feat(api): adminCreateUser can generate a temporary password

jagregory · Nov 27, 2021 · c0eea4f · c0eea4f
1 parent 64280e8
commit c0eea4f
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 22 deletions.
diff --git a/integration-tests/aws-sdk/adminCreateUser.test.ts b/integration-tests/aws-sdk/adminCreateUser.test.ts
@@ -20,9 +20,6 @@ describe(
             UserAttributes: [{ Name: "phone_number", Value: "0400000000" }],
             Username: "abc",
             UserPoolId: "test",
-
-            // TODO: shouldn't need to supply this
-            TemporaryPassword: "TemporaryPassword",
           })
           .promise();
 

diff --git a/integration-tests/aws-sdk/adminDeleteUser.test.ts b/integration-tests/aws-sdk/adminDeleteUser.test.ts
@@ -22,9 +22,6 @@ describe(
             UserAttributes: [{ Name: "phone_number", Value: "0400000000" }],
             Username: "abc",
             UserPoolId: "test",
-
-            // TODO: shouldn't need to supply this
-            TemporaryPassword: "TemporaryPassword",
           })
           .promise();
 

diff --git a/integration-tests/aws-sdk/adminGetUser.test.ts b/integration-tests/aws-sdk/adminGetUser.test.ts
@@ -20,9 +20,6 @@ describe(
             UserAttributes: [{ Name: "phone_number", Value: "0400000000" }],
             Username: "abc",
             UserPoolId: "test",
-
-            // TODO: shouldn't need to supply this
-            TemporaryPassword: "TemporaryPassword",
           })
           .promise();
 

diff --git a/integration-tests/aws-sdk/adminSetUserPassword.test.ts b/integration-tests/aws-sdk/adminSetUserPassword.test.ts
@@ -20,9 +20,6 @@ describe(
             UserAttributes: [{ Name: "phone_number", Value: "0400000000" }],
             Username: "abc",
             UserPoolId: "test",
-
-            // TODO: shouldn't need to supply this
-            TemporaryPassword: "TemporaryPassword",
           })
           .promise();
 

diff --git a/integration-tests/aws-sdk/listUsers.test.ts b/integration-tests/aws-sdk/listUsers.test.ts
@@ -11,9 +11,6 @@ describe(
           UserAttributes: [{ Name: "phone_number", Value: "0400000000" }],
           Username: "abc",
           UserPoolId: "test",
-
-          // TODO: shouldn't need to supply this
-          TemporaryPassword: "TemporaryPassword",
         })
         .promise();
 

diff --git a/src/targets/adminCreateUser.test.ts b/src/targets/adminCreateUser.test.ts
@@ -58,6 +58,34 @@ describe("AdminCreateUser target", () => {
     });
   });
 
+  it("saves a new user with a generated temporary password", async () => {
+    await adminCreateUser({
+      UserAttributes: [
+        { Name: "email", Value: "[email protected]" },
+        { Name: "phone_number", Value: "0400000000" },
+      ],
+      Username: "user-supplied",
+      UserPoolId: "test",
+    });
+
+    expect(mockUserPoolService.saveUser).toHaveBeenCalledWith({
+      Attributes: [
+        {
+          Name: "sub",
+          Value: expect.stringMatching(UUID),
+        },
+        { Name: "email", Value: "[email protected]" },
+        { Name: "phone_number", Value: "0400000000" },
+      ],
+      Enabled: true,
+      Password: expect.stringMatching(/^[A-Za-z0-9!]{6}$/),
+      UserCreateDate: originalDate,
+      UserLastModifiedDate: originalDate,
+      UserStatus: "FORCE_CHANGE_PASSWORD",
+      Username: "user-supplied",
+    });
+  });
+
   describe("messages", () => {
     describe("DesiredDeliveryMediums=EMAIL", () => {
       it("sends a welcome email to the user", async () => {
@@ -326,5 +354,4 @@ describe("AdminCreateUser target", () => {
   });
 
   it.todo("invokes the PreSignIn lambda");
-  it.todo("saves a user with a generated temporary password");
 });
diff --git a/src/targets/adminCreateUser.ts b/src/targets/adminCreateUser.ts
@@ -3,6 +3,7 @@ import {
   AdminCreateUserResponse,
   DeliveryMediumListType,
 } from "aws-sdk/clients/cognitoidentityserviceprovider";
+import shortUUID from "short-uuid";
 import uuid from "uuid";
 import {
   InvalidParameterError,
@@ -22,6 +23,10 @@ import {
   User,
 } from "../services/userPoolService";
 
+const generator = shortUUID(
+  "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!"
+);
+
 export type AdminCreateUserTarget = (
   req: AdminCreateUserRequest
 ) => Promise<AdminCreateUserResponse>;
@@ -93,10 +98,6 @@ export const AdminCreateUser = ({
   messageDelivery,
   messages,
 }: AdminCreateUserServices): AdminCreateUserTarget => async (req) => {
-  if (!req.TemporaryPassword) {
-    throw new UnsupportedError("AdminCreateUser without TemporaryPassword");
-  }
-
   const userPool = await cognito.getUserPool(req.UserPoolId);
   const existingUser = await userPool.getUserByUsername(req.Username);
   if (existingUser && req.MessageAction === "RESEND") {
@@ -111,9 +112,12 @@ export const AdminCreateUser = ({
 
   const now = clock.get();
 
+  const temporaryPassword =
+    req.TemporaryPassword ?? generator.new().slice(0, 6);
+
   const user: User = {
     Username: req.Username,
-    Password: req.TemporaryPassword,
+    Password: temporaryPassword,
     Attributes: attributes,
     Enabled: true,
     UserStatus: "FORCE_CHANGE_PASSWORD",
@@ -132,7 +136,7 @@ export const AdminCreateUser = ({
 
   await deliverWelcomeMessage(
     req,
-    req.TemporaryPassword,
+    temporaryPassword,
     user,
     messages,
     userPool,