Support Skills in Azure Government

libraries/botbuilder/src/botFrameworkAdapter.ts

@@ -27,7 +27,8 @@ export enum StatusCodes {
 }
 
 export class StatusCodeError extends Error {
-    constructor(public readonly statusCode: StatusCodes, message?: string) {
+    public readonly statusCode: StatusCodes;
+    public constructor(statusCode: StatusCodes, message?: string) {
         super(message);
         this.statusCode = statusCode;
     }
@@ -94,7 +95,7 @@ const TYPE: any = os.type();
 const RELEASE: any = os.release();
 const NODE_VERSION: any = process.version;
 
-// tslint:disable-next-line:no-var-requires no-require-imports
+// eslint-disable-next-line @typescript-eslint/no-var-requires
 const pjson: any = require('../package.json');
 export const USER_AGENT: string = `Microsoft-BotFramework/3.1 BotBuilder/${ pjson.version } ` +
     `(Node.js,Version=${ NODE_VERSION }; ${ TYPE } ${ RELEASE }; ${ ARCHITECTURE })`;
@@ -174,7 +175,7 @@ export class BotFrameworkAdapter extends BotAdapter implements CredentialTokenPr
      * The [BotFrameworkAdapterSettings](xref:botbuilder.BotFrameworkAdapterSettings) class defines
      * the available adapter settings.
      */
-    constructor(settings?: Partial<BotFrameworkAdapterSettings>) {
+    public constructor(settings?: Partial<BotFrameworkAdapterSettings>) {
         super();
         this.settings = { appId: '', appPassword: '', ...settings };
 
@@ -214,7 +215,7 @@ export class BotFrameworkAdapter extends BotAdapter implements CredentialTokenPr
         // Relocate the tenantId field used by MS Teams to a new location (from channelData to conversation)
         // This will only occur on activities from teams that include tenant info in channelData but NOT in conversation,
         // thus should be future friendly.  However, once the the transition is complete. we can remove this.
-        this.use(async(context, next) => {
+        this.use(async (context, next): Promise<void> => {
             if (context.activity.channelId === 'msteams' && context.activity && context.activity.conversation && !context.activity.conversation.tenantId && context.activity.channelData && context.activity.channelData.tenant) {
                 context.activity.conversation.tenantId = context.activity.channelData.tenant.id;
             }
@@ -638,9 +639,9 @@ export class BotFrameworkAdapter extends BotAdapter implements CredentialTokenPr
      * 
      * @returns A map of the [TokenResponse](xref:botframework-schema.TokenResponse) objects by resource URL.
      */
-    public async getAadTokens(context: TurnContext, connectionName: string, resourceUrls: string[]): Promise<{[propertyName: string]: TokenResponse;}>;
-    public async getAadTokens(context: TurnContext, connectionName: string, resourceUrls: string[], oAuthAppCredentials?: AppCredentials): Promise<{[propertyName: string]: TokenResponse;}>;
-    public async getAadTokens(context: TurnContext, connectionName: string, resourceUrls: string[], oAuthAppCredentials?: AppCredentials): Promise<{[propertyName: string]: TokenResponse;}> {
+    public async getAadTokens(context: TurnContext, connectionName: string, resourceUrls: string[]): Promise<{[propertyName: string]: TokenResponse}>;
+    public async getAadTokens(context: TurnContext, connectionName: string, resourceUrls: string[], oAuthAppCredentials?: AppCredentials): Promise<{[propertyName: string]: TokenResponse}>;
+    public async getAadTokens(context: TurnContext, connectionName: string, resourceUrls: string[], oAuthAppCredentials?: AppCredentials): Promise<{[propertyName: string]: TokenResponse}> {
         if (!context.activity.from || !context.activity.from.id) {
             throw new Error(`BotFrameworkAdapter.getAadTokens(): missing from or from.id`);
         }
@@ -961,12 +962,6 @@ export class BotFrameworkAdapter extends BotAdapter implements CredentialTokenPr
                 // Since the scope is different, we will create a new instance of the AppCredentials
                 // so this.credentials.oAuthScope isn't overridden.
                 credentials = await this.buildCredentials(botAppId, scope);
-
-                if (JwtTokenValidation.isGovernment(this.settings.channelService)) {
-                    credentials.oAuthEndpoint = GovernmentConstants.ToChannelFromBotLoginUrl;
-                    // Not sure that this code is correct because the scope was set earlier.
-                    credentials.oAuthScope = GovernmentConstants.ToChannelFromBotOAuthScope;
-                }
             }
         }
 
@@ -984,7 +979,7 @@ export class BotFrameworkAdapter extends BotAdapter implements CredentialTokenPr
             // Check if we have a streaming server. Otherwise, requesting a connector client
             // for a non-existent streaming connection results in an error
             if (!this.streamingServer) {
-                throw new Error(`Cannot create streaming connector client for serviceUrl ${serviceUrl} without a streaming connection. Call 'useWebSocket' or 'useNamedPipe' to start a streaming connection.`)
+                throw new Error(`Cannot create streaming connector client for serviceUrl ${ serviceUrl } without a streaming connection. Call 'useWebSocket' or 'useNamedPipe' to start a streaming connection.`);
             }
 
             return new ConnectorClient(
@@ -1023,14 +1018,21 @@ export class BotFrameworkAdapter extends BotAdapter implements CredentialTokenPr
     /**
      * 
      * @remarks
+     * When building credentials for bot-to-bot communication, oAuthScope must be passed in.
      * @param appId 
      * @param oAuthScope 
      */
     protected async buildCredentials(appId: string, oAuthScope?: string): Promise<AppCredentials> {
         // There is no cache for AppCredentials in JS as opposed to C#.
         // Instead of retrieving an AppCredentials from the Adapter instance, generate a new one
         const appPassword = await this.credentialsProvider.getAppPassword(appId);
-        return new MicrosoftAppCredentials(appId, appPassword, undefined, oAuthScope);
+        const credentials = new MicrosoftAppCredentials(appId, appPassword, this.settings.channelAuthTenant, oAuthScope);
+        if (JwtTokenValidation.isGovernment(this.settings.channelService)) {
+            credentials.oAuthEndpoint = GovernmentConstants.ToChannelFromBotLoginUrl;
+            credentials.oAuthScope = oAuthScope || GovernmentConstants.ToChannelFromBotOAuthScope;
+        }
+
+        return credentials;
     }
 
     /**
@@ -1368,10 +1370,10 @@ function parseRequest(req: WebRequest): Promise<Activity> {
             }
         } else {
             let requestData = '';
-            req.on('data', (chunk: string) => {
+            req.on('data', (chunk: string): void => {
                 requestData += chunk;
             });
-            req.on('end', () => {
+            req.on('end', (): void => {
                 try {
                     req.body = JSON.parse(requestData);
                     returnActivity(req.body);
@@ -1384,15 +1386,15 @@ function parseRequest(req: WebRequest): Promise<Activity> {
 }
 
 function delay(timeout: number): Promise<void> {
-    return new Promise((resolve) => {
+    return new Promise((resolve): void => {
         setTimeout(resolve, timeout);
     });
 }
 
-function abortWebSocketUpgrade(socket: INodeSocket, code: number, message?: string) {
+function abortWebSocketUpgrade(socket: INodeSocket, code: number, message?: string): void {
     if (socket.writable) {
         const connectionHeader = `Connection: 'close'\r\n`;
-        socket.write(`HTTP/1.1 ${code} ${STATUS_CODES[code]}\r\n${message}\r\n${connectionHeader}\r\n`);
+        socket.write(`HTTP/1.1 ${ code } ${ STATUS_CODES[code] }\r\n${ message }\r\n${ connectionHeader }\r\n`);
     }
 
     socket.destroy();

libraries/botbuilder/src/botFrameworkHttpClient.ts

@@ -100,11 +100,10 @@ export class BotFrameworkHttpClient {
         const appPassword = await this.credentialProvider.getAppPassword(appId);
         let appCredentials;        
         if (JwtTokenValidation.isGovernment(this.channelService)) {
-            appCredentials = new MicrosoftAppCredentials(appId, appPassword, this.channelService, oAuthScope);
+            appCredentials = new MicrosoftAppCredentials(appId, appPassword, undefined, oAuthScope);
             appCredentials.oAuthEndpoint = GovernmentConstants.ToChannelFromBotLoginUrl;
-            appCredentials.oAuthScope = GovernmentConstants.ToChannelFromBotOAuthScope;
         } else {
-            appCredentials = new MicrosoftAppCredentials(appId, appPassword, this.channelService, oAuthScope);
+            appCredentials = new MicrosoftAppCredentials(appId, appPassword, undefined, oAuthScope);
         }
         return appCredentials;
     }

libraries/botframework-connector/src/auth/appCredentials.ts

@@ -29,33 +29,50 @@ export abstract class AppCredentials implements msrest.ServiceClientCredentials
 
     public appId: string;
 
-    public oAuthEndpoint: string;
+    private _oAuthEndpoint: string;
     private _oAuthScope: string;
+    private _tenant: string;
     public tokenCacheKey: string;
     protected refreshingToken: Promise<adal.TokenResponse> | null = null;
-    protected readonly authenticationContext: adal.AuthenticationContext;
+    protected authenticationContext: adal.AuthenticationContext;
 
-    constructor(appId: string, channelAuthTenant?: string, oAuthScope: string = AuthenticationConstants.ToBotFromChannelTokenIssuer) {
+    public constructor(appId: string, channelAuthTenant?: string, oAuthScope: string = AuthenticationConstants.ToBotFromChannelTokenIssuer) {
         this.appId = appId;
-        const tenant = channelAuthTenant && channelAuthTenant.length > 0
-            ? channelAuthTenant
-            : AuthenticationConstants.DefaultChannelAuthTenant;
-        this.oAuthEndpoint = AuthenticationConstants.ToChannelFromBotLoginUrlPrefix + tenant;
+        this.tenant = channelAuthTenant;
+        this.oAuthEndpoint = AuthenticationConstants.ToChannelFromBotLoginUrlPrefix + this.tenant;
         this.oAuthScope = oAuthScope;
-        // aadApiVersion is set to '1.5' to avoid the "spn:" concatenation on the audience claim
-        // For more info, see https://github.com/AzureAD/azure-activedirectory-library-for-nodejs/issues/128
-        this.authenticationContext = new adal.AuthenticationContext(this.oAuthEndpoint, true, undefined, '1.5');
+    }
+
+    private get tenant(): string {
+        return this._tenant;
+    }
+
+    private set tenant(value: string) {
+        this._tenant = value && value.length > 0
+            ? value
+            : AuthenticationConstants.DefaultChannelAuthTenant;
     }
 
     public get oAuthScope(): string {
-        return this._oAuthScope
+        return this._oAuthScope;
     }
 
     public set oAuthScope(value: string) {
         this._oAuthScope = value;
         this.tokenCacheKey = `${ this.appId }${ this.oAuthScope }-cache`;
     }
 
+    public get oAuthEndpoint(): string {
+        return this._oAuthEndpoint;
+    }
+
+    public set oAuthEndpoint(value: string) {
+        // aadApiVersion is set to '1.5' to avoid the "spn:" concatenation on the audience claim
+        // For more info, see https://github.com/AzureAD/azure-activedirectory-library-for-nodejs/issues/128
+        this._oAuthEndpoint = value;
+        this.authenticationContext = new adal.AuthenticationContext(value, true, undefined, '1.5');
+    }
+
     /**
      * Adds the host of service url to trusted hosts.
      * If expiration time is not provided, the expiration date will be current (utc) date + 1 day.

libraries/botframework-connector/src/auth/authenticationConstants.ts

@@ -11,7 +11,7 @@ export namespace AuthenticationConstants {
      * 
      * DEPRECATED: DO NOT USE
      */
-    export const ToChannelFromBotLoginUrl = 'https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token';
+    export const ToChannelFromBotLoginUrl = 'https://login.microsoftonline.com/botframework.com';
 
     /**
      * TO CHANNEL FROM BOT: Login URL prefix
@@ -31,7 +31,7 @@ export namespace AuthenticationConstants {
     /**
      * TO CHANNEL FROM BOT: OAuth scope to request
      */
-    export const ToChannelFromBotOAuthScope = 'https://api.botframework.com/.default';
+    export const ToChannelFromBotOAuthScope = 'https://api.botframework.com/';
 
     /**
      * TO BOT FROM CHANNEL: Token issuer

libraries/botframework-connector/src/auth/governmentConstants.ts

@@ -14,12 +14,12 @@ export namespace GovernmentConstants {
     /**
      * TO CHANNEL FROM BOT: Login URL
      */
-    export const ToChannelFromBotLoginUrl = 'https://login.microsoftonline.us/cab8a31a-1906-4287-a0d8-4eef66b95f6e/oauth2/v2.0/token';
+    export const ToChannelFromBotLoginUrl = 'https://login.microsoftonline.us/cab8a31a-1906-4287-a0d8-4eef66b95f6e';
 
     /**
      * TO CHANNEL FROM BOT: OAuth scope to request
      */
-    export const ToChannelFromBotOAuthScope = 'https://api.botframework.us/.default';
+    export const ToChannelFromBotOAuthScope = 'https://api.botframework.us';
 
     /**
      * TO BOT FROM CHANNEL: Token issuer

libraries/botframework-connector/src/auth/microsoftAppCredentials.ts

@@ -6,7 +6,7 @@
  * Licensed under the MIT License.
  */
 
-import * as adal from 'adal-node'
+import * as adal from 'adal-node';
 import { AppCredentials } from './appCredentials';
 
 /**
@@ -15,21 +15,21 @@ import { AppCredentials } from './appCredentials';
 export class MicrosoftAppCredentials extends AppCredentials {
     public appPassword: string;
 
-    constructor(appId: string, appPassword: string, channelAuthTenant?: string, oAuthScope?: string) {
+    public constructor(appId: string, appPassword: string, channelAuthTenant?: string, oAuthScope?: string) {
         super(appId, channelAuthTenant, oAuthScope);
         this.appPassword = appPassword;
     }
 
     protected async refreshToken(): Promise<adal.TokenResponse> {
         if (!this.refreshingToken) {
-            this.refreshingToken = new Promise<adal.TokenResponse>((resolve, reject) => {
-                this.authenticationContext.acquireTokenWithClientCredentials(this.oAuthScope, this.appId, this.appPassword, function(err, tokenResponse) {
+            this.refreshingToken = new Promise<adal.TokenResponse>((resolve, reject): void => {
+                this.authenticationContext.acquireTokenWithClientCredentials(this.oAuthScope, this.appId, this.appPassword, function(err, tokenResponse): void {
                     if (err) {
                         reject(err);
                     } else {
                         resolve(tokenResponse as adal.TokenResponse);
                     }
-                  });
+                });
 
             });
         }

libraries/testbot/bots/dialogAndWelcomeBot.js

@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-const { CardFactory } = require('botbuilder-core');
+const { CardFactory } = require('botbuilder');
 const { DialogBot } = require('./dialogBot');
 const WelcomeCard = require('./resources/welcomeCard.json');