From b63728b15a8e4874f08347cf18877a4476b896ce Mon Sep 17 00:00:00 2001
From: Jose Sanchez <balgus@gmail.com>
Date: Thu, 10 May 2018 16:41:47 -0700
Subject: [PATCH] Corrected magic number auth bug with leading characters in MS
 Teams

Magic number string comparison was thrown off in MS Teams by user potentially pasting leading/trailing carriage return, etc., modified code to  check for "containing" substring instead, while limiting comparison string length (to protect against brute force attempts).
---
 CSharp/BotAuth/Dialogs/AuthDialog.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CSharp/BotAuth/Dialogs/AuthDialog.cs b/CSharp/BotAuth/Dialogs/AuthDialog.cs
index 70a3f76..1cd2d36 100644
--- a/CSharp/BotAuth/Dialogs/AuthDialog.cs
+++ b/CSharp/BotAuth/Dialogs/AuthDialog.cs
@@ -81,7 +81,7 @@ public async Task MessageReceivedAsync(IDialogContext context, IAwaitable<IMessa
                             if (text.Contains("</at>"))
                                 text = text.Substring(text.IndexOf("</at>") + 5).Trim();
 
-                            if (text.Length >= 6 && magicNumber.ToString() == text.Substring(0, 6))
+                            if (text.Length >= 6 && text.Length < 18 && text.Contains(magicNumber.ToString()))
                             {
                                 context.UserData.SetValue<string>($"{this.authProvider.Name}{ContextConstants.MagicNumberValidated}", "true");
                                 await context.PostAsync($"Thanks {authResult.UserName}. You are now logged in. ");