change endorsements type from array to set

microsoft · Aug 21, 2023 · 6fa4051 · 6fa4051
1 parent 7110e8a
commit 6fa4051
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 17 deletions.
diff --git a/libraries/botframework-connector/src/auth/endorsementsValidator.ts b/libraries/botframework-connector/src/auth/endorsementsValidator.ts
@@ -25,14 +25,14 @@ export class EndorsementsValidator {
      * some specific channels. That list is the endorsement list, and is validated here against the channelId.
      * @returns {boolean} True is the channelId is found in the Endorsement set. False if the channelId is not found.
      */
-    static validate(channelId: string, endorsements: string[]): boolean {
+    static validate(channelId: string, endorsements: Set<string>): boolean {
         // If the Activity came in and doesn't have a Channel ID then it's making no
         // assertions as to who endorses it. This means it should pass.
         if (channelId === null || channelId.trim() === '') {
             return true;
         }
 
-        if (endorsements === null) {
+        if (!endorsements) {
             throw new AuthenticationError('endorsements required', StatusCodes.UNAUTHORIZED);
         }
 
@@ -47,11 +47,6 @@ export class EndorsementsValidator {
 
         // Does the set of endorsements match the channelId that was passed in?
 
-        // ToDo: Consider moving this to a HashSet instead of a string
-        // array, to make lookups O(1) instead of O(N). To give a sense
-        // of scope, tokens from WebChat have about 10 endorsements, and
-        // tokens coming from Teams have about 20.
-
-        return endorsements.some((value: string) => value === channelId);
+        return endorsements.has(channelId);
     }
 }
diff --git a/libraries/botframework-connector/src/auth/jwtTokenExtractor.ts b/libraries/botframework-connector/src/auth/jwtTokenExtractor.ts
@@ -156,12 +156,14 @@ export class JwtTokenExtractor {
             }
 
             // enforce endorsements in openIdMetadadata if there is any endorsements associated with the key
-            const endorsements = metadata.endorsements;
-            if (Array.isArray(endorsements) && endorsements.length !== 0) {
+            const endorsements = new Set<string>(metadata.endorsements);
+            if (endorsements.size !== 0) {
                 const isEndorsed = EndorsementsValidator.validate(channelId, endorsements);
                 if (!isEndorsed) {
                     throw new AuthenticationError(
-                        `Could not validate endorsement for key: ${keyId} with endorsements: ${endorsements.join(',')}`,
+                        `Could not validate endorsement for key: ${keyId} with endorsements: ${[...endorsements].join(
+                            ','
+                        )}`,
                         StatusCodes.UNAUTHORIZED
                     );
                 }

diff --git a/libraries/botframework-connector/tests/auth/endorsementsValidator.test.js b/libraries/botframework-connector/tests/auth/endorsementsValidator.test.js
@@ -6,30 +6,30 @@ const { EndorsementsValidator } = require('../..');
 
 describe('EndorsementsValidator', function () {
     it('with null channelId should pass', function () {
-        assert(EndorsementsValidator.validate(null, []));
+        assert(EndorsementsValidator.validate(null, new Set([])));
     });
 
     it('with null endorsements should throw', function () {
         assert.throws(() => EndorsementsValidator.validate('foo', null));
     });
 
     it('with unendorsed channelId should fail', function () {
-        assert(!EndorsementsValidator.validate('channelOne', []));
+        assert(!EndorsementsValidator.validate('channelOne', new Set([])));
     });
 
     it('with mismatched endorsements should fail', function () {
-        assert(!EndorsementsValidator.validate('right', ['wrong']));
+        assert(!EndorsementsValidator.validate('right', new Set(['wrong'])));
     });
 
     it('with endorsed channelId should pass', function () {
-        assert(EndorsementsValidator.validate('right', ['right']));
+        assert(EndorsementsValidator.validate('right', new Set(['right'])));
     });
 
     it('with endorsed channelId and many endorsements should pass', function () {
-        assert(EndorsementsValidator.validate('right', ['wrong', 'right']));
+        assert(EndorsementsValidator.validate('right', new Set(['wrong', 'right'])));
     });
 
     it('with empty channelId should pass', function () {
-        assert(EndorsementsValidator.validate('', ['wrong', 'right']));
+        assert(EndorsementsValidator.validate('', new Set(['wrong', 'right'])));
     });
 });