feat(api): sms_mfa support for initiateAuth

jagregory · May 3, 2020 · f16afe6 · f16afe6
1 parent 507ca9a
commit f16afe6
Show file tree

Hide file tree

Showing 24 changed files with 549 additions and 234 deletions.
diff --git a/integration-tests/aws-sdk/createUserPoolClient.test.ts b/integration-tests/aws-sdk/createUserPoolClient.test.ts
@@ -0,0 +1,27 @@
+import { withCognitoSdk } from "./setup";
+
+describe(
+  "CognitoIdentityServiceProvider.createUserPoolClient",
+  withCognitoSdk((Cognito) => {
+    it("can create a new app client", async () => {
+      const result = await Cognito()
+        .createUserPoolClient({
+          ClientName: "test",
+          UserPoolId: "test",
+        })
+        .promise();
+
+      expect(result).toEqual({
+        UserPoolClient: {
+          AllowedOAuthFlowsUserPoolClient: false,
+          ClientId: expect.stringMatching(/^[a-z0-9]{25}$/),
+          ClientName: "test",
+          CreationDate: expect.any(Date),
+          LastModifiedDate: expect.any(Date),
+          RefreshTokenValidity: 30,
+          UserPoolId: "test",
+        },
+      });
+    });
+  })
+);
diff --git a/integration-tests/aws-sdk/initiateAuth.test.ts b/integration-tests/aws-sdk/initiateAuth.test.ts
@@ -0,0 +1,23 @@
+import { withCognitoSdk } from "./setup";
+
+describe(
+  "CognitoIdentityServiceProvider.initiateAuth",
+  withCognitoSdk((Cognito) => {
+    it("throws for missing user", async () => {
+      await expect(
+        Cognito()
+          .initiateAuth({
+            ClientId: "test",
+            AuthFlow: "USER_PASSWORD_AUTH",
+            AuthParameters: {
+              USERNAME: "[email protected]",
+              PASSWORD: "",
+            },
+          })
+          .promise()
+      ).rejects.toMatchObject({
+        message: "Resource not found",
+      });
+    });
+  })
+);
diff --git a/integration-tests/aws-sdk.test.ts → integration-tests/aws-sdk/setup.ts b/integration-tests/aws-sdk.test.ts → integration-tests/aws-sdk/setup.ts
@@ -1,24 +1,26 @@
 import * as AWS from "aws-sdk";
 import fs from "fs";
-import * as http from "http";
+import http from "http";
 import { promisify } from "util";
-import { createServer } from "../src/server";
-import { CodeDelivery } from "../src/services";
-import { createCognitoClient } from "../src/services/cognitoClient";
-import { createDataStore, CreateDataStore } from "../src/services/dataStore";
-import { Lambda } from "../src/services/lambda";
-import { createTriggers } from "../src/services/triggers";
-import { createUserPoolClient } from "../src/services/userPoolClient";
-import { Router } from "../src/targets/router";
+import { createServer } from "../../src/server";
+import { CodeDelivery } from "../../src/services";
+import { createCognitoClient } from "../../src/services/cognitoClient";
+import { createDataStore, CreateDataStore } from "../../src/services/dataStore";
+import { Lambda } from "../../src/services/lambda";
+import { createTriggers } from "../../src/services/triggers";
+import { createUserPoolClient } from "../../src/services/userPoolClient";
+import { Router } from "../../src/targets/router";
 
 const mkdtemp = promisify(fs.mkdtemp);
 const rmdir = promisify(fs.rmdir);
 
-describe("AWS SDK usage", () => {
+export const withCognitoSdk = (
+  fn: (cognito: () => AWS.CognitoIdentityServiceProvider) => void
+) => () => {
   let path: string;
   let tmpCreateDataStore: CreateDataStore;
   let httpServer: http.Server;
-  let Cognito: AWS.CognitoIdentityServiceProvider;
+  let cognitoSdk: AWS.CognitoIdentityServiceProvider;
 
   beforeEach(async () => {
     path = await mkdtemp("/tmp/cognito-local:");
@@ -57,7 +59,7 @@ describe("AWS SDK usage", () => {
         ? address
         : `${address.address}:${address.port}`;
 
-    Cognito = new AWS.CognitoIdentityServiceProvider({
+    cognitoSdk = new AWS.CognitoIdentityServiceProvider({
       credentials: {
         accessKeyId: "local",
         secretAccessKey: "local",
@@ -67,32 +69,13 @@ describe("AWS SDK usage", () => {
     });
   });
 
+  fn(() => cognitoSdk);
+
   afterEach((done) => {
     httpServer.close(() => {
       rmdir(path, {
         recursive: true,
       }).then(done, done);
     });
   });
-
-  describe("createUserPoolClient", () => {
-    it("can create a new app client", async () => {
-      const result = await Cognito.createUserPoolClient({
-        ClientName: "test",
-        UserPoolId: "test",
-      }).promise();
-
-      expect(result).toEqual({
-        UserPoolClient: {
-          AllowedOAuthFlowsUserPoolClient: false,
-          ClientId: expect.stringMatching(/^[a-z0-9]{25}$/),
-          ClientName: "test",
-          CreationDate: expect.any(Date),
-          LastModifiedDate: expect.any(Date),
-          RefreshTokenValidity: 30,
-          UserPoolId: "test",
-        },
-      });
-    });
-  });
-});
+};
diff --git a/integration-tests/dataStore.test.ts b/integration-tests/dataStore.test.ts
@@ -122,15 +122,15 @@ describe("Data Store", () => {
       expect(result).toEqual(true);
     });
 
-    it("returns null if user doesn't exist", async () => {
+    it("returns null if key doesn't exist", async () => {
       const dataStore = await createDataStore("example", {}, path);
 
       const result = await dataStore.get("invalid");
 
       expect(result).toBeNull();
     });
 
-    it("returns existing user by their sub attribute", async () => {
+    it("returns existing value", async () => {
       const dataStore = await createDataStore("example", {}, path);
 
       await dataStore.set("key", 1);

diff --git a/src/bin/start.ts b/src/bin/start.ts
@@ -9,7 +9,10 @@ createDefaultServer()
     return server.start({ hostname, port });
   })
   .then((httpServer) => {
-    const address = httpServer.address()!;
+    const address = httpServer.address();
+    if (!address) {
+      throw new Error("Server started without address");
+    }
     const url =
       typeof address === "string"
         ? address

diff --git a/src/services/codeDelivery/codeDelivery.test.ts b/src/services/codeDelivery/codeDelivery.test.ts
@@ -50,7 +50,7 @@ describe("Code Delivery", () => {
       const code = await codeDelivery(user, {
         Destination: "0123445670",
         DeliveryMedium: "SMS",
-        AttributeName: "phone",
+        AttributeName: "phone_number",
       });
 
       expect(sender.sendSms).toHaveBeenCalledWith(user, "0123445670", "1234");

diff --git a/src/services/codeDelivery/codeDelivery.ts b/src/services/codeDelivery/codeDelivery.ts
@@ -7,7 +7,11 @@ export type DeliveryDetails =
       DeliveryMedium: "EMAIL";
       Destination: string;
     }
-  | { AttributeName: "phone"; DeliveryMedium: "SMS"; Destination: string };
+  | {
+      AttributeName: "phone_number";
+      DeliveryMedium: "SMS";
+      Destination: string;
+    };
 
 export type CodeDelivery = (
   user: User,

diff --git a/src/services/cognitoClient.test.ts b/src/services/cognitoClient.test.ts
@@ -84,7 +84,7 @@ describe("Cognito Client", () => {
 
       const userPool = await cognitoClient.getUserPoolForClientId("testing");
 
-      expect(mockDataStore.get).toHaveBeenCalledWith("Clients.testing");
+      expect(mockDataStore.get).toHaveBeenCalledWith(["Clients", "testing"]);
       expect(createUserPoolClient).toHaveBeenCalledWith(
         { Id: "userPoolId", UsernameAttributes: [] },
         mockDataStore,

diff --git a/src/services/cognitoClient.ts b/src/services/cognitoClient.ts
@@ -29,7 +29,7 @@ export const createCognitoClient = async (
     },
 
     async getUserPoolForClientId(clientId) {
-      const appClient = await clients.get<AppClient>(`Clients.${clientId}`);
+      const appClient = await clients.get<AppClient>(["Clients", clientId]);
       if (!appClient) {
         throw new ResourceNotFoundError();
       }

diff --git a/src/services/dataStore.ts b/src/services/dataStore.ts
@@ -6,9 +6,9 @@ const mkdir = promisify(fs.mkdir);
 
 export interface DataStore {
   getRoot<T>(): Promise<T | null>;
-  get<T>(key: string): Promise<T | null>;
-  get<T>(key: string, defaultValue: T): Promise<T>;
-  set<T>(key: string, value: T): Promise<void>;
+  get<T>(key: string | string[]): Promise<T | null>;
+  get<T>(key: string | string[], defaultValue: T): Promise<T>;
+  set<T>(key: string | string[], value: T): Promise<void>;
 }
 
 export type CreateDataStore = (
@@ -36,8 +36,14 @@ export const createDataStore: CreateDataStore = async (
       return (await db.value()) ?? null;
     },
 
-    async get(key: string, defaultValue?: unknown) {
-      return (await db.get(key).value()) ?? defaultValue ?? null;
+    async get(key: string | string[], defaultValue?: unknown) {
+      return (
+        (await (key instanceof Array ? key : [key])
+          .reduce((acc, k) => acc.get(k), db)
+          .value()) ??
+        defaultValue ??
+        null
+      );
     },
 
     async set(key, value) {

diff --git a/src/services/triggers/postConfirmation.test.ts b/src/services/triggers/postConfirmation.test.ts
@@ -15,8 +15,10 @@ describe("PostConfirmation trigger", () => {
       invoke: jest.fn(),
     };
     mockUserPoolClient = {
+      config: {
+        Id: "test",
+      },
       createAppClient: jest.fn(),
-      id: "test",
       getUserByUsername: jest.fn(),
       listUsers: jest.fn(),
       saveUser: jest.fn(),

diff --git a/src/services/triggers/userMigration.test.ts b/src/services/triggers/userMigration.test.ts
@@ -18,8 +18,10 @@ describe("UserMigration trigger", () => {
       invoke: jest.fn(),
     };
     mockUserPoolClient = {
+      config: {
+        Id: "test",
+      },
       createAppClient: jest.fn(),
-      id: "test",
       getUserByUsername: jest.fn(),
       listUsers: jest.fn(),
       saveUser: jest.fn(),

diff --git a/src/services/userPoolClient.test.ts b/src/services/userPoolClient.test.ts
@@ -67,7 +67,7 @@ describe("User Pool Client", () => {
       });
 
       expect(mockClientsDataStore.set).toHaveBeenCalledWith(
-        `Clients.${result.ClientId}`,
+        ["Clients", result.ClientId],
         result
       );
     });

diff --git a/src/services/userPoolClient.ts b/src/services/userPoolClient.ts
@@ -6,6 +6,11 @@ export interface UserAttribute {
   Value: string;
 }
 
+export interface MFAOption {
+  DeliveryMedium: "SMS";
+  AttributeName: "phone_number";
+}
+
 export const attributesIncludeMatch = (
   attributeName: string,
   attributeValue: string,
@@ -18,6 +23,10 @@ export const attributesInclude = (
   attributeName: string,
   attributes: readonly UserAttribute[]
 ) => !!attributes.find((x) => x.Name === attributeName);
+export const attributeValue = (
+  attributeName: string,
+  attributes: readonly UserAttribute[]
+) => attributes.find((x) => x.Name === attributeName)?.Value;
 export const attributesToRecord = (
   attributes: readonly UserAttribute[]
 ): Record<string, string> =>
@@ -34,18 +43,12 @@ export interface User {
   Enabled: boolean;
   UserStatus: "CONFIRMED" | "UNCONFIRMED" | "RESET_REQUIRED";
   Attributes: readonly UserAttribute[];
+  MFAOptions?: readonly MFAOption[];
 
   // extra attributes for Cognito Local
   Password: string;
   ConfirmationCode?: string;
-}
-
-export interface UserPoolClient {
-  readonly id: string;
-  createAppClient(name: string): Promise<AppClient>;
-  getUserByUsername(username: string): Promise<User | null>;
-  listUsers(): Promise<readonly User[]>;
-  saveUser(user: User): Promise<void>;
+  MFACode?: string;
 }
 
 type UsernameAttribute = "email" | "phone_number";
@@ -56,6 +59,14 @@ export interface UserPool {
   MfaConfiguration?: "OFF" | "ON" | "OPTIONAL";
 }
 
+export interface UserPoolClient {
+  readonly config: UserPool;
+  createAppClient(name: string): Promise<AppClient>;
+  getUserByUsername(username: string): Promise<User | null>;
+  listUsers(): Promise<readonly User[]>;
+  saveUser(user: User): Promise<void>;
+}
+
 export type CreateUserPoolClient = (
   defaultOptions: UserPool,
   clientsDataStore: DataStore,
@@ -71,10 +82,10 @@ export const createUserPoolClient = async (
     Users: {},
     Options: defaultOptions,
   });
+  const config = await dataStore.get<UserPool>("Options", defaultOptions);
 
   return {
-    id: defaultOptions.Id,
-
+    config,
     async createAppClient(name) {
       const id = newId();
       const appClient: AppClient = {
@@ -87,17 +98,16 @@ export const createUserPoolClient = async (
         RefreshTokenValidity: 30,
       };
 
-      await clientsDataStore.set(`Clients.${id}`, appClient);
+      await clientsDataStore.set(["Clients", id], appClient);
 
       return appClient;
     },
 
     async getUserByUsername(username) {
       console.log("getUserByUsername", username);
 
-      const options = await dataStore.get<UserPool>("Options", defaultOptions);
-      const aliasEmailEnabled = options.UsernameAttributes?.includes("email");
-      const aliasPhoneNumberEnabled = options.UsernameAttributes?.includes(
+      const aliasEmailEnabled = config.UsernameAttributes?.includes("email");
+      const aliasPhoneNumberEnabled = config.UsernameAttributes?.includes(
         "phone_number"
       );
 

diff --git a/src/targets/confirmForgotPassword.test.ts b/src/targets/confirmForgotPassword.test.ts
@@ -20,8 +20,10 @@ describe("ConfirmForgotPassword target", () => {
     advanceTo(now);
 
     mockUserPoolClient = {
+      config: {
+        Id: "test",
+      },
       createAppClient: jest.fn(),
-      id: "test",
       getUserByUsername: jest.fn(),
       listUsers: jest.fn(),
       saveUser: jest.fn(),

diff --git a/src/targets/confirmForgotPassword.ts b/src/targets/confirmForgotPassword.ts
@@ -38,7 +38,7 @@ export const ConfirmForgotPassword = ({
       source: "PostConfirmation_ConfirmForgotPassword",
       username: user.Username,
       clientId: body.ClientId,
-      userPoolId: userPool.id,
+      userPoolId: userPool.config.Id,
       userAttributes: user.Attributes,
     });
   }

diff --git a/src/targets/confirmSignUp.test.ts b/src/targets/confirmSignUp.test.ts
@@ -17,8 +17,10 @@ describe("ConfirmSignUp target", () => {
     advanceTo(now);
 
     mockUserPoolClient = {
+      config: {
+        Id: "test",
+      },
       createAppClient: jest.fn(),
-      id: "test",
       getUserByUsername: jest.fn(),
       listUsers: jest.fn(),
       saveUser: jest.fn(),