Skip to content

Commit dd2b779

Browse files
committed
Merge branch 'southworks/auth-stack-updates' of https://github.com/southworkscom/botbuilder-python into southworks/auth-stack-updates
2 parents 64a77c8 + aabf046 commit dd2b779

4 files changed

Lines changed: 84 additions & 10 deletions

File tree

libraries/botframework-connector/microsoft/botframework/connector/auth/__init__.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,4 +13,5 @@
1313
from .jwt_token_validation import *
1414
from .credential_provider import *
1515
from .channel_validation import *
16-
from .emulator_validation import *
16+
from .emulator_validation import *
17+
from .simple_credential_provider import *
Lines changed: 72 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,75 @@
1+
import jwt
2+
3+
from .credential_provider import ICredentialProvider
4+
from .jwt_token_extractor import JwtTokenExtractor
5+
from .constants import Constants
6+
from .claims_identity import ClaimsIdentity
7+
8+
class VerifyOptions:
9+
def __init__(self, issuer, audience, clock_tolerance, ignore_expiration):
10+
self.issuer = issuer
11+
self.audience = audience
12+
self.clock_tolerance = clock_tolerance
13+
self.ignore_expiration = ignore_expiration
14+
115
class EmulatorValidation:
2-
def __init__(self):
3-
self.foo = None
16+
APP_ID_CLAIM = "appid"
17+
VERSION_CLAIM = "ver"
18+
TO_BOT_FROM_EMULATOR_TOKEN_VALIDATION_PARAMETERS = VerifyOptions(
19+
issuer = [
20+
'https://sts.windows.net/d6d49420-f39b-4df7-a1dc-d59a935871db/', # Auth v3.1, 1.0 token
21+
'https://login.microsoftonline.com/d6d49420-f39b-4df7-a1dc-d59a935871db/v2.0', # Auth v3.1, 2.0 token
22+
'https://sts.windows.net/f8cdef31-a31e-4b4a-93e4-5f571e91255a/', # Auth v3.2, 1.0 token
23+
'https://login.microsoftonline.com/f8cdef31-a31e-4b4a-93e4-5f571e91255a/v2.0', # Auth v3.2, 2.0 token
24+
'https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/' # ???
25+
],
26+
audience = None,
27+
clock_tolerance = 5 * 60,
28+
ignore_expiration = False
29+
)
30+
31+
def is_token_from_emulator(self, authHeader):
32+
"""Determines if a given Auth header is from the Bot Framework Emulator
33+
authHeader Bearer Token, in the "Bearer [Long String]" Format.
34+
returns True, if the token was issued by the Emulator. Otherwise, false.
35+
"""
36+
37+
# The Auth Header generally looks like this:
38+
# "Bearer eyJ0e[...Big Long String...]XAiO"
39+
if (not authHeader):
40+
# No token. Can't be an emulator token.
41+
return False
42+
43+
parts = authHeader.split(' ')
44+
if (parts.length != 2):
45+
# Emulator tokens MUST have exactly 2 parts. If we don't have 2 parts, it's not an emulator token
46+
return False
47+
48+
authScheme = parts[0]
49+
bearerToken = parts[1]
50+
51+
# We now have an array that should be:
52+
# [0] = "Bearer"
53+
# [1] = "[Big Long String]"
54+
if (authScheme != 'Bearer'):
55+
# The scheme from the emulator MUST be "Bearer"
56+
return False
57+
58+
# Parse the Big Long String into an actual token.
59+
token = jwt.decode(bearerToken, verify=False)
60+
if (not token):
61+
return False
62+
63+
# Is there an Issuer?
64+
issuer = token.payload.iss
65+
if (not issuer):
66+
# No Issuer, means it's not from the Emulator.
67+
return False
468

5-
@staticmethod
6-
def is_from_emulator(header):
7-
return True
69+
# Is the token issues by a source we consider to be the emulator?
70+
if (EmulatorValidation.TO_BOT_FROM_EMULATOR_TOKEN_VALIDATION_PARAMETERS.issuer and EmulatorValidation.TO_BOT_FROM_EMULATOR_TOKEN_VALIDATION_PARAMETERS.issuer.find(issuer) == -1):
71+
# Not a Valid Issuer. This is NOT a Bot Framework Emulator Token.
72+
return False
873

9-
@staticmethod
10-
def authenticate_token(header, credentials):
11-
pass
74+
# The Token is from the Bot Framework Emulator. Success!
75+
return True

libraries/botframework-connector/microsoft/botframework/connector/auth/jwt_token_validation.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,9 @@
77
from .microsoft_app_credentials import MicrosoftAppCredentials
88

99
class JwtTokenValidation:
10-
async def assertValidActivity(self, activity, authHeader, credentials):
10+
11+
@staticmethod
12+
async def assert_valid_activity(activity, authHeader, credentials):
1113
"""Validates the security tokens required by the Bot Framework Protocol. Throws on any exceptions.
1214
activity: The incoming Activity from the Bot Framework or the Emulator
1315
authHeader:The Bearer token included as part of the request
Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
from .credential_provider import CredentialProvider
2+
3+
class SimpleCredentialProvider(CredentialProvider):
4+
5+
def __init__(self, app_id, password):
6+
self.app_id = app_id
7+
self.password = password

0 commit comments

Comments
 (0)