Botframework-emulator: POST /v3/conversations ➡ InternalServerError: Cannot read property 'appid' of undefined

Created on 26 Dec 2018  ·  6Comments  ·  Source: microsoft/BotFramework-Emulator

Version

4.2.1

Describe the bug

Bot Framework emulator is throwing a 500 InternalServerError when posting to /v3/conversations, despite the same code works in a deployed bot with Microsoft Teams.

(1) The error message is Cannot read property 'appid' of undefined, when the request contains a valid JWT Bearer token in the Authorization header. (The JWT payload DOES contain a property called appid btw.)

(2) If I leave the Authorization header empty, I get another 500 InternalServerError and the error message is Cannot read property 'payload' of undefined.

(3) If I send some random text as the Bearer token in the Authorization header - as suggested here - I get a 401 Unauthorized (at least not another 500 InternalServerError 🙄).

Repro steps

  1. Start the Bot Framework Emulator.
  2. Open Postman.
  3. Make a POST request to the local serviceUrl's /v3/conversations endpoint (it should look like this: http://localhost:PORT/v3/conversations) with the request body included below and (1) a JWT generated by the .NET Bot Builder SDK v4 / (2) nothing / (3) some random text in the Authorization header.
  4. See error.

Expected behavior

  • DO NOT give back 500 InternalServerErrors with JavaScript error messages on the API endpoints. Handle the errors and send back a 400 BadRequest or even an 500 InternalServerError but with a meaningful error message.
  • In the (1) situation the API should respond with a 200 OK and send the conversationId in the body of the response.
  • In the (2) situation the API should respond with a 401 Unauthorized IMHO, but clearly not with 500 InternalServerError.
  • In the (3) situation the 401 Unauthorized is correct IMHO, but if we take @tonyanziano's comment into account, then it should respond correctly with 200 OK and a conversationId.

Debug

I was able trace the issue back to this line in the Bot Framework Emulator: https://github.com/Microsoft/BotFramework-Emulator/blob/4b620e3367938243a70fada026654280727b7beb/packages/emulator/core/src/conversations/middleware/getBotEndpoint.ts#L64
But I'm not totally sure what is causing the issue here. Maybe something is broken in JWT parsing.

Additional context

Request body:

{
  "bot": {
    "id": "3",
    "name": "Bot",
    "role": "bot"
  },
  "members": [
    {
      "id": "3570b2c3-9377-4880-87a1-666bba16d0bb",
      "name": "User",
      "role": "user"
    }
  ],
  "channelData": {
    "clientActivityId": "1545857215036.8654911430483678.2"
  }
}

Parsed JWT token:

{
  "typ": "JWT",
  "alg": "RS256",
  "x5t": "nbCwW56w3KsB-xUaPlLOSLjODGQ",
  "kid": "nbCwW56w3KsB-xUaPlLOSLjODGQ"
}.{
  "aud": "https://api.botframework.com",
  "iss": "https://sts.windows.net/d6d49420-****-****-****-************/",
  "iat": 1545856906,
  "nbf": 1545856906,
  "exp": 1545860806,
  "aio": "42RgPOsZXnazy/hiHcpsJAVW1petAA==",
  "appid": "3e58d71d-****-****-****-************",
  "appidacr": "1",
  "idp": "https://sts.windows.net/d6d49420-****-****-****-************/",
  "tid": "d6d49420-****-****-****-************",
  "uti": "pL3r9YTz7EuFksrQefLsAA",
  "ver": "1.0"
}.[Signature]

Code used to make the request originally with the .NET Bot Builder SDK v4:

await _botFrameworkAdapter.CreateConversationAsync(
    "emulator",
    "http://localhost:31973",
    new MicrosoftAppCredentials(**appId**, **appPassword**),
    new ConversationParameters(bot: **botChannelAccount**, members: new List<ChannelAccount> { **userChannelAccount** }, channelData: **channelData**),
    Callback(),
    cancellationToken);

[bug]

Bug P0 M

All 6 comments

@mark-szabo -

To clarify, you are posting to the Emulator via Postman a request that was originally generated via a locally running bot as a response to an activity from the user?

Hi @justinwilaby, almost correct. The original request was generated by the botbuilder-dotnet SDK v4 with the code above. But not as a response to an activity from a user, but a proactive message - a conversation initiated from the bot (createConversation).

Happy New Year! 🎉🎆

@mark-szabo - Happy new year to you too!

I can't seem to repro this issue. All proactive messaging from my test bot seem to work as expected :(

If you have a free moment, I'd like to walk you through debugging on the Emulator to hunt down the culprit on a screen share or teams call. Feel free to reach out to me anytime and I look forward to talking with you!

So while debugging with @justinwilaby, we discovered the following bugs/question marks:

  1. On the above mentioned line the payload property of jwt is not necessary, appid is directly contained in jwt.
- (req as any).botEndpoint = botEmulator.facilities.endpoints.getByAppId((req as any).jwt.payload.appid);
+ (req as any).botEndpoint = botEmulator.facilities.endpoints.getByAppId((req as any).jwt.appid);
  1. In createConversations.ts there is a check whether conversationParameters.activity is null. But it should rather check whether it is undefined...
- if (conversationParameters.activity !== null)
+ if (conversationParameters.activity)
  1. There is something spooky with another check in createConversations.ts: this does not have a property called botid. What is 'security bot id' by the way?
if (conversationParameters.bot.id !== this.botId) {
    throw createAPIException(HttpStatus.BAD_REQUEST, ErrorCodes.BadArgument,
    'conversationParameters.bot.id doesn\'t match security bot id');
}

When we fixed (1), (2), commented out the whole check in (3), we were able to get the 200 OK back with the conversation id. 🥳

image

  1. But sadly neither when the conversation created nor when I POSTed to /v3/conversations/:conversationId/activities happened anything at all on the emulator UI. What should happen in theory? A new tab should open in the emulator? The activity should appear in the current, open conversation in the emulator?

image

Beginning work on this now.

Awesome, thank you @justinwilaby for fixing this! 🙌

Was this page helpful?
0 / 5 - 0 ratings