11237135309

Committed 08 Oct 2024 02:02PM UTC coverage: 85.242% (-0.1%) from 85.349%

Build # 11237135309

Build Type

push

github

Committed by

web-flow

Commit Message

port: [#4632] Support Federated Identity Credential (#4765)

* Add FIC support

* Fix lint

* Add appId validation

Run Details

8187 of 10646 branches covered (76.9%)

Branch coverage included in aggregate %.

12 of 33 new or added lines in 3 files covered. (36.36%)

20444 of 22942 relevant lines covered (89.11%)

7346.65 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

16.67

/libraries/botframework-connector/src/auth/federatedServiceClientCredentialsFactory.ts

/**
 * @module botframework-connector
 */
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.

import { ok } from 'assert';
import type { ServiceClientCredentials } from '@azure/core-http';
import { ServiceClientCredentialsFactory } from './serviceClientCredentialsFactory';
import { FederatedAppCredentials } from './federatedAppCredentials';

/**
 * A Federated Credentials implementation of the [ServiceClientCredentialsFactory](xref:botframework-connector.ServiceClientCredentialsFactory) interface.
 */
export class FederatedServiceClientCredentialsFactory extends ServiceClientCredentialsFactory {
    /**
     * Initializes a new instance of the [FederatedServiceClientCredentialsFactory](xref:botframework-connector.FederatedServiceClientCredentialsFactory) class.
     *
     * @param {string} appId App ID for the Application.
     * @param {string} clientId Client ID for the managed identity assigned to the bot.
     * @param {string} tenantId Tenant ID of the Azure AD tenant where the bot is created.
     *   * **Required** for SingleTenant app types.
     *   * **Optional** for MultiTenant app types. **Note**: '_botframework.com_' is the default tenant when no value is provided.
     *
     * More information: https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types.
     * @param {string} clientAudience **Optional**. The Audience used in the Client's Federated Credential. **Default** (_api://AzureADTokenExchange_).
     */
    constructor(
        private appId: string,
        private clientId: string,
        private tenantId?: string,
        private clientAudience?: string
    ) {
        super();

        ok(appId?.trim(), 'FederatedServiceClientCredentialsFactory.constructor(): missing appId.');
        ok(clientId?.trim(), 'FederatedServiceClientCredentialsFactory.constructor(): missing clientId.');
    }

    /**
     * @inheritdoc
     */
    async isValidAppId(appId = ''): Promise<boolean> {
        return appId === this.appId;
    }

    /**
     * @inheritdoc
     */
    async isAuthenticationDisabled(): Promise<boolean> {
        // Auth is always enabled for FIC.
        return;
    }

    /**
     * @inheritdoc
     */
    async createCredentials(appId: string, audience: string): Promise<ServiceClientCredentials> {
        ok(
            await this.isValidAppId(appId),
            'FederatedServiceClientCredentialsFactory.createCredentials(): Invalid App ID.'
        );

        return new FederatedAppCredentials(this.appId, this.clientId, this.tenantId, audience, this.clientAudience);
    }
}

1	/**
2	* @module botframework-connector
3	*/
4	// Copyright (c) Microsoft Corporation.
5	// Licensed under the MIT License.
6
7	import { ok } from 'assert';	2✔
8	import type { ServiceClientCredentials } from '@azure/core-http';
9	import { ServiceClientCredentialsFactory } from './serviceClientCredentialsFactory';	2✔
10	import { FederatedAppCredentials } from './federatedAppCredentials';	2✔
11
12	/**
13	* A Federated Credentials implementation of the [ServiceClientCredentialsFactory](xref:botframework-connector.ServiceClientCredentialsFactory) interface.
14	*/
15	export class FederatedServiceClientCredentialsFactory extends ServiceClientCredentialsFactory {	2✔
16	/**
17	* Initializes a new instance of the [FederatedServiceClientCredentialsFactory](xref:botframework-connector.FederatedServiceClientCredentialsFactory) class.
18	*
19	* @param {string} appId App ID for the Application.
20	* @param {string} clientId Client ID for the managed identity assigned to the bot.
21	* @param {string} tenantId Tenant ID of the Azure AD tenant where the bot is created.
22	* * Required for SingleTenant app types.
23	* * Optional for MultiTenant app types. Note: '_botframework.com_' is the default tenant when no value is provided.
24	*
25	* More information: https://learn.microsoft.com/en-us/security/zero-trust/develop/identity-supported-account-types.
26	* @param {string} clientAudience Optional. The Audience used in the Client's Federated Credential. Default (_api://AzureADTokenExchange_).
27	*/
28	constructor(
NEW 29	private appId: string,	×
NEW 30	private clientId: string,	×
NEW 31	private tenantId?: string,	×
NEW 32	private clientAudience?: string	×
33	) {
NEW 34	super();	×
35
NEW 36	ok(appId?.trim(), 'FederatedServiceClientCredentialsFactory.constructor(): missing appId.');	×
NEW 37	ok(clientId?.trim(), 'FederatedServiceClientCredentialsFactory.constructor(): missing clientId.');	×
38	}
39
40	/**
41	* @inheritdoc
42	*/
43	async isValidAppId(appId = ''): Promise<boolean> {	×
NEW 44	return appId === this.appId;	×
45	}
46
47	/**
48	* @inheritdoc
49	*/
50	async isAuthenticationDisabled(): Promise<boolean> {
51	// Auth is always enabled for FIC.
NEW 52	return;	×
53	}
54
55	/**
56	* @inheritdoc
57	*/
58	async createCredentials(appId: string, audience: string): Promise<ServiceClientCredentials> {
NEW 59	ok(	×
60	await this.isValidAppId(appId),
61	'FederatedServiceClientCredentialsFactory.createCredentials(): Invalid App ID.'
62	);
63
NEW 64	return new FederatedAppCredentials(this.appId, this.clientId, this.tenantId, audience, this.clientAudience);	×
65	}
66	}

microsoft / botbuilder-js / 11237135309

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous