async def test_emulator_msa_header_correct_app_id_and_service_url_should_validate(
self,
):
header = (
"Bearer "
+ MicrosoftAppCredentials(
"2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F"
).get_access_token()
)
credentials = SimpleCredentialProvider(
"2cd87869-38a0-4182-9251-d056e8f0ac24", ""
)
result = await JwtTokenValidation.validate_auth_header(
header, credentials, "", "https://webchat.botframework.com/"
)
result_with_provider = await JwtTokenValidation.validate_auth_header(
header,
credentials,
SimpleChannelProvider(),
"https://webchat.botframework.com/",
)
assert result
assert result_with_provider
async def test_connector_auth_header_with_different_bot_app_id_should_not_validate(
self,
):
header = (
"Bearer "
+ MicrosoftAppCredentials(
"2cd87869-38a0-4182-9251-d056e8f0ac24", "2.30Vs3VQLKt974F"
).get_access_token()
)
credentials = SimpleCredentialProvider(
"00000000-0000-0000-0000-000000000000", ""
)
with pytest.raises(Exception) as excinfo:
await JwtTokenValidation.validate_auth_header(
header, credentials, "", "https://webchat.botframework.com/"
)
assert "Unauthorized" in str(excinfo.value)
with pytest.raises(Exception) as excinfo2:
await JwtTokenValidation.validate_auth_header(
header,
credentials,
SimpleChannelProvider(),
"https://webchat.botframework.com/",
)
assert "Unauthorized" in str(excinfo2.value)
async def test_empty_header_and_no_credential_should_throw(self):
header = ""
credentials = SimpleCredentialProvider("", "")
with pytest.raises(Exception) as excinfo:
await JwtTokenValidation.validate_auth_header(
header, credentials, "", None)
assert "auth_header" in str(excinfo.value)
with pytest.raises(Exception) as excinfo2:
await JwtTokenValidation.validate_auth_header(
header, credentials, SimpleChannelProvider(), None)
assert "auth_header" in str(excinfo2.value)
def __init__(
self,
app_id: str,
app_password: str = None,
channel_auth_tenant: str = None,
oauth_endpoint: str = None,
open_id_metadata: str = None,
channel_provider: ChannelProvider = None,
auth_configuration: AuthenticationConfiguration = None,
app_credentials: AppCredentials = None,
credential_provider: CredentialProvider = None,
):
"""
Contains the settings used to initialize a :class:`BotFrameworkAdapter` instance.
:param app_id: The bot application ID.
:type app_id: str
:param app_password: The bot application password.
the value os the `MicrosoftAppPassword` parameter in the `config.py` file.
:type app_password: str
:param channel_auth_tenant: The channel tenant to use in conversation
:type channel_auth_tenant: str
:param oauth_endpoint:
:type oauth_endpoint: str
:param open_id_metadata:
:type open_id_metadata: str
:param channel_provider: The channel provider
:type channel_provider: :class:`botframework.connector.auth.ChannelProvider`. Defaults to SimpleChannelProvider
if one isn't specified.
:param auth_configuration:
:type auth_configuration: :class:`botframework.connector.auth.AuthenticationConfiguration`
:param credential_provider: Defaults to SimpleCredentialProvider if one isn't specified.
:param app_credentials: Allows for a custom AppCredentials. Used, for example, for CertificateAppCredentials.
"""
self.app_id = app_id
self.app_password = app_password
self.app_credentials = app_credentials
self.channel_auth_tenant = channel_auth_tenant
self.oauth_endpoint = oauth_endpoint
self.channel_provider = (channel_provider if channel_provider else
SimpleChannelProvider())
self.credential_provider = (credential_provider if credential_provider
else SimpleCredentialProvider(
self.app_id, self.app_password))
self.auth_configuration = auth_configuration or AuthenticationConfiguration(
)
# If no open_id_metadata values were passed in the settings, check the
# process' Environment Variable.
self.open_id_metadata = (
open_id_metadata if open_id_metadata else os.environ.get(
AuthenticationConstants.BOT_OPEN_ID_METADATA_KEY))
async def __process_activity_creates_correct_creds_and_client(
self,
bot_app_id: str,
expected_caller_id: str,
channel_service: str,
expected_scope: str,
expected_app_credentials_count: int,
expected_client_credentials_count: int,
):
identity = ClaimsIdentity({}, True)
if bot_app_id:
identity.claims = {
AuthenticationConstants.AUDIENCE_CLAIM: bot_app_id,
AuthenticationConstants.APP_ID_CLAIM: bot_app_id,
AuthenticationConstants.VERSION_CLAIM: "1.0",
}
credential_provider = SimpleCredentialProvider(bot_app_id, None)
service_url = "https://smba.trafficmanager.net/amer/"
async def callback(context: TurnContext):
TestBotFrameworkAdapter.get_creds_and_assert_values(
context,
bot_app_id,
expected_scope,
expected_app_credentials_count,
)
TestBotFrameworkAdapter.get_client_and_assert_values(
context,
bot_app_id,
expected_scope,
service_url,
expected_client_credentials_count,
)
assert context.activity.caller_id == expected_caller_id
settings = BotFrameworkAdapterSettings(
bot_app_id,
credential_provider=credential_provider,
channel_provider=SimpleChannelProvider(channel_service),
)
sut = BotFrameworkAdapter(settings)
await sut.process_activity_with_identity(
Activity(
channel_id="emulator",
service_url=service_url,
text="test",
),
identity,
callback,
)
async def test_emulator_auth_header_correct_app_id_and_service_url_with_private_channel_service_should_validate(
self, ):
await jwt_token_validation_validate_auth_header_with_channel_service_succeeds(
"2cd87869-38a0-4182-9251-d056e8f0ac24", # emulator creds
"2.30Vs3VQLKt974F",
"TheChannel",
)
await jwt_token_validation_validate_auth_header_with_channel_service_succeeds(
"2cd87869-38a0-4182-9251-d056e8f0ac24", # emulator creds
"2.30Vs3VQLKt974F",
SimpleChannelProvider("TheChannel"),
)
async def test_emulator_auth_header_correct_app_id_and_service_url_with_gov_channel_service_should_validate(
self, ):
await jwt_token_validation_validate_auth_header_with_channel_service_succeeds(
"2cd87869-38a0-4182-9251-d056e8f0ac24", # emulator creds
"2.30Vs3VQLKt974F",
GovernmentConstants.CHANNEL_SERVICE,
)
await jwt_token_validation_validate_auth_header_with_channel_service_succeeds(
"2cd87869-38a0-4182-9251-d056e8f0ac24", # emulator creds
"2.30Vs3VQLKt974F",
SimpleChannelProvider(GovernmentConstants.CHANNEL_SERVICE),
)
async def test_emulator_msa_header_and_no_credential_should_not_validate(
self):
# pylint: disable=protected-access
header = (
"Bearer " +
MicrosoftAppCredentials("2cd87869-38a0-4182-9251-d056e8f0ac24",
"2.30Vs3VQLKt974F").get_access_token())
credentials = SimpleCredentialProvider(
"00000000-0000-0000-0000-000000000000", "")
with pytest.raises(Exception) as excinfo:
await JwtTokenValidation.validate_auth_header(
header, credentials, "", None)
assert "Unauthorized" in str(excinfo._excinfo)
with pytest.raises(Exception) as excinfo2:
await JwtTokenValidation.validate_auth_header(
header, credentials, SimpleChannelProvider(), None)
assert "Unauthorized" in str(excinfo2._excinfo)