in Node/core/lib/bots/ChatConnector.js [83:212]
ChatConnector.prototype.verifyBotFramework = function (req, res, next) {
var _this = this;
var token;
var isEmulator = req.body['channelId'] === 'emulator';
var authHeaderValue = req.headers ? req.headers['authorization'] || req.headers['Authorization'] : null;
if (authHeaderValue) {
var auth = authHeaderValue.trim().split(' ');
if (auth.length == 2 && auth[0].toLowerCase() == 'bearer') {
token = auth[1];
}
}
if (token) {
var decoded_1 = jwt.decode(token, { complete: true });
var verifyOptions;
var openIdMetadata;
var algorithms = ['RS256', 'RS384', 'RS512'];
if (this.settings.enableSkills === true && skills_validator_1.SkillValidation.isSkillToken(authHeaderValue)) {
var skillMsg = cloneDeep(req.body);
this.prepIncomingMessage(skillMsg);
var authConfiguration = this.settings.authConfiguration || new skills_validator_1.DefaultAuthenticationConfiguration(this.settings.allowedCallers);
skills_validator_1.JwtTokenValidation.authenticateRequest(skillMsg, authHeaderValue, new skills_validator_1.SimpleCredentialProvider(this.settings.appId, this.settings.appPassword), req.body.serviceUrl, authConfiguration).then(function (claimsIdentity) {
if (!claimsIdentity || !claimsIdentity.isAuthenticated) {
logger.error('ChatConnector: receive - invalid skill token.');
res.send(403);
res.end();
next();
return;
}
var oauthScope = skills_validator_1.JwtTokenValidation.getAppIdFromClaims(claimsIdentity.claims);
var creds = new skills_validator_1.MicrosoftAppCredentials(_this.settings.appId, _this.settings.appPassword, oauthScope);
_this.credentialsCache[req.body.serviceUrl] = creds;
_this.dispatch(req.body, res, next);
}).catch(function (err) {
logger.error("Unable to authenticate request: " + err);
res.send(401);
res.end();
next();
return;
});
}
else {
if (isEmulator) {
if ((decoded_1.payload.ver === '2.0' && decoded_1.payload.azp !== this.settings.appId) ||
(decoded_1.payload.ver !== '2.0' && decoded_1.payload.appid !== this.settings.appId)) {
logger.error('ChatConnector: receive - invalid token. Requested by unexpected app ID.');
res.status(403);
res.end();
next();
return;
}
var issuer = void 0;
if (decoded_1.payload.ver === '1.0' && decoded_1.payload.iss == this.settings.endpoint.emulatorAuthV31IssuerV1) {
issuer = this.settings.endpoint.emulatorAuthV31IssuerV1;
}
else if (decoded_1.payload.ver === '2.0' && decoded_1.payload.iss == this.settings.endpoint.emulatorAuthV31IssuerV2) {
issuer = this.settings.endpoint.emulatorAuthV31IssuerV2;
}
else if (decoded_1.payload.ver === '1.0' && decoded_1.payload.iss == this.settings.endpoint.emulatorAuthV32IssuerV1) {
issuer = this.settings.endpoint.emulatorAuthV32IssuerV1;
}
else if (decoded_1.payload.ver === '2.0' && decoded_1.payload.iss == this.settings.endpoint.emulatorAuthV32IssuerV2) {
issuer = this.settings.endpoint.emulatorAuthV32IssuerV2;
}
if (issuer) {
openIdMetadata = this.emulatorOpenIdMetadata;
verifyOptions = {
algorithms: algorithms,
issuer: issuer,
audience: this.settings.endpoint.emulatorAudience,
clockTolerance: 300
};
}
}
if (!verifyOptions) {
openIdMetadata = this.botConnectorOpenIdMetadata;
verifyOptions = {
issuer: this.settings.endpoint.botConnectorIssuer,
audience: this.settings.endpoint.botConnectorAudience,
clockTolerance: 300
};
}
openIdMetadata.getKey(decoded_1.header.kid, function (key) {
if (key) {
try {
jwt.verify(token, key.key, verifyOptions);
if (typeof req.body.channelId !== 'undefined' &&
typeof key.endorsements !== 'undefined' &&
key.endorsements.lastIndexOf(req.body.channelId) === -1) {
var errorDescription = "channelId in req.body: " + req.body.channelId + " didn't match the endorsements: " + key.endorsements.join(',') + ".";
logger.error("ChatConnector: receive - endorsements validation failure. " + errorDescription);
throw new Error(errorDescription);
}
if (typeof decoded_1.payload.serviceurl !== 'undefined' &&
typeof req.body.serviceUrl !== 'undefined' &&
decoded_1.payload.serviceurl !== req.body.serviceUrl) {
var errorDescription = "ServiceUrl in payload of token: " + decoded_1.payload.serviceurl + " didn't match the request's serviceurl: " + req.body.serviceUrl + ".";
logger.error("ChatConnector: receive - serviceurl mismatch. " + errorDescription);
throw new Error(errorDescription);
}
}
catch (err) {
logger.error('ChatConnector: receive - invalid token. Check bot\'s app ID & Password.');
res.send(403, err);
res.end();
next();
return;
}
_this.dispatch(req.body, res, next);
}
else {
logger.error('ChatConnector: receive - invalid signing key or OpenId metadata document.');
res.status(500);
res.end();
next();
return;
}
});
}
}
else if (isEmulator && !this.settings.appId && !this.settings.appPassword) {
logger.warn(req.body, 'ChatConnector: receive - emulator running without security enabled.');
this.dispatch(req.body, res, next);
}
else {
logger.error('ChatConnector: receive - no security token sent.');
res.status(401);
res.end();
next();
}
};