Remove "Bearer" from speech token

Author: compulim

package-lock.json

@@ -196,6 +196,7 @@
     "@msinternal/react-dom-umd": "0.0.0-0",
     "@msinternal/react-is": "0.0.0-0",
     "@msinternal/react-umd": "0.0.0-0",
+    "@testduet/given-when-then": "^0.1.0",
     "@types/dom-speech-recognition": "^0.0.7",
     "@types/mdast": "^4.0.4",
     "@types/node": "^25.3.3",

packages/bundle/package.json

@@ -3,6 +3,7 @@ import { AudioConfig } from 'microsoft-cognitiveservices-speech-sdk';
 import { createSpeechServicesPonyfill } from 'web-speech-cognitive-services';
 
 import createMicrophoneAudioConfigAndAudioContext from './speech/createMicrophoneAudioConfigAndAudioContext';
+import removeBearerInAuthorizationToken from './speech/removeBearerInAuthorizationToken';
 import CognitiveServicesAudioOutputFormat from './types/CognitiveServicesAudioOutputFormat';
 import CognitiveServicesCredentials from './types/CognitiveServicesCredentials';
 import CognitiveServicesTextNormalization from './types/CognitiveServicesTextNormalization';
@@ -11,7 +12,7 @@ export default function createCognitiveServicesSpeechServicesPonyfillFactory({
   audioConfig,
   audioContext,
   audioInputDeviceId,
-  credentials,
+  credentials: rawCredentials,
   enableTelemetry,
   initialSilenceTimeout,
   speechRecognitionEndpointId,
@@ -61,7 +62,7 @@ export default function createCognitiveServicesSpeechServicesPonyfillFactory({
       createSpeechServicesPonyfill({
         audioConfig,
         audioContext,
-        credentials,
+        credentials: removeBearerInAuthorizationToken(rawCredentials),
         enableTelemetry,
         initialSilenceTimeout,
         referenceGrammars: referenceGrammarID ? [`luis/${referenceGrammarID}-PRODUCTION`] : [],

packages/bundle/src/createCognitiveServicesSpeechServicesPonyfillFactory.ts

@@ -0,0 +1,15 @@
+/* eslint-disable @typescript-eslint/no-empty-function */
+import isPromiseLike from './isPromiseLike';
+
+test('Promise.withResolvers() should return true', () =>
+  expect(isPromiseLike(Promise.withResolvers().promise)).toBe(true));
+
+test('new Promise() should return true', () => expect(isPromiseLike(new Promise(() => {}))).toBe(true));
+
+test('Promise-like should return true', () => expect(isPromiseLike({ then: () => {} })).toBe(true));
+
+test('Boolean should return false', () => expect(isPromiseLike(true)).toBe(false));
+
+test('Number should return false', () => expect(isPromiseLike(0)).toBe(false));
+
+test('Object should return false', () => expect(isPromiseLike({ then: 0 })).toBe(false));

packages/bundle/src/speech/isPromiseLike.spec.ts

@@ -0,0 +1,5 @@
+export default function isPromiseLike<T>(promiseLike: unknown): promiseLike is Promise<T> {
+  return (
+    !!promiseLike && typeof promiseLike === 'object' && 'then' in promiseLike && typeof promiseLike.then === 'function'
+  );
+}

packages/bundle/src/speech/isPromiseLike.ts

@@ -0,0 +1,145 @@
+import { scenario } from '@testduet/given-when-then';
+import type RemoveBearerInAuthorizationTokenType from './removeBearerInAuthorizationToken';
+
+let removeBearerInAuthorizationToken: typeof RemoveBearerInAuthorizationTokenType;
+let consoleWarn: jest.SpyInstance;
+
+beforeAll(() => {
+  // eslint-disable-next-line @typescript-eslint/no-empty-function
+  consoleWarn = jest.spyOn(console, 'warn').mockImplementation(() => {});
+
+  jest.mock('@msinternal/botframework-webchat-base/utils', () => ({
+    ...jest.requireActual('@msinternal/botframework-webchat-base/utils'),
+    warnOnce:
+      (...args) =>
+      () =>
+        console.warn(...args)
+  }));
+
+  removeBearerInAuthorizationToken = require('./removeBearerInAuthorizationToken').default;
+});
+
+afterEach(() => consoleWarn.mockClear());
+
+scenario('Authorization token prefixed with "Bearer" in ', bdd => {
+  bdd
+    .given('resolved value', () => ({
+      authorizationToken: 'Bearer XYZ',
+      region: 'westus'
+    }))
+    .when('removeBearerInAuthorizationToken', precondition => removeBearerInAuthorizationToken(precondition))
+    .then('should match snapshot', (_, result) =>
+      expect(result).toEqual({
+        authorizationToken: 'XYZ',
+        region: 'westus'
+      })
+    )
+    .and('should have warned', () => expect(consoleWarn).toHaveBeenCalledTimes(1));
+
+  bdd
+    .given('Promise value', () =>
+      Promise.resolve({
+        authorizationToken: 'Bearer XYZ',
+        region: 'westus'
+      })
+    )
+    .when('removeBearerInAuthorizationToken', precondition => removeBearerInAuthorizationToken(precondition))
+    .then('should match snapshot', (_, result) =>
+      expect(result).toEqual({
+        authorizationToken: 'XYZ',
+        region: 'westus'
+      })
+    )
+    .and('should have warned', () => expect(consoleWarn).toHaveBeenCalledTimes(1));
+
+  bdd
+    .given('callback of a resolved value', () => () => ({
+      authorizationToken: 'Bearer XYZ',
+      region: 'westus'
+    }))
+    .when('removeBearerInAuthorizationToken', precondition => (removeBearerInAuthorizationToken(precondition) as any)())
+    .then('should match snapshot', (_, result) =>
+      expect(result).toEqual({
+        authorizationToken: 'XYZ',
+        region: 'westus'
+      })
+    )
+    .and('should have warned', () => expect(consoleWarn).toHaveBeenCalledTimes(1));
+
+  bdd
+    .given(
+      'callback of a Promise',
+      () => () =>
+        Promise.resolve({
+          authorizationToken: 'Bearer XYZ',
+          region: 'westus'
+        })
+    )
+    .when('removeBearerInAuthorizationToken', precondition => (removeBearerInAuthorizationToken(precondition) as any)())
+    .then('should match snapshot', async (_, result) =>
+      expect(await result).toEqual({
+        authorizationToken: 'XYZ',
+        region: 'westus'
+      })
+    )
+    .and('should have warned', () => expect(consoleWarn).toHaveBeenCalledTimes(1));
+});
+
+scenario('Authorization token with no prefix in ', bdd => {
+  bdd
+    .given('resolved value', () => ({
+      authorizationToken: 'XYZ',
+      region: 'westus'
+    }))
+    .when('removeBearerInAuthorizationToken', precondition => removeBearerInAuthorizationToken(precondition))
+    .then('should left untouched', (precondition, result) => expect(result).toBe(precondition))
+    .and('should not have warned', () => expect(consoleWarn).not.toHaveBeenCalled());
+
+  bdd
+    .given('Promise value', () =>
+      Promise.resolve({
+        authorizationToken: 'XYZ',
+        region: 'westus'
+      })
+    )
+    .when('removeBearerInAuthorizationToken', precondition => removeBearerInAuthorizationToken(precondition))
+    .then('should match snapshot', (_, result) =>
+      expect(result).toEqual({
+        authorizationToken: 'XYZ',
+        region: 'westus'
+      })
+    )
+    .and('should not have warned', () => expect(consoleWarn).not.toHaveBeenCalled());
+
+  bdd
+    .given('callback of a resolved value', () => () => ({
+      authorizationToken: 'XYZ',
+      region: 'westus'
+    }))
+    .when('removeBearerInAuthorizationToken', precondition => (removeBearerInAuthorizationToken(precondition) as any)())
+    .then('should match snapshot', (_, result) =>
+      expect(result).toEqual({
+        authorizationToken: 'XYZ',
+        region: 'westus'
+      })
+    )
+    .and('should not have warned', () => expect(consoleWarn).not.toHaveBeenCalled());
+
+  bdd
+    .given(
+      'callback of a Promise',
+      () => () =>
+        Promise.resolve({
+          authorizationToken: 'XYZ',
+          region: 'westus'
+        })
+    )
+    .when('removeBearerInAuthorizationToken', precondition => (removeBearerInAuthorizationToken(precondition) as any)())
+    .then('should match snapshot', async (_, result) =>
+      expect(await result).toEqual({
+        authorizationToken: 'XYZ',
+        region: 'westus'
+      })
+    )
+    .and('should not have warned', () => expect(consoleWarn).not.toHaveBeenCalled());
+});

packages/bundle/src/speech/removeBearerInAuthorizationToken.spec.ts

@@ -0,0 +1,50 @@
+import { warnOnce } from '@msinternal/botframework-webchat-base/utils';
+import CognitiveServicesCredentials from '../types/CognitiveServicesCredentials';
+import isPromiseLike from './isPromiseLike';
+
+// eslint-disable-next-line @typescript-eslint/no-unsafe-function-type
+type CognitiveServicesBaseCredentials = Exclude<Exclude<CognitiveServicesCredentials, Function>, Promise<any>>;
+
+const BEARER_PREFIX_LOWERCASE = 'bearer ';
+
+const warnBearerPrefix = warnOnce('botframework-webchat: Remove "Bearer" from the speech authorization token.');
+
+function removeBearerInAuthorizationTokenForResolved(
+  credentials: CognitiveServicesBaseCredentials
+): CognitiveServicesBaseCredentials {
+  if (
+    'authorizationToken' in credentials &&
+    credentials.authorizationToken?.toLowerCase().startsWith(BEARER_PREFIX_LOWERCASE)
+  ) {
+    warnBearerPrefix();
+
+    return Object.freeze({
+      ...credentials,
+      authorizationToken: credentials.authorizationToken.substring(BEARER_PREFIX_LOWERCASE.length)
+    });
+  }
+
+  return credentials;
+}
+
+function removeBearerInAuthorizationTokenForPromiseOrResolved(
+  credentials: CognitiveServicesBaseCredentials | Promise<CognitiveServicesBaseCredentials>
+): CognitiveServicesBaseCredentials | Promise<CognitiveServicesBaseCredentials> {
+  if (isPromiseLike<CognitiveServicesBaseCredentials>(credentials)) {
+    return credentials.then(credentials => removeBearerInAuthorizationTokenForResolved(credentials));
+  }
+
+  return removeBearerInAuthorizationTokenForResolved(credentials);
+}
+
+function removeBearerInAuthorizationToken(credentials: CognitiveServicesCredentials) {
+  if (typeof credentials === 'function') {
+    return (() => removeBearerInAuthorizationTokenForPromiseOrResolved(credentials())) satisfies () =>
+      | CognitiveServicesBaseCredentials
+      | Promise<CognitiveServicesBaseCredentials> as CognitiveServicesCredentials;
+  }
+
+  return removeBearerInAuthorizationTokenForPromiseOrResolved(credentials);
+}
+
+export default removeBearerInAuthorizationToken;