npm - @chat-adapter/teams - Versions diffs - 4.16.1 → 4.18.0 - Mend

@chat-adapter/teams 4.16.1 → 4.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -76,17 +76,37 @@ declare class TeamsFormatConverter extends BaseFormatConverter {
     private tableToGfm;
 }
+/** Certificate-based authentication config */
+interface TeamsAuthCertificate {
+    /** PEM-encoded certificate private key */
+    certificatePrivateKey: string;
+    /** Hex-encoded certificate thumbprint (optional when x5c is provided) */
+    certificateThumbprint?: string;
+    /** Public certificate for subject-name validation (optional) */
+    x5c?: string;
+}
+/** Federated (workload identity) authentication config */
+interface TeamsAuthFederated {
+    /** Audience for the federated credential (defaults to api://AzureADTokenExchange) */
+    clientAudience?: string;
+    /** Client ID for the managed identity assigned to the bot */
+    clientId: string;
+}
 interface TeamsAdapterConfig {
-    /** Microsoft App ID */
-    appId: string;
-    /** Microsoft App Password */
-    appPassword: string;
-    /** Microsoft App Tenant ID */
+    /** Microsoft App ID. Defaults to TEAMS_APP_ID env var. */
+    appId?: string;
+    /** Microsoft App Password. Defaults to TEAMS_APP_PASSWORD env var. */
+    appPassword?: string;
+    /** Microsoft App Tenant ID. Defaults to TEAMS_APP_TENANT_ID env var. */
     appTenantId?: string;
     /** Microsoft App Type */
     appType?: "MultiTenant" | "SingleTenant";
-    /** Logger instance for error reporting */
-    logger: Logger;
+    /** Certificate-based authentication */
+    certificate?: TeamsAuthCertificate;
+    /** Federated (workload identity) authentication */
+    federated?: TeamsAuthFederated;
+    /** Logger instance for error reporting. Defaults to ConsoleLogger. */
+    logger?: Logger;
     /** Override bot username (optional) */
     userName?: string;
 }
@@ -106,7 +126,7 @@ declare class TeamsAdapter implements Adapter<TeamsThreadId, unknown> {
     private readonly logger;
     private readonly formatConverter;
     private readonly config;
-    constructor(config: TeamsAdapterConfig);
+    constructor(config?: TeamsAdapterConfig);
     initialize(chat: ChatInstance): Promise<void>;
     handleWebhook(request: Request, options?: WebhookOptions): Promise<Response>;
     private handleTurn;
@@ -225,6 +245,6 @@ declare class TeamsAdapter implements Adapter<TeamsThreadId, unknown> {
      */
     private handleTeamsError;
 }
-declare function createTeamsAdapter(config?: Partial<TeamsAdapterConfig>): TeamsAdapter;
+declare function createTeamsAdapter(config?: TeamsAdapterConfig): TeamsAdapter;
-export { TeamsAdapter, type TeamsAdapterConfig, TeamsFormatConverter, type TeamsThreadId, cardToAdaptiveCard, cardToFallbackText, createTeamsAdapter };
+export { TeamsAdapter, type TeamsAdapterConfig, type TeamsAuthCertificate, type TeamsAuthFederated, TeamsFormatConverter, type TeamsThreadId, cardToAdaptiveCard, cardToFallbackText, createTeamsAdapter };

package/dist/index.js CHANGED Viewed

@@ -671,7 +671,11 @@ var require_azureTokenCredentials = __commonJS({
 });
 // src/index.ts
-import { ClientSecretCredential } from "@azure/identity";
+import {
+  ClientCertificateCredential,
+  ClientSecretCredential,
+  DefaultAzureCredential
+} from "@azure/identity";
 // ../../node_modules/.pnpm/@microsoft+microsoft-graph-client@3.0.7_@azure+identity@4.13.0/node_modules/@microsoft/microsoft-graph-client/lib/es/src/content/BatchRequestContent.js
 init_tslib_es6();
@@ -3563,6 +3567,10 @@ import {
   ConfigurationBotFrameworkAuthentication,
   TeamsInfo
 } from "botbuilder";
+import {
+  CertificateServiceClientCredentialsFactory,
+  FederatedServiceClientCredentialsFactory
+} from "botframework-connector";
 import {
   AdapterRateLimitError,
   AuthenticationError,
@@ -3882,8 +3890,22 @@ var TeamsFormatConverter = class extends BaseFormatConverter {
     );
     markdown = markdown.replace(/<code>([^<]+)<\/code>/gi, "`$1`");
     markdown = markdown.replace(/<pre>([^<]+)<\/pre>/gi, "```\n$1\n```");
-    markdown = markdown.replace(/<[^>]+>/g, "");
-    markdown = markdown.replace(/&lt;/g, "<").replace(/&gt;/g, ">").replace(/&amp;/g, "&").replace(/&quot;/g, '"').replace(/&#39;/g, "'");
+    let prev;
+    do {
+      prev = markdown;
+      markdown = markdown.replace(/<[^>]+>/g, "");
+    } while (markdown !== prev);
+    const entityMap = {
+      "&lt;": "<",
+      "&gt;": ">",
+      "&amp;": "&",
+      "&quot;": '"',
+      "&#39;": "'"
+    };
+    markdown = markdown.replace(
+      /&(?:lt|gt|amp|quot|#39);/g,
+      (match) => entityMap[match] ?? match
+    );
     return parseMarkdown(markdown);
   }
   nodeToTeams(node) {
@@ -3981,31 +4003,110 @@ var TeamsAdapter = class {
   logger;
   formatConverter = new TeamsFormatConverter();
   config;
-  constructor(config) {
-    this.config = config;
-    this.logger = config.logger;
+  constructor(config = {}) {
+    const appId = config.appId ?? process.env.TEAMS_APP_ID;
+    if (!appId) {
+      throw new ValidationError(
+        "teams",
+        "appId is required. Set TEAMS_APP_ID or provide it in config."
+      );
+    }
+    const hasExplicitAuth = config.appPassword || config.certificate || config.federated;
+    const appPassword = hasExplicitAuth ? config.appPassword : config.appPassword ?? process.env.TEAMS_APP_PASSWORD;
+    const appTenantId = config.appTenantId ?? process.env.TEAMS_APP_TENANT_ID;
+    this.config = {
+      ...config,
+      appId,
+      appPassword,
+      appTenantId
+    };
+    this.logger = config.logger ?? new ConsoleLogger("info").child("teams");
     this.userName = config.userName || "bot";
-    if (config.appType === "SingleTenant" && !config.appTenantId) {
+    const authMethodCount = [
+      appPassword,
+      config.certificate,
+      config.federated
+    ].filter(Boolean).length;
+    if (authMethodCount === 0) {
+      throw new ValidationError(
+        "teams",
+        "One of appPassword, certificate, or federated must be provided"
+      );
+    }
+    if (authMethodCount > 1) {
+      throw new ValidationError(
+        "teams",
+        "Only one of appPassword, certificate, or federated can be provided"
+      );
+    }
+    if (config.appType === "SingleTenant" && !appTenantId) {
       throw new ValidationError(
         "teams",
         "appTenantId is required for SingleTenant app type"
       );
     }
-    const auth = new ConfigurationBotFrameworkAuthentication({
-      MicrosoftAppId: config.appId,
-      MicrosoftAppPassword: config.appPassword,
+    const botFrameworkConfig = {
+      MicrosoftAppId: appId,
       MicrosoftAppType: config.appType || "MultiTenant",
-      MicrosoftAppTenantId: config.appType === "SingleTenant" ? config.appTenantId : void 0
-    });
-    this.botAdapter = new ServerlessCloudAdapter(auth);
-    if (config.appTenantId) {
-      const credential = new ClientSecretCredential(
-        config.appTenantId,
-        config.appId,
-        config.appPassword
+      MicrosoftAppTenantId: config.appType === "SingleTenant" ? appTenantId : void 0
+    };
+    let credentialsFactory;
+    let graphCredential;
+    if (config.certificate) {
+      const { certificatePrivateKey, certificateThumbprint, x5c } = config.certificate;
+      if (x5c) {
+        credentialsFactory = new CertificateServiceClientCredentialsFactory(
+          appId,
+          x5c,
+          certificatePrivateKey,
+          appTenantId
+        );
+      } else if (certificateThumbprint) {
+        credentialsFactory = new CertificateServiceClientCredentialsFactory(
+          appId,
+          certificateThumbprint,
+          certificatePrivateKey,
+          appTenantId
+        );
+      } else {
+        throw new ValidationError(
+          "teams",
+          "Certificate auth requires either certificateThumbprint or x5c"
+        );
+      }
+      if (appTenantId) {
+        graphCredential = new ClientCertificateCredential(appTenantId, appId, {
+          certificate: certificatePrivateKey
+        });
+      }
+    } else if (config.federated) {
+      credentialsFactory = new FederatedServiceClientCredentialsFactory(
+        appId,
+        config.federated.clientId,
+        appTenantId,
+        config.federated.clientAudience
+      );
+      if (appTenantId) {
+        graphCredential = new DefaultAzureCredential();
+      }
+    } else if (appPassword && appTenantId) {
+      graphCredential = new ClientSecretCredential(
+        appTenantId,
+        appId,
+        appPassword
       );
+    }
+    const auth = new ConfigurationBotFrameworkAuthentication(
+      {
+        ...botFrameworkConfig,
+        ...appPassword ? { MicrosoftAppPassword: appPassword } : {}
+      },
+      credentialsFactory
+    );
+    this.botAdapter = new ServerlessCloudAdapter(auth);
+    if (graphCredential) {
       const authProvider = new import_azureTokenCredentials.TokenCredentialAuthenticationProvider(
-        credential,
+        graphCredential,
         {
           scopes: ["https://graph.microsoft.com/.default"]
         }
@@ -5000,7 +5101,13 @@ var TeamsAdapter = class {
     }
     let text = "";
     if (msg.body?.content) {
-      text = msg.body.content.replace(/<[^>]*>/g, "").trim();
+      let stripped = msg.body.content;
+      let prev;
+      do {
+        prev = stripped;
+        stripped = stripped.replace(/<[^>]*>/g, "");
+      } while (stripped !== prev);
+      text = stripped.trim();
     }
     if (!text && msg.attachments?.length) {
       for (const att of msg.attachments) {
@@ -5589,29 +5696,7 @@ var TeamsAdapter = class {
   }
 };
 function createTeamsAdapter(config) {
-  const appId = config?.appId ?? process.env.TEAMS_APP_ID;
-  if (!appId) {
-    throw new ValidationError(
-      "teams",
-      "appId is required. Set TEAMS_APP_ID or provide it in config."
-    );
-  }
-  const appPassword = config?.appPassword ?? process.env.TEAMS_APP_PASSWORD;
-  if (!appPassword) {
-    throw new ValidationError(
-      "teams",
-      "appPassword is required. Set TEAMS_APP_PASSWORD or provide it in config."
-    );
-  }
-  const resolved = {
-    appId,
-    appPassword,
-    appTenantId: config?.appTenantId ?? process.env.TEAMS_APP_TENANT_ID,
-    appType: config?.appType,
-    logger: config?.logger ?? new ConsoleLogger("info").child("teams"),
-    userName: config?.userName
-  };
-  return new TeamsAdapter(resolved);
+  return new TeamsAdapter(config ?? {});
 }
 export {
   TeamsAdapter,