private async Task MessageReceivedAsync(IDialogContext context, IAwaitable <IMessageActivity> argument) { var msg = await argument; if (context.UserData.TryGetValue($"{_authProvider.Name}{AuthResultKey}", out AuthResult authResult)) { try { //IMPORTANT: DO NOT REMOVE THE MAGIC NUMBER CHECK THAT WE DO HERE. THIS IS AN ABSOLUTE SECURITY REQUIREMENT //REMOVING THIS WILL REMOVE YOUR BOT AND YOUR USERS TO SECURITY VULNERABILITIES. //MAKE SURE YOU UNDERSTAND THE ATTACK VECTORS AND WHY THIS IS IN PLACE. context.UserData.TryGetValue($"{_authProvider.Name}{MagicNumberValidated}", out string validated); if (validated == "true" || !_authOptions.UseMagicNumber) { // Try to get token to ensure it is still good var token = await _authProvider.GetAccessToken(_authOptions, context); if (token != null) { context.Done(token); } else { // Save authenticationOptions in UserData context.UserData.SetValue($"{_authProvider.Name}{AuthOptions}", _authOptions); // Get ConversationReference and combine with AuthProvider type for the callback var conversationRef = context.Activity.ToConversationReference(); var state = GetStateParam(conversationRef); var authenticationUrl = await _authProvider.GetAuthUrlAsync(_authOptions, state); await PromptToLogin(context, msg, authenticationUrl); context.Wait(MessageReceivedAsync); } } else if (context.UserData.TryGetValue($"{_authProvider.Name}{MagicNumberKey}", out int magicNumber)) { if (msg.Text == null) { await context.PostAsync($"Please paste back the number you received in your authentication screen."); context.Wait(MessageReceivedAsync); } else { // handle at mentions in Teams var text = msg.Text; if (text.Contains("</at>")) { text = text.Substring(text.IndexOf("</at>", StringComparison.Ordinal) + 5).Trim(); } if (text.Length >= 6 && magicNumber.ToString() == text.Substring(0, 6)) { context.UserData.SetValue($"{_authProvider.Name}{MagicNumberValidated}", "true"); await context.PostAsync($"Thanks {authResult.UserName}. You are now logged in. "); context.Done(authResult); } else { context.UserData.RemoveValue($"{_authProvider.Name}{AuthResultKey}"); context.UserData.SetValue($"{_authProvider.Name}{MagicNumberValidated}", "false"); context.UserData.RemoveValue($"{_authProvider.Name}{MagicNumberKey}"); await context.PostAsync($"I'm sorry but I couldn't validate your number. Please try authenticating once again. "); context.Wait(MessageReceivedAsync); } } } } catch { context.UserData.RemoveValue($"{_authProvider.Name}{AuthResultKey}"); context.UserData.SetValue($"{_authProvider.Name}{MagicNumberValidated}", "false"); context.UserData.RemoveValue($"{_authProvider.Name}{MagicNumberKey}"); await context.PostAsync($"I'm sorry but something went wrong while authenticating."); context.Done <AuthResult>(null); } } else { // Try to get token var token = await _authProvider.GetAccessToken(_authOptions, context); if (token != null) { context.Done(token); } else { // Save authenticationOptions in UserData context.UserData.SetValue($"{_authProvider.Name}{AuthOptions}", _authOptions); // Get ConversationReference and combine with AuthProvider type for the callback var conversationRef = context.Activity.ToConversationReference(); var state = GetStateParam(conversationRef); var authenticationUrl = await _authProvider.GetAuthUrlAsync(_authOptions, state); await PromptToLogin(context, msg, authenticationUrl); context.Wait(MessageReceivedAsync); } } }