Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
// Anonymous claims and non-skill claims should fall through without modifying the scope.
let credentials: AppCredentials = this.credentials;
// If the request is for skills, we need to create an AppCredentials instance with
// the correct scope for communication between the caller and the skill.
if (botAppId && SkillValidation.isSkillClaim(identity.claims)) {
const scope = JwtTokenValidation.getAppIdFromClaims(identity.claims);
if (this.credentials.oAuthScope === scope) {
// Do nothing, the current credentials and its scope are valid for the skill.
// i.e. the adatper instance is pre-configured to talk with one skill.
} else {
// Since the scope is different, we will create a new instance of the AppCredentials
// so this.credentials.oAuthScope isn't overridden.
credentials = await this.buildCredentials(botAppId, scope);
if (JwtTokenValidation.isGovernment(this.settings.channelService)) {
credentials.oAuthEndpoint = GovernmentConstants.ToChannelFromBotLoginUrl;
// Not sure that this code is correct because the scope was set earlier.
credentials.oAuthScope = GovernmentConstants.ToChannelFromBotOAuthScope;
}
}
}
const client: ConnectorClient = this.createConnectorClientInternal(serviceUrl, credentials);
return client;
}
}
this.isEmulatingOAuthCards = false;
// If no channelService or openIdMetadata values were passed in the settings, check the process' Environment Variables for values.
// These values may be set when a bot is provisioned on Azure and if so are required for the bot to properly work in Public Azure or a National Cloud.
this.settings.channelService = this.settings.channelService || process.env[AuthenticationConstants.ChannelService];
this.settings.openIdMetadata = this.settings.openIdMetadata || process.env[AuthenticationConstants.BotOpenIdMetadataKey];
this.authConfiguration = this.settings.authConfig || new AuthenticationConfiguration();
if (this.settings.openIdMetadata) {
ChannelValidation.OpenIdMetadataEndpoint = this.settings.openIdMetadata;
GovernmentChannelValidation.OpenIdMetadataEndpoint = this.settings.openIdMetadata;
}
if (JwtTokenValidation.isGovernment(this.settings.channelService)) {
this.credentials.oAuthEndpoint = GovernmentConstants.ToChannelFromBotLoginUrl;
this.credentials.oAuthScope = GovernmentConstants.ToChannelFromBotOAuthScope;
}
// If a NodeWebSocketFactoryBase was passed in, set it on the BotFrameworkAdapter.
if (this.settings.webSocketFactory) {
this.webSocketFactory = this.settings.webSocketFactory;
}
// Relocate the tenantId field used by MS Teams to a new location (from channelData to conversation)
// This will only occur on activities from teams that include tenant info in channelData but NOT in conversation,
// thus should be future friendly. However, once the the transition is complete. we can remove this.
this.use(async(context, next) => {
if (context.activity.channelId === 'msteams' && context.activity && context.activity.conversation && !context.activity.conversation.tenantId && context.activity.channelData && context.activity.channelData.tenant) {
context.activity.conversation.tenantId = context.activity.channelData.tenant.id;
}
private async getAppCredentials(appId: string, oAuthScope?: string): Promise {
if (!appId) {
return new MicrosoftAppCredentials('', '');
}
const cacheKey = `${ appId }${ oAuthScope }`;
let appCredentials = BotFrameworkHttpClient.appCredentialMapCache.get(cacheKey);
if (appCredentials) {
return appCredentials;
}
const appPassword = await this.credentialProvider.getAppPassword(appId);
if (JwtTokenValidation.isGovernment(this.channelService)) {
appCredentials = new MicrosoftAppCredentials(appId, appPassword, this.channelService);
appCredentials.oAuthEndpoint = GovernmentConstants.ToChannelFromBotLoginUrl;
appCredentials.oAuthScope = GovernmentConstants.ToChannelFromBotOAuthScope;
} else {
appCredentials = new MicrosoftAppCredentials(appId, appPassword, this.channelService);
appCredentials.oAuthScope = !oAuthScope ? AuthenticationConstants.ToChannelFromBotOAuthScope : oAuthScope;
}
// Cache the credentials for later use
BotFrameworkHttpClient.appCredentialMapCache.set(cacheKey, appCredentials);
return appCredentials;
}
}
protected oauthApiUrl(contextOrServiceUrl: TurnContext | string): string {
return this.isEmulatingOAuthCards ?
(typeof contextOrServiceUrl === 'object' ? contextOrServiceUrl.activity.serviceUrl : contextOrServiceUrl) :
(this.settings.oAuthEndpoint ? this.settings.oAuthEndpoint :
JwtTokenValidation.isGovernment(this.settings.channelService) ?
US_GOV_OAUTH_ENDPOINT : OAUTH_ENDPOINT);
}