + MicrosoftAppCredentials("2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F").get_access_token()) credentials = SimpleCredentialProvider( "00000000-0000-0000-0000-000000000000", "") with pytest.raises(Exception) as excinfo: await JwtTokenValidation.validate_auth_header( header, credentials, "", None) assert "Unauthorized" in excinfo
def __init__( self, app_id: str, app_password: str = None, channel_auth_tenant: str = None, oauth_endpoint: str = None, open_id_metadata: str = None, channel_provider: ChannelProvider = None, auth_configuration: AuthenticationConfiguration = None, app_credentials: AppCredentials = None, credential_provider: CredentialProvider = None, ): """ Contains the settings used to initialize a :class:`BotFrameworkAdapter` instance. :param app_id: The bot application ID. :type app_id: str :param app_password: The bot application password. the value os the `MicrosoftAppPassword` parameter in the `config.py` file. :type app_password: str :param channel_auth_tenant: The channel tenant to use in conversation :type channel_auth_tenant: str :param oauth_endpoint: :type oauth_endpoint: str :param open_id_metadata: :type open_id_metadata: str :param channel_provider: The channel provider :type channel_provider: :class:`botframework.connector.auth.ChannelProvider`. Defaults to SimpleChannelProvider if one isn't specified. :param auth_configuration: :type auth_configuration: :class:`botframework.connector.auth.AuthenticationConfiguration` :param credential_provider: Defaults to SimpleCredentialProvider if one isn't specified. :param app_credentials: Allows for a custom AppCredentials. Used, for example, for CertificateAppCredentials. """ self.app_id = app_id self.app_password = app_password self.app_credentials = app_credentials self.channel_auth_tenant = channel_auth_tenant self.oauth_endpoint = oauth_endpoint self.channel_provider = (channel_provider if channel_provider else SimpleChannelProvider()) self.credential_provider = (credential_provider if credential_provider else SimpleCredentialProvider( self.app_id, self.app_password)) self.auth_configuration = auth_configuration or AuthenticationConfiguration( ) # If no open_id_metadata values were passed in the settings, check the # process' Environment Variable. self.open_id_metadata = ( open_id_metadata if open_id_metadata else os.environ.get( AuthenticationConstants.BOT_OPEN_ID_METADATA_KEY))