Skip to content

Commit

Permalink
fix: [#4545] Please upgrade zod package - botbuilder (#4561)
Browse files Browse the repository at this point in the history
* update zod in botbuilder

* change ts support in test consumer

* fix ts config

* simplify use of safeParse

* fix lint

---------

Co-authored-by: JhontSouth <jhonatan.sandoval@southworks.com>
# Conflicts:
#	libraries/botframework-schema/package.json
  • Loading branch information
sw-joelmut authored and Tracy Boehrer committed Nov 13, 2023
1 parent 6557dc2 commit cbbda49
Show file tree
Hide file tree
Showing 11 changed files with 990 additions and 36 deletions.
2 changes: 1 addition & 1 deletion libraries/botbuilder/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
"fs-extra": "^7.0.1",
"htmlparser2": "^6.0.1",
"uuid": "^8.3.2",
"zod": "~1.11.17"
"zod": "^3.22.4"
},
"devDependencies": {
"chai": "^4.2.0",
Expand Down
13 changes: 8 additions & 5 deletions libraries/botbuilder/src/botFrameworkAdapter.ts
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ import {
StatusCodes,
TokenResponse,
TurnContext,
conversationParametersObject,
} from 'botbuilder-core';

import {
Expand Down Expand Up @@ -391,7 +392,7 @@ export class BotFrameworkAdapter
maybeLogic?: (context: TurnContext) => Promise<void>
): Promise<void> {
let audience: string;
if (LogicT.check(oAuthScopeOrlogic)) {
if (LogicT.safeParse(oAuthScopeOrlogic).success) {
// Because the OAuthScope parameter was not provided, get the correct value via the channelService.
// In this scenario, the ConnectorClient for the continued conversation can only communicate with
// official channels, not with other bots.
Expand All @@ -401,8 +402,8 @@ export class BotFrameworkAdapter
} else {
audience = z.string().parse(oAuthScopeOrlogic);
}

const logic = LogicT.check(oAuthScopeOrlogic) ? oAuthScopeOrlogic : LogicT.parse(maybeLogic);
const logicParse = LogicT.safeParse(oAuthScopeOrlogic);
const logic = logicParse.success ? logicParse.data : LogicT.parse(maybeLogic);

let credentials = this.credentials;

Expand Down Expand Up @@ -510,10 +511,12 @@ export class BotFrameworkAdapter
if (!reference.serviceUrl) {
throw new Error('BotFrameworkAdapter.createConversation(): missing serviceUrl.');
}
const logicParse = LogicT.safeParse(parametersOrLogic);
const parameterParse = conversationParametersObject.partial().safeParse(parametersOrLogic);

const parameters = LogicT.check(parametersOrLogic) ? {} : parametersOrLogic;
const parameters = parameterParse.success ? parameterParse.data : {};

const logic = LogicT.check(parametersOrLogic) ? parametersOrLogic : LogicT.parse(maybeLogic);
const logic = logicParse.success ? logicParse.data : LogicT.parse(maybeLogic);

// Create conversation parameters, taking care to provide defaults that can be
// overridden by passed in parameters
Expand Down
4 changes: 2 additions & 2 deletions libraries/botbuilder/src/cloudAdapter.ts
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ import {
} from 'botframework-streaming';

// Note: this is _okay_ because we pass the result through `validateAndFixActivity`. Should not be used otherwise.
const ActivityT = z.custom<Activity>((val) => z.record(z.unknown()).check(val), { message: 'Activity' });
const ActivityT = z.custom<Activity>((val) => z.record(z.unknown()).safeParse(val).success, { message: 'Activity' });

/**
* An adapter that implements the Bot Framework Protocol and can be hosted in different cloud environmens both public and private.
Expand Down Expand Up @@ -118,7 +118,7 @@ export class CloudAdapter extends CloudAdapterBase implements BotFrameworkHttpAd
// Ensure we have a parsed request body already. We rely on express/restify middleware to parse
// request body and azure functions, which does it for us before invoking our code. Warn the user
// to update their code and return an error.
if (!z.record(z.unknown()).check(req.body)) {
if (!z.record(z.unknown()).safeParse(req.body).success) {
return end(
StatusCodes.BAD_REQUEST,
'`req.body` not an object, make sure you are using middleware to parse incoming requests.'
Expand Down
19 changes: 9 additions & 10 deletions libraries/botbuilder/src/setSpeakMiddleware.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,20 +11,19 @@ const supportedChannels = new Set<string>([Channels.DirectlineSpeech, Channels.E
function hasTag(tag: string, nodes: unknown[]): boolean {
while (nodes.length) {
const item = nodes.shift();
const itemParsed = z
.object({ tagName: z.string(), children: z.array(z.unknown()) })
.partial()
.nonstrict()
.safeParse(item);

if (
z
.object({ tagName: z.string(), children: z.array(z.unknown()) })
.partial()
.nonstrict()
.check(item)
) {
if (item.tagName === tag) {
if (itemParsed.success) {
if (itemParsed.data.tagName === tag) {
return true;
}

if (item.children) {
nodes.push(...item.children);
if (itemParsed.data.children) {
nodes.push(...itemParsed.data.children);
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -144,15 +144,17 @@ export class TeamsSSOTokenExchangeMiddleware implements Middleware {
const userTokenClient = context.turnState.get<UserTokenClient>(
(context.adapter as CloudAdapterBase).UserTokenClientKey
);
const exchangeToken = ExchangeToken.safeParse(context.adapter);

if (userTokenClient) {
tokenExchangeResponse = await userTokenClient.exchangeToken(
context.activity.from.id,
this.oAuthConnectionName,
context.activity.channelId,
{ token: tokenExchangeRequest.token }
);
} else if (ExchangeToken.check(context.adapter)) {
tokenExchangeResponse = await context.adapter.exchangeToken(
} else if (exchangeToken.success) {
tokenExchangeResponse = await exchangeToken.data.exchangeToken(
context,
this.oAuthConnectionName,
context.activity.channelId,
Expand Down
2 changes: 1 addition & 1 deletion libraries/botbuilder/tests/cloudAdapter.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ describe('CloudAdapter', function () {
describe('connectNamedPipe', function () {
it('throws for bad args', async function () {
const includesParam = (param) => (err) => {
assert(err.message.includes(`at ${param}`), err.message);
assert(err.message.includes(`${param}`), err.message);
return true;
};

Expand Down
2 changes: 1 addition & 1 deletion libraries/botframework-connector/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
"cross-fetch": "^3.0.5",
"jsonwebtoken": "^9.0.0",
"rsa-pem-from-mod-exp": "^0.8.4",
"zod": "~1.11.17"
"zod": "^3.22.4"
},
"devDependencies": {
"@types/jsonwebtoken": "8.3.5",
Expand Down
Loading

0 comments on commit cbbda49

Please sign in to comment.