fix(msteams): harden service url validation

eleqtrizit · eleqtrizit · commit a67b7284b9d8 · 2026-05-27T19:37:09.000Z
diff --git a/extensions/msteams/src/attachments/bot-framework.test.ts b/extensions/msteams/src/attachments/bot-framework.test.ts
@@ -226,6 +226,45 @@ describe("downloadMSTeamsBotFrameworkAttachment", () => {
     expect(runtime.saveCalls).toHaveLength(0);
   });
 
+  it("sends Bot Framework service tokens to auth-allowlisted service hosts", async () => {
+    const seenAuth: Array<string | null> = [];
+    const fileBytes = Buffer.from("BFBYTES", "utf-8");
+    const fetchFn: typeof fetch = (async (input: RequestInfo | URL, init?: RequestInit) => {
+      const url =
+        typeof input === "string" ? input : input instanceof URL ? input.toString() : input.url;
+      seenAuth.push(new Headers(init?.headers).get("authorization"));
+      if (url.endsWith("/v3/attachments/att-1")) {
+        return new Response(
+          JSON.stringify({
+            name: "doc.pdf",
+            type: "application/pdf",
+            views: [{ viewId: "original", size: fileBytes.byteLength }],
+          }),
+          { status: 200, headers: { "content-type": "application/json" } },
+        );
+      }
+      if (url.endsWith("/v3/attachments/att-1/views/original")) {
+        return new Response(fileBytes, {
+          status: 200,
+          headers: { "content-length": String(fileBytes.byteLength) },
+        });
+      }
+      return new Response("not found", { status: 404 });
+    }) as typeof fetch;
+
+    const media = await downloadMSTeamsBotFrameworkAttachment({
+      serviceUrl: "https://smba.trafficmanager.net/amer",
+      attachmentId: "att-1",
+      tokenProvider: buildTokenProvider(),
+      maxBytes: 10_000_000,
+      fetchFn,
+      resolveFn: resolvePublicHost,
+    });
+
+    expect(media?.path).toBe(runtime.savePath);
+    expect(seenAuth).toEqual(["Bearer bf-token", "Bearer bf-token"]);
+  });
+
   it("skips when attachment view size exceeds maxBytes", async () => {
     const info = {
       name: "huge.bin",
diff --git a/extensions/msteams/src/monitor.lifecycle.test.ts b/extensions/msteams/src/monitor.lifecycle.test.ts
@@ -322,6 +322,9 @@ describe("monitorMSTeamsProvider lifecycle", () => {
     if (!app) {
       throw new Error("expected Express app to be created");
     }
+    // This test intentionally locks auth middleware ordering: the cheap Bearer
+    // gate must run before bounded JSON parsing, and JWT validation must run
+    // after parsing so it can bind the token to Activity.serviceUrl.
     expect(app.use).toHaveBeenCalledTimes(4);
 
     const jsonMiddleware = vi.mocked((await import("express")).json).mock.results[0]?.value;
@@ -369,6 +372,27 @@ describe("monitorMSTeamsProvider lifecycle", () => {
       expect(next).toHaveBeenCalledTimes(1);
     });
 
+    jwtValidate.mockReset().mockResolvedValueOnce(false);
+    const missingServiceUrlNext = vi.fn();
+    const missingServiceUrlResponse = {
+      status: vi.fn().mockReturnThis(),
+      json: vi.fn(),
+    } as unknown as Response;
+    jwtMiddleware(
+      {
+        headers: { authorization: "Bearer token-no-service-url" },
+        body: { type: "message" },
+      } as Request,
+      missingServiceUrlResponse,
+      missingServiceUrlNext,
+    );
+
+    await vi.waitFor(() => {
+      expect(jwtValidate).toHaveBeenCalledWith("Bearer token-no-service-url", undefined);
+      expect(missingServiceUrlResponse.status).toHaveBeenCalledWith(401);
+      expect(missingServiceUrlNext).not.toHaveBeenCalled();
+    });
+
     abort.abort();
     await task;
   });
diff --git a/extensions/msteams/src/sdk.test.ts b/extensions/msteams/src/sdk.test.ts
@@ -365,6 +365,16 @@ describe("createBotFrameworkJwtValidator", () => {
     expect(opts.audience).toContain("https://api.botframework.com");
   });
 
+  it("accepts tokens with documented serviceUrl claim casing", async () => {
+    jwtState.decodedPayload = { iss: "https://api.botframework.com" };
+    jwtState.verifyResult = {
+      serviceUrl: activityServiceUrl,
+    };
+
+    const validator = await createBotFrameworkJwtValidator(creds);
+    await expect(validator.validate("Bearer botfw-token", activityServiceUrl)).resolves.toBe(true);
+  });
+
   it("accepts global audience tokens when azp matches the configured app id", async () => {
     jwtState.decodedPayload = { iss: "https://api.botframework.com" };
     jwtState.verifyResult = {
@@ -403,6 +413,18 @@ describe("createBotFrameworkJwtValidator", () => {
     await expect(validator.validate("Bearer botfw-token", activityServiceUrl)).resolves.toBe(false);
   });
 
+  it("rejects schemeless activity serviceUrls even when the host matches the token claim", async () => {
+    jwtState.decodedPayload = { iss: "https://api.botframework.com" };
+    jwtState.verifyResult = {
+      serviceurl: activityServiceUrl,
+    };
+
+    const validator = await createBotFrameworkJwtValidator(creds);
+    await expect(
+      validator.validate("Bearer botfw-token", "smba.trafficmanager.net/amer/"),
+    ).resolves.toBe(false);
+  });
+
   it("rejects tokens when the serviceurl claim is missing", async () => {
     jwtState.decodedPayload = { iss: "https://api.botframework.com" };
     jwtState.verifyResult = {
@@ -415,18 +437,69 @@ describe("createBotFrameworkJwtValidator", () => {
 
   it("rejects tokens when the activity serviceUrl is missing", async () => {
     jwtState.decodedPayload = { iss: "https://api.botframework.com" };
+    jwtState.verifyResult = {
+      serviceurl: activityServiceUrl,
+    };
 
     const validator = await createBotFrameworkJwtValidator(creds);
     await expect(validator.validate("Bearer botfw-token", undefined)).resolves.toBe(false);
   });
 
-  it("rejects serviceUrl values that are not Bot Framework base URLs", async () => {
+  it("rejects tokens when the activity serviceUrl is malformed", async () => {
     jwtState.decodedPayload = { iss: "https://api.botframework.com" };
+    jwtState.verifyResult = {
+      serviceurl: activityServiceUrl,
+    };
 
     const validator = await createBotFrameworkJwtValidator(creds);
-    await expect(
-      validator.validate("Bearer botfw-token", `${activityServiceUrl}?target=attacker`),
-    ).resolves.toBe(false);
+    await expect(validator.validate("Bearer botfw-token", "not a url")).resolves.toBe(false);
+  });
+
+  it.each([
+    "http://smba.trafficmanager.net/amer",
+    "HTTP://smba.trafficmanager.net/amer",
+    "wss://smba.trafficmanager.net/amer",
+    "ftp://smba.trafficmanager.net/amer",
+  ])("rejects non-HTTPS activity serviceUrl %s", async (serviceUrl) => {
+    jwtState.decodedPayload = { iss: "https://api.botframework.com" };
+    jwtState.verifyResult = {
+      serviceurl: serviceUrl,
+    };
+
+    const validator = await createBotFrameworkJwtValidator(creds);
+    await expect(validator.validate("Bearer botfw-token", serviceUrl)).resolves.toBe(false);
+  });
+
+  it("rejects serviceUrl values with query strings", async () => {
+    const queriedServiceUrl = `${activityServiceUrl}?target=attacker`;
+    jwtState.decodedPayload = { iss: "https://api.botframework.com" };
+    jwtState.verifyResult = {
+      serviceurl: queriedServiceUrl,
+    };
+
+    const validator = await createBotFrameworkJwtValidator(creds);
+    await expect(validator.validate("Bearer botfw-token", queriedServiceUrl)).resolves.toBe(false);
+  });
+
+  it("rejects serviceUrl values with fragments", async () => {
+    const fragmentServiceUrl = `${activityServiceUrl}#fragment`;
+    jwtState.decodedPayload = { iss: "https://api.botframework.com" };
+    jwtState.verifyResult = {
+      serviceurl: fragmentServiceUrl,
+    };
+
+    const validator = await createBotFrameworkJwtValidator(creds);
+    await expect(validator.validate("Bearer botfw-token", fragmentServiceUrl)).resolves.toBe(false);
+  });
+
+  it("rejects tokens when the serviceurl claim is not a string", async () => {
+    jwtState.decodedPayload = { iss: "https://api.botframework.com" };
+    jwtState.verifyResult = {
+      serviceurl: 123,
+    };
+
+    const validator = await createBotFrameworkJwtValidator(creds);
+    await expect(validator.validate("Bearer botfw-token", activityServiceUrl)).resolves.toBe(false);
   });
 
   it("rejects non-object verified payloads", async () => {
diff --git a/extensions/msteams/src/sdk.ts b/extensions/msteams/src/sdk.ts
@@ -735,7 +735,7 @@ function hasExpectedBotIdentity(payload: unknown, expectedAppId: string): boolea
   );
 }
 
-function normalizeBotFrameworkServiceUrl(value: unknown): string | null {
+function validateAndNormalizeBotFrameworkServiceUrl(value: unknown): string | null {
   if (typeof value !== "string") {
     return null;
   }
@@ -745,10 +745,10 @@ function normalizeBotFrameworkServiceUrl(value: unknown): string | null {
   }
   try {
     const url = new URL(trimmed);
-    if (url.protocol !== "https:") {
-      return null;
-    }
-    if (url.search || url.hash) {
+    // Match the signed endpoint, not a loosely equivalent URL: the URL parser
+    // normalizes host/default port, while path casing and encoding stay intact.
+    // Query/fragment values are not valid Bot Framework service endpoints.
+    if (url.protocol !== "https:" || url.search || url.hash) {
       return null;
     }
     return url.toString().replace(/\/+$/, "");
@@ -761,11 +761,14 @@ function hasMatchingServiceUrlClaim(
   payload: BotFrameworkJwtPayload,
   activityServiceUrl: string | undefined,
 ): boolean {
-  const expectedServiceUrl = normalizeBotFrameworkServiceUrl(activityServiceUrl);
+  const expectedServiceUrl = validateAndNormalizeBotFrameworkServiceUrl(activityServiceUrl);
   if (!expectedServiceUrl) {
     return false;
   }
-  const claimServiceUrl = normalizeBotFrameworkServiceUrl(payload.serviceurl ?? payload.serviceUrl);
+  // Bot Framework tokens commonly use lowercase `serviceurl`; keep the
+  // documented camelCase spelling as a narrow fallback for SDK/source variants.
+  const claimValue = payload.serviceurl ?? payload.serviceUrl;
+  const claimServiceUrl = validateAndNormalizeBotFrameworkServiceUrl(claimValue);
   return claimServiceUrl === expectedServiceUrl;
 }
 
@@ -836,11 +839,11 @@ async function loadBotFrameworkJwtDeps(): Promise<BotFrameworkJwtDeps> {
  * - signature verification via issuer-specific JWKS endpoints
  * - audience validation: appId, api://appId, and https://api.botframework.com
  * - issuer validation: strict allowlist (Bot Framework + tenant-scoped Entra)
- * - service URL binding: JWT serviceurl claim must match Activity.serviceUrl
+ * - service URL binding: JWT serviceurl claim must match a usable Activity.serviceUrl
  * - expiration validation with 5-minute clock tolerance
  */
 export async function createBotFrameworkJwtValidator(creds: MSTeamsCredentials): Promise<{
-  validate: (authHeader: string, activityServiceUrl: string | undefined) => Promise<boolean>;
+  validate: (authHeader: string, activityServiceUrl?: string) => Promise<boolean>;
 }> {
   const { jwt, JwksClient } = await loadBotFrameworkJwtDeps();
 
