Add Microsoft Teams integration (#6410)

* Add Microsoft Teams integration * Fix method naming error * Expand and clean up unit test coverage * Update with PR feedback * Add documentation, add In Progress logic/tests for Teams * Fixed lowercase Slack * Added docs; Updated PR suggestions; * Fix broken tests
2026-01-01 08:03:23 +00:00 · 2025-10-10 10:39:31 -04:00
parent 3272586e31
commit a565fd9ee4
41 changed files with 1839 additions and 99 deletions
--- a/test/Core.Test/AdminConsole/Models/Data/Teams/TeamsBotCredentialProviderTests.cs
+++ b/test/Core.Test/AdminConsole/Models/Data/Teams/TeamsBotCredentialProviderTests.cs
@@ -0,0 +1,56 @@
+using Bit.Core.AdminConsole.Models.Teams;
+using Microsoft.Bot.Connector.Authentication;
+using Xunit;
+
+namespace Bit.Core.Test.Models.Data.Teams;
+
+public class TeamsBotCredentialProviderTests
+{
+    private string _clientId = "client id";
+    private string _clientSecret = "client secret";
+
+    [Fact]
+    public async Task IsValidAppId_MustMatchClientId()
+    {
+        var sut = new TeamsBotCredentialProvider(_clientId, _clientSecret);
+
+        Assert.True(await sut.IsValidAppIdAsync(_clientId));
+        Assert.False(await sut.IsValidAppIdAsync("Different id"));
+    }
+
+    [Fact]
+    public async Task GetAppPasswordAsync_MatchingClientId_ReturnsClientSecret()
+    {
+        var sut = new TeamsBotCredentialProvider(_clientId, _clientSecret);
+        var password = await sut.GetAppPasswordAsync(_clientId);
+        Assert.Equal(_clientSecret, password);
+    }
+
+    [Fact]
+    public async Task GetAppPasswordAsync_NotMatchingClientId_ReturnsNull()
+    {
+        var sut = new TeamsBotCredentialProvider(_clientId, _clientSecret);
+        Assert.Null(await sut.GetAppPasswordAsync("Different id"));
+    }
+
+    [Fact]
+    public async Task IsAuthenticationDisabledAsync_ReturnsFalse()
+    {
+        var sut = new TeamsBotCredentialProvider(_clientId, _clientSecret);
+        Assert.False(await sut.IsAuthenticationDisabledAsync());
+    }
+
+    [Fact]
+    public async Task ValidateIssuerAsync_ExpectedIssuer_ReturnsTrue()
+    {
+        var sut = new TeamsBotCredentialProvider(_clientId, _clientSecret);
+        Assert.True(await sut.ValidateIssuerAsync(AuthenticationConstants.ToBotFromChannelTokenIssuer));
+    }
+
+    [Fact]
+    public async Task ValidateIssuerAsync_UnexpectedIssuer_ReturnsFalse()
+    {
+        var sut = new TeamsBotCredentialProvider(_clientId, _clientSecret);
+        Assert.False(await sut.ValidateIssuerAsync("unexpected issuer"));
+    }
+}
--- a/test/Core.Test/AdminConsole/Services/IntegrationTypeTests.cs
+++ b/test/Core.Test/AdminConsole/Services/IntegrationTypeTests.cs
@@ -5,17 +5,6 @@ namespace Bit.Core.Test.Services;

 public class IntegrationTypeTests
 {
-    [Fact]
-    public void ToRoutingKey_Slack_Succeeds()
-    {
-        Assert.Equal("slack", IntegrationType.Slack.ToRoutingKey());
-    }
-    [Fact]
-    public void ToRoutingKey_Webhook_Succeeds()
-    {
-        Assert.Equal("webhook", IntegrationType.Webhook.ToRoutingKey());
-    }
-
    [Fact]
    public void ToRoutingKey_CloudBillingSync_ThrowsException()
    {
@@ -27,4 +16,34 @@ public class IntegrationTypeTests
    {
        Assert.Throws<ArgumentOutOfRangeException>(() => IntegrationType.Scim.ToRoutingKey());
    }
+
+    [Fact]
+    public void ToRoutingKey_Slack_Succeeds()
+    {
+        Assert.Equal("slack", IntegrationType.Slack.ToRoutingKey());
+    }
+
+    [Fact]
+    public void ToRoutingKey_Webhook_Succeeds()
+    {
+        Assert.Equal("webhook", IntegrationType.Webhook.ToRoutingKey());
+    }
+
+    [Fact]
+    public void ToRoutingKey_Hec_Succeeds()
+    {
+        Assert.Equal("hec", IntegrationType.Hec.ToRoutingKey());
+    }
+
+    [Fact]
+    public void ToRoutingKey_Datadog_Succeeds()
+    {
+        Assert.Equal("datadog", IntegrationType.Datadog.ToRoutingKey());
+    }
+
+    [Fact]
+    public void ToRoutingKey_Teams_Succeeds()
+    {
+        Assert.Equal("teams", IntegrationType.Teams.ToRoutingKey());
+    }
 }
--- a/test/Core.Test/AdminConsole/Services/SlackServiceTests.cs
+++ b/test/Core.Test/AdminConsole/Services/SlackServiceTests.cs
@@ -296,6 +296,18 @@ public class SlackServiceTests
        Assert.Equal("test-access-token", result);
    }

+    [Theory]
+    [InlineData("test-code", "")]
+    [InlineData("", "https://example.com/callback")]
+    [InlineData("", "")]
+    public async Task ObtainTokenViaOAuth_ReturnsEmptyString_WhenCodeOrRedirectUrlIsEmpty(string code, string redirectUrl)
+    {
+        var sutProvider = GetSutProvider();
+        var result = await sutProvider.Sut.ObtainTokenViaOAuth(code, redirectUrl);
+
+        Assert.Equal(string.Empty, result);
+    }
+
    [Fact]
    public async Task ObtainTokenViaOAuth_ReturnsEmptyString_WhenErrorResponse()
    {
--- a/test/Core.Test/AdminConsole/Services/TeamsIntegrationHandlerTests.cs
+++ b/test/Core.Test/AdminConsole/Services/TeamsIntegrationHandlerTests.cs
@@ -0,0 +1,126 @@
+using Bit.Core.AdminConsole.Models.Data.EventIntegrations;
+using Bit.Core.Services;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Bit.Test.Common.Helpers;
+using Microsoft.Rest;
+using NSubstitute;
+using NSubstitute.ExceptionExtensions;
+using Xunit;
+
+namespace Bit.Core.Test.Services;
+
+[SutProviderCustomize]
+public class TeamsIntegrationHandlerTests
+{
+    private readonly ITeamsService _teamsService = Substitute.For<ITeamsService>();
+    private readonly string _channelId = "C12345";
+    private readonly Uri _serviceUrl = new Uri("http://localhost");
+
+    private SutProvider<TeamsIntegrationHandler> GetSutProvider()
+    {
+        return new SutProvider<TeamsIntegrationHandler>()
+            .SetDependency(_teamsService)
+            .Create();
+    }
+
+    [Theory, BitAutoData]
+    public async Task HandleAsync_SuccessfulRequest_ReturnsSuccess(IntegrationMessage<TeamsIntegrationConfigurationDetails> message)
+    {
+        var sutProvider = GetSutProvider();
+        message.Configuration = new TeamsIntegrationConfigurationDetails(_channelId, _serviceUrl);
+
+        var result = await sutProvider.Sut.HandleAsync(message);
+
+        Assert.True(result.Success);
+        Assert.Equal(result.Message, message);
+
+        await sutProvider.GetDependency<ITeamsService>().Received(1).SendMessageToChannelAsync(
+            Arg.Is(AssertHelper.AssertPropertyEqual(_serviceUrl)),
+            Arg.Is(AssertHelper.AssertPropertyEqual(_channelId)),
+            Arg.Is(AssertHelper.AssertPropertyEqual(message.RenderedTemplate))
+        );
+    }
+
+
+    [Theory, BitAutoData]
+    public async Task HandleAsync_HttpExceptionNonRetryable_ReturnsFalseAndNotRetryable(IntegrationMessage<TeamsIntegrationConfigurationDetails> message)
+    {
+        var sutProvider = GetSutProvider();
+        message.Configuration = new TeamsIntegrationConfigurationDetails(_channelId, _serviceUrl);
+
+        sutProvider.GetDependency<ITeamsService>()
+            .SendMessageToChannelAsync(Arg.Any<Uri>(), Arg.Any<string>(), Arg.Any<string>())
+            .ThrowsAsync(new HttpOperationException("Server error")
+            {
+                Response = new HttpResponseMessageWrapper(
+                        new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden),
+                        "Forbidden"
+                    )
+            }
+            );
+        var result = await sutProvider.Sut.HandleAsync(message);
+
+        Assert.False(result.Success);
+        Assert.False(result.Retryable);
+        Assert.Equal(result.Message, message);
+
+        await sutProvider.GetDependency<ITeamsService>().Received(1).SendMessageToChannelAsync(
+            Arg.Is(AssertHelper.AssertPropertyEqual(_serviceUrl)),
+            Arg.Is(AssertHelper.AssertPropertyEqual(_channelId)),
+            Arg.Is(AssertHelper.AssertPropertyEqual(message.RenderedTemplate))
+        );
+    }
+
+    [Theory, BitAutoData]
+    public async Task HandleAsync_HttpExceptionRetryable_ReturnsFalseAndRetryable(IntegrationMessage<TeamsIntegrationConfigurationDetails> message)
+    {
+        var sutProvider = GetSutProvider();
+        message.Configuration = new TeamsIntegrationConfigurationDetails(_channelId, _serviceUrl);
+
+        sutProvider.GetDependency<ITeamsService>()
+            .SendMessageToChannelAsync(Arg.Any<Uri>(), Arg.Any<string>(), Arg.Any<string>())
+            .ThrowsAsync(new HttpOperationException("Server error")
+            {
+                Response = new HttpResponseMessageWrapper(
+                        new HttpResponseMessage(System.Net.HttpStatusCode.TooManyRequests),
+                        "Too Many Requests"
+                    )
+            }
+            );
+
+        var result = await sutProvider.Sut.HandleAsync(message);
+
+        Assert.False(result.Success);
+        Assert.True(result.Retryable);
+        Assert.Equal(result.Message, message);
+
+        await sutProvider.GetDependency<ITeamsService>().Received(1).SendMessageToChannelAsync(
+            Arg.Is(AssertHelper.AssertPropertyEqual(_serviceUrl)),
+            Arg.Is(AssertHelper.AssertPropertyEqual(_channelId)),
+            Arg.Is(AssertHelper.AssertPropertyEqual(message.RenderedTemplate))
+        );
+    }
+
+    [Theory, BitAutoData]
+    public async Task HandleAsync_UnknownException_ReturnsFalseAndNotRetryable(IntegrationMessage<TeamsIntegrationConfigurationDetails> message)
+    {
+        var sutProvider = GetSutProvider();
+        message.Configuration = new TeamsIntegrationConfigurationDetails(_channelId, _serviceUrl);
+
+        sutProvider.GetDependency<ITeamsService>()
+            .SendMessageToChannelAsync(Arg.Any<Uri>(), Arg.Any<string>(), Arg.Any<string>())
+            .ThrowsAsync(new Exception("Unknown error"));
+        var result = await sutProvider.Sut.HandleAsync(message);
+
+        Assert.False(result.Success);
+        Assert.False(result.Retryable);
+        Assert.Equal(result.Message, message);
+
+        await sutProvider.GetDependency<ITeamsService>().Received(1).SendMessageToChannelAsync(
+            Arg.Is(AssertHelper.AssertPropertyEqual(_serviceUrl)),
+            Arg.Is(AssertHelper.AssertPropertyEqual(_channelId)),
+            Arg.Is(AssertHelper.AssertPropertyEqual(message.RenderedTemplate))
+        );
+    }
+}
--- a/test/Core.Test/AdminConsole/Services/TeamsServiceTests.cs
+++ b/test/Core.Test/AdminConsole/Services/TeamsServiceTests.cs
@@ -0,0 +1,289 @@
+#nullable enable
+
+using System.Net;
+using System.Text.Json;
+using System.Web;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Models.Data.EventIntegrations;
+using Bit.Core.Models.Teams;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Bit.Test.Common.MockedHttpClient;
+using NSubstitute;
+using Xunit;
+using GlobalSettings = Bit.Core.Settings.GlobalSettings;
+
+namespace Bit.Core.Test.Services;
+
+[SutProviderCustomize]
+public class TeamsServiceTests
+{
+    private readonly MockedHttpMessageHandler _handler;
+    private readonly HttpClient _httpClient;
+
+    public TeamsServiceTests()
+    {
+        _handler = new MockedHttpMessageHandler();
+        _httpClient = _handler.ToHttpClient();
+    }
+
+    private SutProvider<TeamsService> GetSutProvider()
+    {
+        var clientFactory = Substitute.For<IHttpClientFactory>();
+        clientFactory.CreateClient(TeamsService.HttpClientName).Returns(_httpClient);
+
+        var globalSettings = Substitute.For<GlobalSettings>();
+        globalSettings.Teams.LoginBaseUrl.Returns("https://login.example.com");
+        globalSettings.Teams.GraphBaseUrl.Returns("https://graph.example.com");
+
+        return new SutProvider<TeamsService>()
+            .SetDependency(clientFactory)
+            .SetDependency(globalSettings)
+            .Create();
+    }
+
+    [Fact]
+    public void GetRedirectUrl_ReturnsCorrectUrl()
+    {
+        var sutProvider = GetSutProvider();
+        var clientId = sutProvider.GetDependency<GlobalSettings>().Teams.ClientId;
+        var scopes = sutProvider.GetDependency<GlobalSettings>().Teams.Scopes;
+        var callbackUrl = "https://example.com/callback";
+        var state = Guid.NewGuid().ToString();
+        var result = sutProvider.Sut.GetRedirectUrl(callbackUrl, state);
+
+        var uri = new Uri(result);
+        var query = HttpUtility.ParseQueryString(uri.Query);
+
+        Assert.Equal(clientId, query["client_id"]);
+        Assert.Equal(scopes, query["scope"]);
+        Assert.Equal(callbackUrl, query["redirect_uri"]);
+        Assert.Equal(state, query["state"]);
+        Assert.Equal("login.example.com", uri.Host);
+        Assert.Equal("/common/oauth2/v2.0/authorize", uri.AbsolutePath);
+    }
+
+    [Fact]
+    public async Task ObtainTokenViaOAuth_Success_ReturnsAccessToken()
+    {
+        var sutProvider = GetSutProvider();
+        var jsonResponse = JsonSerializer.Serialize(new
+        {
+            access_token = "test-access-token"
+        });
+
+        _handler.When("https://login.example.com/common/oauth2/v2.0/token")
+            .RespondWith(HttpStatusCode.OK)
+            .WithContent(new StringContent(jsonResponse));
+
+        var result = await sutProvider.Sut.ObtainTokenViaOAuth("test-code", "https://example.com/callback");
+
+        Assert.Equal("test-access-token", result);
+    }
+
+    [Theory]
+    [InlineData("test-code", "")]
+    [InlineData("", "https://example.com/callback")]
+    [InlineData("", "")]
+    public async Task ObtainTokenViaOAuth_CodeOrRedirectUrlIsEmpty_ReturnsEmptyString(string code, string redirectUrl)
+    {
+        var sutProvider = GetSutProvider();
+        var result = await sutProvider.Sut.ObtainTokenViaOAuth(code, redirectUrl);
+
+        Assert.Equal(string.Empty, result);
+    }
+
+    [Fact]
+    public async Task ObtainTokenViaOAuth_HttpFailure_ReturnsEmptyString()
+    {
+        var sutProvider = GetSutProvider();
+        _handler.When("https://login.example.com/common/oauth2/v2.0/token")
+            .RespondWith(HttpStatusCode.InternalServerError)
+            .WithContent(new StringContent(string.Empty));
+
+        var result = await sutProvider.Sut.ObtainTokenViaOAuth("test-code", "https://example.com/callback");
+
+        Assert.Equal(string.Empty, result);
+    }
+
+    [Fact]
+    public async Task ObtainTokenViaOAuth_UnknownResponse_ReturnsEmptyString()
+    {
+        var sutProvider = GetSutProvider();
+
+        _handler.When("https://login.example.com/common/oauth2/v2.0/token")
+            .RespondWith(HttpStatusCode.OK)
+            .WithContent(new StringContent("Not an expected response"));
+
+        var result = await sutProvider.Sut.ObtainTokenViaOAuth("test-code", "https://example.com/callback");
+
+        Assert.Equal(string.Empty, result);
+    }
+
+    [Fact]
+    public async Task GetJoinedTeamsAsync_Success_ReturnsTeams()
+    {
+        var sutProvider = GetSutProvider();
+
+        var jsonResponse = JsonSerializer.Serialize(new
+        {
+            value = new[]
+            {
+                new { id = "team1", displayName = "Team One" },
+                new { id = "team2", displayName = "Team Two" }
+            }
+        });
+
+        _handler.When("https://graph.example.com/me/joinedTeams")
+            .RespondWith(HttpStatusCode.OK)
+            .WithContent(new StringContent(jsonResponse));
+
+        var result = await sutProvider.Sut.GetJoinedTeamsAsync("fake-access-token");
+
+        Assert.Equal(2, result.Count);
+        Assert.Contains(result, t => t is { Id: "team1", DisplayName: "Team One" });
+        Assert.Contains(result, t => t is { Id: "team2", DisplayName: "Team Two" });
+    }
+
+    [Fact]
+    public async Task GetJoinedTeamsAsync_ServerReturnsEmpty_ReturnsEmptyList()
+    {
+        var sutProvider = GetSutProvider();
+
+        var jsonResponse = JsonSerializer.Serialize(new { value = (object?)null });
+
+        _handler.When("https://graph.example.com/me/joinedTeams")
+            .RespondWith(HttpStatusCode.OK)
+            .WithContent(new StringContent(jsonResponse));
+
+        var result = await sutProvider.Sut.GetJoinedTeamsAsync("fake-access-token");
+
+        Assert.NotNull(result);
+        Assert.Empty(result);
+    }
+
+    [Fact]
+    public async Task GetJoinedTeamsAsync_ServerErrorCode_ReturnsEmptyList()
+    {
+        var sutProvider = GetSutProvider();
+
+        _handler.When("https://graph.example.com/me/joinedTeams")
+            .RespondWith(HttpStatusCode.Unauthorized)
+            .WithContent(new StringContent("Unauthorized"));
+
+        var result = await sutProvider.Sut.GetJoinedTeamsAsync("fake-access-token");
+
+        Assert.NotNull(result);
+        Assert.Empty(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HandleIncomingAppInstall_Success_UpdatesTeamsIntegration(
+        OrganizationIntegration integration)
+    {
+        var sutProvider = GetSutProvider();
+        var tenantId = Guid.NewGuid().ToString();
+        var teamId = Guid.NewGuid().ToString();
+        var conversationId = Guid.NewGuid().ToString();
+        var serviceUrl = new Uri("https://localhost");
+        var initiatedConfiguration = new TeamsIntegration(TenantId: tenantId, Teams:
+        [
+            new TeamInfo() { Id = teamId, DisplayName = "test team", TenantId = tenantId },
+            new TeamInfo() { Id = Guid.NewGuid().ToString(), DisplayName = "other team", TenantId = tenantId },
+            new TeamInfo() { Id = Guid.NewGuid().ToString(), DisplayName = "third team", TenantId = tenantId }
+        ]);
+        integration.Configuration = JsonSerializer.Serialize(initiatedConfiguration);
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByTeamsConfigurationTenantIdTeamId(tenantId, teamId)
+            .Returns(integration);
+
+        OrganizationIntegration? capturedIntegration = null;
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .UpsertAsync(Arg.Do<OrganizationIntegration>(x => capturedIntegration = x));
+
+        await sutProvider.Sut.HandleIncomingAppInstallAsync(
+            conversationId: conversationId,
+            serviceUrl: serviceUrl,
+            teamId: teamId,
+            tenantId: tenantId
+        );
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1).GetByTeamsConfigurationTenantIdTeamId(tenantId, teamId);
+        Assert.NotNull(capturedIntegration);
+        var configuration = JsonSerializer.Deserialize<TeamsIntegration>(capturedIntegration.Configuration ?? string.Empty);
+        Assert.NotNull(configuration);
+        Assert.NotNull(configuration.ServiceUrl);
+        Assert.Equal(serviceUrl, configuration.ServiceUrl);
+        Assert.Equal(conversationId, configuration.ChannelId);
+    }
+
+    [Fact]
+    public async Task HandleIncomingAppInstall_NoIntegrationMatched_DoesNothing()
+    {
+        var sutProvider = GetSutProvider();
+        await sutProvider.Sut.HandleIncomingAppInstallAsync(
+            conversationId: "conversationId",
+            serviceUrl: new Uri("https://localhost"),
+            teamId: "teamId",
+            tenantId: "tenantId"
+        );
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1).GetByTeamsConfigurationTenantIdTeamId("tenantId", "teamId");
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive().UpsertAsync(Arg.Any<OrganizationIntegration>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task HandleIncomingAppInstall_MatchedIntegrationAlreadySetup_DoesNothing(
+        OrganizationIntegration integration)
+    {
+        var sutProvider = GetSutProvider();
+        var tenantId = Guid.NewGuid().ToString();
+        var teamId = Guid.NewGuid().ToString();
+        var initiatedConfiguration = new TeamsIntegration(
+            TenantId: tenantId,
+            Teams: [new TeamInfo() { Id = teamId, DisplayName = "test team", TenantId = tenantId }],
+            ChannelId: "ChannelId",
+            ServiceUrl: new Uri("https://localhost")
+        );
+        integration.Configuration = JsonSerializer.Serialize(initiatedConfiguration);
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByTeamsConfigurationTenantIdTeamId(tenantId, teamId)
+            .Returns(integration);
+
+        await sutProvider.Sut.HandleIncomingAppInstallAsync(
+            conversationId: "conversationId",
+            serviceUrl: new Uri("https://localhost"),
+            teamId: teamId,
+            tenantId: tenantId
+        );
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1).GetByTeamsConfigurationTenantIdTeamId(tenantId, teamId);
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive().UpsertAsync(Arg.Any<OrganizationIntegration>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task HandleIncomingAppInstall_MatchedIntegrationWithMissingConfiguration_DoesNothing(
+        OrganizationIntegration integration)
+    {
+        var sutProvider = GetSutProvider();
+        integration.Configuration = null;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByTeamsConfigurationTenantIdTeamId("tenantId", "teamId")
+            .Returns(integration);
+
+        await sutProvider.Sut.HandleIncomingAppInstallAsync(
+            conversationId: "conversationId",
+            serviceUrl: new Uri("https://localhost"),
+            teamId: "teamId",
+            tenantId: "tenantId"
+        );
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1).GetByTeamsConfigurationTenantIdTeamId("tenantId", "teamId");
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive().UpsertAsync(Arg.Any<OrganizationIntegration>());
+    }
+}