Squash commit: Protocol layer with auth, unit testing pending.

Author: axelsrz

libraries/botbuilder-core/botbuilder/core/bot_framework_adapter.py

@@ -12,19 +12,23 @@
     ConversationAccount,
     ConversationParameters,
     ConversationReference,
-    ResourceResponse,
     TokenResponse,
+    ResourceResponse,
 )
 from botframework.connector import Channels, EmulatorApiClient
 from botframework.connector.aio import ConnectorClient
 from botframework.connector.auth import (
+    AuthenticationConfiguration,
     AuthenticationConstants,
     ChannelValidation,
+    ChannelProvider,
+    ClaimsIdentity,
     GovernmentChannelValidation,
     GovernmentConstants,
     MicrosoftAppCredentials,
     JwtTokenValidation,
     SimpleCredentialProvider,
+    SkillValidation,
 )
 from botframework.connector.token_api import TokenApiClient
 from botframework.connector.token_api.models import TokenStatus
@@ -37,6 +41,7 @@
 USER_AGENT = f"Microsoft-BotFramework/3.1 (BotBuilder Python/{__version__})"
 OAUTH_ENDPOINT = "https://api.botframework.com"
 US_GOV_OAUTH_ENDPOINT = "https://api.botframework.azure.us"
+BOT_IDENTITY_KEY = "BotIdentity"
 
 
 class TokenExchangeState(Model):
@@ -72,13 +77,17 @@ def __init__(
         oauth_endpoint: str = None,
         open_id_metadata: str = None,
         channel_service: str = None,
+        channel_provider: ChannelProvider = None,
+        auth_configuration: AuthenticationConfiguration = None,
     ):
         self.app_id = app_id
         self.app_password = app_password
         self.channel_auth_tenant = channel_auth_tenant
         self.oauth_endpoint = oauth_endpoint
         self.open_id_metadata = open_id_metadata
         self.channel_service = channel_service
+        self.channel_provider = channel_provider
+        self.auth_configuration = auth_configuration or AuthenticationConfiguration()
 
 
 class BotFrameworkAdapter(BotAdapter, UserTokenProvider):
@@ -90,6 +99,7 @@ def __init__(self, settings: BotFrameworkAdapterSettings):
         self.settings.channel_service = self.settings.channel_service or os.environ.get(
             AuthenticationConstants.CHANNEL_SERVICE
         )
+
         self.settings.open_id_metadata = (
             self.settings.open_id_metadata
             or os.environ.get(AuthenticationConstants.BOT_OPEN_ID_METADATA_KEY)
@@ -163,7 +173,7 @@ async def create_conversation(
 
             # Create conversation
             parameters = ConversationParameters(bot=reference.bot)
-            client = self.create_connector_client(reference.service_url)
+            client = await self.create_connector_client(reference.service_url)
 
             # Mix in the tenant ID if specified. This is required for MS Teams.
             if reference.conversation is not None and reference.conversation.tenant_id:
@@ -207,8 +217,9 @@ async def process_activity(self, req, auth_header: str, logic: Callable):
         activity = await self.parse_request(req)
         auth_header = auth_header or ""
 
-        await self.authenticate_request(activity, auth_header)
+        identity = await self.authenticate_request(activity, auth_header)
         context = self.create_context(activity)
+        context.turn_state[BOT_IDENTITY_KEY] = identity
 
         # Fix to assign tenant_id from channelData to Conversation.tenant_id.
         # MS Teams currently sends the tenant ID in channelData and the correct behavior is to expose
@@ -228,7 +239,9 @@ async def process_activity(self, req, auth_header: str, logic: Callable):
 
         return await self.run_pipeline(context, logic)
 
-    async def authenticate_request(self, request: Activity, auth_header: str):
+    async def authenticate_request(
+        self, request: Activity, auth_header: str
+    ) -> ClaimsIdentity:
         """
         Allows for the overriding of authentication in unit tests.
         :param request:
@@ -240,11 +253,14 @@ async def authenticate_request(self, request: Activity, auth_header: str):
             auth_header,
             self._credential_provider,
             self.settings.channel_service,
+            self.settings.auth_configuration,
         )
 
         if not claims.is_authenticated:
             raise Exception("Unauthorized Access. Request is not authorized")
 
+        return claims
+
     def create_context(self, activity):
         """
         Allows for the overriding of the context object in unit tests and derived adapters.
@@ -306,7 +322,8 @@ async def update_activity(self, context: TurnContext, activity: Activity):
         :return:
         """
         try:
-            client = self.create_connector_client(activity.service_url)
+            identity: ClaimsIdentity = context.turn_state.get(BOT_IDENTITY_KEY)
+            client = await self.create_connector_client(activity.service_url, identity)
             return await client.conversations.update_activity(
                 activity.conversation.id, activity.id, activity
             )
@@ -324,7 +341,8 @@ async def delete_activity(
         :return:
         """
         try:
-            client = self.create_connector_client(reference.service_url)
+            identity: ClaimsIdentity = context.turn_state.get(BOT_IDENTITY_KEY)
+            client = await self.create_connector_client(reference.service_url, identity)
             await client.conversations.delete_activity(
                 reference.conversation.id, reference.activity_id
             )
@@ -365,7 +383,10 @@ async def send_activities(
                             "BotFrameworkAdapter.send_activity(): conversation.id can not be None."
                         )
 
-                    client = self.create_connector_client(activity.service_url)
+                    identity: ClaimsIdentity = context.turn_state.get(BOT_IDENTITY_KEY)
+                    client = await self.create_connector_client(
+                        activity.service_url, identity
+                    )
                     if activity.type == "trace" and activity.channel_id != "emulator":
                         pass
                     elif activity.reply_to_id:
@@ -409,7 +430,8 @@ async def delete_conversation_member(
                 )
             service_url = context.activity.service_url
             conversation_id = context.activity.conversation.id
-            client = self.create_connector_client(service_url)
+            identity: ClaimsIdentity = context.turn_state.get(BOT_IDENTITY_KEY)
+            client = await self.create_connector_client(service_url, identity)
             return await client.conversations.delete_conversation_member(
                 conversation_id, member_id
             )
@@ -446,7 +468,8 @@ async def get_activity_members(self, context: TurnContext, activity_id: str):
                 )
             service_url = context.activity.service_url
             conversation_id = context.activity.conversation.id
-            client = self.create_connector_client(service_url)
+            identity: ClaimsIdentity = context.turn_state.get(BOT_IDENTITY_KEY)
+            client = await self.create_connector_client(service_url, identity)
             return await client.conversations.get_activity_members(
                 conversation_id, activity_id
             )
@@ -474,7 +497,8 @@ async def get_conversation_members(self, context: TurnContext):
                 )
             service_url = context.activity.service_url
             conversation_id = context.activity.conversation.id
-            client = self.create_connector_client(service_url)
+            identity: ClaimsIdentity = context.turn_state.get(BOT_IDENTITY_KEY)
+            client = await self.create_connector_client(service_url, identity)
             return await client.conversations.get_conversation_members(conversation_id)
         except Exception as error:
             raise error
@@ -488,7 +512,7 @@ async def get_conversations(self, service_url: str, continuation_token: str = No
         :param continuation_token:
         :return:
         """
-        client = self.create_connector_client(service_url)
+        client = await self.create_connector_client(service_url)
         return await client.conversations.get_conversations(continuation_token)
 
     async def get_user_token(
@@ -595,13 +619,44 @@ async def get_aad_tokens(
             user_id, connection_name, context.activity.channel_id, resource_urls
         )
 
-    def create_connector_client(self, service_url: str) -> ConnectorClient:
+    async def create_connector_client(
+        self, service_url: str, identity: ClaimsIdentity = None
+    ) -> ConnectorClient:
         """
         Allows for mocking of the connector client in unit tests.
         :param service_url:
+        :param identity:
         :return:
         """
-        client = ConnectorClient(self._credentials, base_url=service_url)
+        if identity:
+            bot_app_id_claim = identity.claims.get(
+                AuthenticationConstants.AUDIENCE_CLAIM
+            ) or identity.claims.get(AuthenticationConstants.APP_ID_CLAIM)
+
+            credentials = None
+            if bot_app_id_claim and SkillValidation.is_skill_claim(identity.claims):
+                scope = JwtTokenValidation.get_app_id_from_claims(identity.claims)
+
+                password = await self._credential_provider.get_app_password(
+                    bot_app_id_claim
+                )
+                credentials = MicrosoftAppCredentials(
+                    bot_app_id_claim, password, oauth_scope=scope
+                )
+                if (
+                    self.settings.channel_provider
+                    and self.settings.channel_provider.is_government()
+                ):
+                    credentials.oauth_endpoint = (
+                        GovernmentConstants.TO_CHANNEL_FROM_BOT_LOGIN_URL
+                    )
+                    credentials.oauth_scope = (
+                        GovernmentConstants.TO_CHANNEL_FROM_BOT_OAUTH_SCOPE
+                    )
+        else:
+            credentials = self._credentials
+
+        client = ConnectorClient(credentials, base_url=service_url)
         client.config.add_user_agent(USER_AGENT)
         return client
 

libraries/botbuilder-core/botbuilder/core/bot_state.py

@@ -4,6 +4,7 @@
 from abc import abstractmethod
 from copy import deepcopy
 from typing import Callable, Dict, Union
+from jsonpickle.pickler import Pickler
 from botbuilder.core.state_property_accessor import StatePropertyAccessor
 from .turn_context import TurnContext
 from .storage import Storage
@@ -24,8 +25,7 @@ def is_changed(self) -> bool:
         return self.hash != self.compute_hash(self.state)
 
     def compute_hash(self, obj: object) -> str:
-        # TODO: Should this be compatible with C# JsonConvert.SerializeObject ?
-        return str(obj)
+        return str(Pickler().flatten(obj))
 
 
 class BotState(PropertyManager):

libraries/botbuilder-core/botbuilder/core/integration/bot_framework_http_client.py

@@ -76,7 +76,7 @@ async def post_activity(
             }
             if token:
                 headers_dict.update(
-                    {"Authorization": f"Bearer:{token}",}
+                    {"Authorization": f"Bearer {token}",}
                 )
 
             json_content = json.dumps(activity.serialize())
@@ -111,7 +111,7 @@ async def _get_app_credentials(
         app_credentials = MicrosoftAppCredentials(
             app_id, app_password, oauth_scope=oauth_scope
         )
-        if self._channel_provider.is_government():
+        if self._channel_provider and self._channel_provider.is_government():
             app_credentials.oauth_endpoint = (
                 GovernmentConstants.TO_CHANNEL_FROM_BOT_LOGIN_URL
             )

libraries/botbuilder-core/botbuilder/core/integration/channel_service_handler.py

@@ -454,7 +454,7 @@ async def _authenticate(self, auth_header: str) -> ClaimsIdentity:
         return await JwtTokenValidation.validate_auth_header(
             auth_header,
             self._credential_provider,
-            self._channel_provider.channel_service,
+            self._channel_provider,
             "unknown",
-            self._auth_config,
+            auth_configuration=self._auth_config,
         )

libraries/botbuilder-core/botbuilder/core/teams/__init__.py

@@ -0,0 +1,14 @@
+# coding=utf-8
+# --------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for
+# license information.
+# --------------------------------------------------------------------------
+
+from .teams_activity_handler import TeamsActivityHandler
+from .teams_info import TeamsInfo
+
+__all__ = [
+    "TeamsActivityHandler",
+    "TeamsInfo",
+]