Merge branch 'master' into trboehre-readme-update

Author: tracyboehrer

ci-pr-pipeline.yml

@@ -41,17 +41,14 @@ jobs:
       pip install -e ./libraries/botbuilder-dialogs
       pip install -e ./libraries/botbuilder-azure
       pip install -e ./libraries/botbuilder-testing
+      pip install -e ./libraries/botbuilder-integration-applicationinsights-aiohttp
       pip install -r ./libraries/botframework-connector/tests/requirements.txt
       pip install -r ./libraries/botbuilder-core/tests/requirements.txt
       pip install coveralls
       pip install pylint
       pip install black
     displayName: 'Install dependencies'
 
-  - script: 'pip install requests_mock'
-    displayName: 'Install requests mock (REMOVE AFTER MERGING INSPECTION)'
-    enabled: false
-
   - script: |
       pip install pytest
       pip install pytest-cov

libraries/botbuilder-core/botbuilder/core/activity_handler.py

@@ -7,6 +7,15 @@
 
 
 class ActivityHandler:
+    """
+    Handles activities and should be subclassed.
+
+    .. remarks::
+        Derive from this class to handle particular activity types.
+        Yon can add pre and post processing of activities by calling the base class
+        in the derived class.
+    """
+
     async def on_turn(self, turn_context: TurnContext):
         """
         Called by the adapter (for example, :class:`BotFrameworkAdapter`) at runtime
@@ -22,8 +31,8 @@ async def on_turn(self, turn_context: TurnContext):
             process, which allows a derived class to provide type-specific logic in a controlled way.
             In a derived class, override this method to add logic that applies to all activity types.
             Also
-            - Add logic to apply before the type-specific logic and before calling :meth:`ActivityHandler.on_turn()`.
-            - Add logic to apply after the type-specific logic after calling :meth:`ActivityHandler.on_turn()`.
+            - Add logic to apply before the type-specific logic and before calling :meth:`on_turn()`.
+            - Add logic to apply after the type-specific logic after calling :meth:`on_turn()`.
         """
         if turn_context is None:
             raise TypeError("ActivityHandler.on_turn(): turn_context cannot be None.")
@@ -71,21 +80,22 @@ async def on_message_activity(  # pylint: disable=unused-argument
     async def on_conversation_update_activity(self, turn_context: TurnContext):
         """
         Invoked when a conversation update activity is received from the channel when the base behavior of
-        :meth:`ActivityHandler.on_turn()` is used.
+        :meth:`on_turn()` is used.
 
         :param turn_context: The context object for this turn
         :type turn_context: :class:`botbuilder.core.TurnContext`
 
         :returns: A task that represents the work queued to execute
 
         .. remarks::
-            When the :meth:'ActivityHandler.on_turn()` method receives a conversation update activity, it calls this
+            When the :meth:`on_turn()` method receives a conversation update activity, it calls this
             method.
-            If the conversation update activity indicates that members other than the bot joined the conversation,
-            it calls the  :meth:`ActivityHandler.on_members_added_activity()` method.
-            If the conversation update activity indicates that members other than the bot left the conversation,
-            it calls the  :meth:`ActivityHandler.on_members_removed_activity()`  method.
-            In a derived class, override this method to add logic that applies to all conversation update activities.
+            Also
+            - If the conversation update activity indicates that members other than the bot joined the conversation,
+            it calls the  :meth:`on_members_added_activity()` method.
+            - If the conversation update activity indicates that members other than the bot left the conversation,
+            it calls the  :meth:`on_members_removed_activity()`  method.
+            - In a derived class, override this method to add logic that applies to all conversation update activities.
             Add logic to apply before the member added or removed logic before the call to this base class method.
         """
         if (
@@ -120,7 +130,7 @@ async def on_members_added_activity(
         :returns: A task that represents the work queued to execute
 
         .. remarks::
-            When the :meth:'ActivityHandler.on_conversation_update_activity()` method receives a conversation
+            When the :meth:`on_conversation_update_activity()` method receives a conversation
             update activity that indicates
             one or more users other than the bot are joining the conversation, it calls this method.
         """
@@ -142,7 +152,7 @@ async def on_members_removed_activity(
         :returns: A task that represents the work queued to execute
 
         .. remarks::
-            When the :meth:'ActivityHandler.on_conversation_update_activity()` method receives a conversation
+            When the :meth:`on_conversation_update_activity()` method receives a conversation
             update activity that indicates one or more users other than the bot are leaving the conversation,
             it calls this method.
         """
@@ -152,7 +162,7 @@ async def on_members_removed_activity(
     async def on_message_reaction_activity(self, turn_context: TurnContext):
         """
         Invoked when an event activity is received from the connector when the base behavior of
-        :meth:'ActivityHandler.on_turn()` is used.
+        :meth:`on_turn()` is used.
 
         :param turn_context: The context object for this turn
         :type turn_context: :class:`botbuilder.core.TurnContext`
@@ -162,15 +172,18 @@ async def on_message_reaction_activity(self, turn_context: TurnContext):
         .. remarks::
             Message reactions correspond to the user adding a 'like' or 'sad' etc. (often an emoji) to a previously
             sent activity.
+
             Message reactions are only supported by a few channels. The activity that the message reaction corresponds
             to is indicated in the reply to Id property. The value of this property is the activity id of a previously
             sent activity given back to the bot as the response from a send call.
-            When the :meth:'ActivityHandler.on_turn()` method receives a message reaction activity, it calls this
+            When the :meth:`on_turn()` method receives a message reaction activity, it calls this
             method.
-            If the message reaction indicates that reactions were added to a message, it calls
-            :meth:'ActivityHandler.on_reaction_added().
-            If the message reaction indicates that reactions were removed from a message, it calls
-            :meth:'ActivityHandler.on_reaction_removed().
+
+            - If the message reaction indicates that reactions were added to a message, it calls
+            :meth:`on_reaction_added()`.
+            - If the message reaction indicates that reactions were removed from a message, it calls
+            :meth:`on_reaction_removed()`.
+
             In a derived class, override this method to add logic that applies to all message reaction activities.
             Add logic to apply before the reactions added or removed logic before the call to the this base class
             method.
@@ -202,8 +215,9 @@ async def on_reactions_added(  # pylint: disable=unused-argument
 
         .. remarks::
             Message reactions correspond to the user adding a 'like' or 'sad' etc. (often an emoji)
-            to a previously sent message on the conversation. Message reactions are supported by only a few channels.
-            The activity that the message is in reaction to is identified by the activity's reply to Id property.
+            to a previously sent message on the conversation.
+            Message reactions are supported by only a few channels.
+            The activity that the message is in reaction to is identified by the activity's reply to ID property.
             The value of this property is the activity ID of a previously sent activity. When the bot sends an activity,
             the channel assigns an ID to it, which is available in the resource response Id of the result.
         """
@@ -235,17 +249,17 @@ async def on_reactions_removed(  # pylint: disable=unused-argument
     async def on_event_activity(self, turn_context: TurnContext):
         """
         Invoked when an event activity is received from the connector when the base behavior of
-        :meth:'ActivityHandler.on_turn()` is used.
+        :meth:`on_turn()` is used.
 
         :param turn_context: The context object for this turn
         :type turn_context: :class:`botbuilder.core.TurnContext`
 
         :returns: A task that represents the work queued to execute
 
         .. remarks::
-            When the :meth:'ActivityHandler.on_turn()` method receives an event activity, it calls this method.
-            If the activity name is `tokens/response`, it calls :meth:'ActivityHandler.on_token_response_event()`;
-            otherwise, it calls :meth:'ActivityHandler.on_event()`.
+            When the :meth:`on_turn()` method receives an event activity, it calls this method.
+            If the activity name is `tokens/response`, it calls :meth:`on_token_response_event()`;
+            otherwise, it calls :meth:`on_event()`.
 
             In a derived class, override this method to add logic that applies to all event activities.
             Add logic to apply before the specific event-handling logic before the call to this base class method.
@@ -265,7 +279,7 @@ async def on_token_response_event(  # pylint: disable=unused-argument
     ):
         """
         Invoked when a `tokens/response` event is received when the base behavior of
-        :meth:'ActivityHandler.on_event_activity()` is used.
+        :meth:`on_event_activity()` is used.
         If using an `oauth_prompt`, override this method to forward this activity to the current dialog.
 
         :param turn_context: The context object for this turn
@@ -274,7 +288,7 @@ async def on_token_response_event(  # pylint: disable=unused-argument
         :returns: A task that represents the work queued to execute
 
         .. remarks::
-            When the :meth:'ActivityHandler.on_event()` method receives an event with an activity name of
+            When the :meth:`on_event()` method receives an event with an activity name of
             `tokens/response`, it calls this method. If your bot uses an `oauth_prompt`, forward the incoming
             activity to the current dialog.
         """
@@ -285,7 +299,7 @@ async def on_event(  # pylint: disable=unused-argument
     ):
         """
         Invoked when an event other than `tokens/response` is received when the base behavior of
-        :meth:'ActivityHandler.on_event_activity()` is used.
+        :meth:`on_event_activity()` is used.
 
 
         :param turn_context: The context object for this turn
@@ -294,7 +308,7 @@ async def on_event(  # pylint: disable=unused-argument
         :returns: A task that represents the work queued to execute
 
         .. remarks::
-            When the :meth:'ActivityHandler.on_event_activity()` is used method receives an event with an
+            When the :meth:`on_event_activity()` is used method receives an event with an
             activity name other than `tokens/response`, it calls this method.
             This method could optionally be overridden if the bot is meant to handle miscellaneous events.
         """
@@ -317,7 +331,7 @@ async def on_unrecognized_activity_type(  # pylint: disable=unused-argument
     ):
         """
         Invoked when an activity other than a message, conversation update, or event is received when the base
-        behavior of :meth:`ActivityHandler.on_turn()` is used.
+        behavior of :meth:`on_turn()` is used.
         If overridden, this method could potentially respond to any of the other activity types.
 
         :param turn_context: The context object for this turn
@@ -326,7 +340,7 @@ async def on_unrecognized_activity_type(  # pylint: disable=unused-argument
         :returns: A task that represents the work queued to execute
 
         .. remarks::
-            When the :meth:`ActivityHandler.on_turn()` method receives an activity that is not a message,
+            When the :meth:`on_turn()` method receives an activity that is not a message,
             conversation update, message reaction, or event activity, it calls this method.
         """
         return

libraries/botbuilder-core/botbuilder/core/bot_framework_adapter.py

@@ -1,6 +1,8 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License.
 
+# pylint: disable=too-many-lines
+
 import asyncio
 import base64
 import json
@@ -22,6 +24,7 @@
     JwtTokenValidation,
     SimpleCredentialProvider,
     SkillValidation,
+    CertificateAppCredentials,
 )
 from botframework.connector.token_api import TokenApiClient
 from botframework.connector.token_api.models import TokenStatus
@@ -76,13 +79,15 @@ class BotFrameworkAdapterSettings:
     def __init__(
         self,
         app_id: str,
-        app_password: str,
+        app_password: str = None,
         channel_auth_tenant: str = None,
         oauth_endpoint: str = None,
         open_id_metadata: str = None,
         channel_service: str = None,
         channel_provider: ChannelProvider = None,
         auth_configuration: AuthenticationConfiguration = None,
+        certificate_thumbprint: str = None,
+        certificate_private_key: str = None,
     ):
         """
         Contains the settings used to initialize a :class:`BotFrameworkAdapter` instance.
@@ -104,6 +109,15 @@ def __init__(
         :type channel_provider: :class:`botframework.connector.auth.ChannelProvider`
         :param auth_configuration:
         :type auth_configuration: :class:`botframework.connector.auth.AuthenticationConfiguration`
+        :param certificate_thumbprint: X509 thumbprint
+        :type certificate_thumbprint: str
+        :param certificate_private_key: X509 private key
+        :type certificate_private_key: str
+
+        .. remarks::
+            For credentials authorization, both app_id and app_password are required.
+            For certificate authorization, app_id, certificate_thumbprint, and certificate_private_key are required.
+
         """
         self.app_id = app_id
         self.app_password = app_password
@@ -113,6 +127,8 @@ def __init__(
         self.channel_service = channel_service
         self.channel_provider = channel_provider
         self.auth_configuration = auth_configuration or AuthenticationConfiguration()
+        self.certificate_thumbprint = certificate_thumbprint
+        self.certificate_private_key = certificate_private_key
 
 
 class BotFrameworkAdapter(BotAdapter, UserTokenProvider):
@@ -141,23 +157,42 @@ def __init__(self, settings: BotFrameworkAdapterSettings):
         """
         super(BotFrameworkAdapter, self).__init__()
         self.settings = settings or BotFrameworkAdapterSettings("", "")
+
+        # If settings.certificate_thumbprint & settings.certificate_private_key are provided,
+        # use CertificateAppCredentials.
+        if self.settings.certificate_thumbprint and settings.certificate_private_key:
+            self._credentials = CertificateAppCredentials(
+                self.settings.app_id,
+                self.settings.certificate_thumbprint,
+                self.settings.certificate_private_key,
+                self.settings.channel_auth_tenant,
+            )
+            self._credential_provider = SimpleCredentialProvider(
+                self.settings.app_id, ""
+            )
+        else:
+            self._credentials = MicrosoftAppCredentials(
+                self.settings.app_id,
+                self.settings.app_password,
+                self.settings.channel_auth_tenant,
+            )
+            self._credential_provider = SimpleCredentialProvider(
+                self.settings.app_id, self.settings.app_password
+            )
+
+        self._is_emulating_oauth_cards = False
+
+        # If no channel_service or open_id_metadata values were passed in the settings, check the
+        # process' Environment Variables for values.
+        # These values may be set when a bot is provisioned on Azure and if so are required for
+        # the bot to properly work in Public Azure or a National Cloud.
         self.settings.channel_service = self.settings.channel_service or os.environ.get(
             AuthenticationConstants.CHANNEL_SERVICE
         )
-
         self.settings.open_id_metadata = (
             self.settings.open_id_metadata
             or os.environ.get(AuthenticationConstants.BOT_OPEN_ID_METADATA_KEY)
         )
-        self._credentials = MicrosoftAppCredentials(
-            self.settings.app_id,
-            self.settings.app_password,
-            self.settings.channel_auth_tenant,
-        )
-        self._credential_provider = SimpleCredentialProvider(
-            self.settings.app_id, self.settings.app_password
-        )
-        self._is_emulating_oauth_cards = False
 
         if self.settings.open_id_metadata:
             ChannelValidation.open_id_metadata_endpoint = self.settings.open_id_metadata
@@ -878,35 +913,39 @@ async def create_connector_client(
 
         :return: An instance of the :class:`ConnectorClient` class
         """
+
+        # Anonymous claims and non-skill claims should fall through without modifying the scope.
+        credentials = self._credentials
+
         if identity:
             bot_app_id_claim = identity.claims.get(
                 AuthenticationConstants.AUDIENCE_CLAIM
             ) or identity.claims.get(AuthenticationConstants.APP_ID_CLAIM)
 
-            credentials = None
             if bot_app_id_claim and SkillValidation.is_skill_claim(identity.claims):
                 scope = JwtTokenValidation.get_app_id_from_claims(identity.claims)
 
-                password = await self._credential_provider.get_app_password(
-                    bot_app_id_claim
-                )
-                credentials = MicrosoftAppCredentials(
-                    bot_app_id_claim, password, oauth_scope=scope
-                )
-                if (
-                    self.settings.channel_provider
-                    and self.settings.channel_provider.is_government()
-                ):
-                    credentials.oauth_endpoint = (
-                        GovernmentConstants.TO_CHANNEL_FROM_BOT_LOGIN_URL
+                # Do nothing, if the current credentials and its scope are valid for the skill.
+                # i.e. the adapter instance is pre-configured to talk with one skill.
+                # Otherwise we will create a new instance of the AppCredentials
+                # so self._credentials.oauth_scope isn't overridden.
+                if self._credentials.oauth_scope != scope:
+                    password = await self._credential_provider.get_app_password(
+                        bot_app_id_claim
                     )
-                    credentials.oauth_scope = (
-                        GovernmentConstants.TO_CHANNEL_FROM_BOT_OAUTH_SCOPE
+                    credentials = MicrosoftAppCredentials(
+                        bot_app_id_claim, password, oauth_scope=scope
                     )
-            else:
-                credentials = self._credentials
-        else:
-            credentials = self._credentials
+                    if (
+                        self.settings.channel_provider
+                        and self.settings.channel_provider.is_government()
+                    ):
+                        credentials.oauth_endpoint = (
+                            GovernmentConstants.TO_CHANNEL_FROM_BOT_LOGIN_URL
+                        )
+                        credentials.oauth_scope = (
+                            GovernmentConstants.TO_CHANNEL_FROM_BOT_OAUTH_SCOPE
+                        )
 
         client_key = (
             f"{service_url}{credentials.microsoft_app_id if credentials else ''}"