feat(lambda): post confirmation lambda trigger

README.md

@@ -16,6 +16,7 @@ The goal for this project is to be _Good Enough_ for local development use, and
 - [x] Confirm Forgot Password
 - [x] User Migration lambda trigger (Authentication)
 - [ ] User Migration lambda trigger (Forgot Password)
+- [x] Post Confirmation lambda trigger (ConfirmSignUp & ConfirmForgotPassword)
 
 ## Installation
 

src/services/lambda.ts

@@ -12,18 +12,33 @@ interface UserMigrationEvent {
   triggerSource: "UserMigration_Authentication";
 }
 
+interface PostConfirmationEvent {
+  userPoolId: string;
+  clientId: string;
+  username: string;
+  userAttributes: Record<string, string>;
+  triggerSource:
+    | "PostConfirmation_ConfirmSignUp"
+    | "PostConfirmation_ConfirmForgotPassword";
+}
+
 export type CognitoUserPoolResponse = CognitoUserPoolEvent["response"];
 
 export interface Lambda {
   invoke(
     lambda: "UserMigration",
     event: UserMigrationEvent
   ): Promise<CognitoUserPoolResponse>;
+  invoke(
+    lambda: "PostConfirmation",
+    event: PostConfirmationEvent
+  ): Promise<CognitoUserPoolResponse>;
   enabled(lambda: "UserMigration"): boolean;
 }
 
 export interface FunctionConfig {
   UserMigration?: string;
+  PostConfirmation?: string;
 }
 
 export type CreateLambda = (
@@ -33,10 +48,13 @@ export type CreateLambda = (
 
 export const createLambda: CreateLambda = (config, lambdaClient) => ({
   enabled: (lambda) => !!config[lambda],
-  async invoke(lambda, event) {
-    const lambdaName = config[lambda];
-    if (!lambdaName) {
-      throw new Error(`${lambda} trigger not configured`);
+  async invoke(
+    trigger: keyof FunctionConfig,
+    event: UserMigrationEvent | PostConfirmationEvent
+  ) {
+    const functionName = config[trigger];
+    if (!functionName) {
+      throw new Error(`${trigger} trigger not configured`);
     }
 
     const lambdaEvent: CognitoUserPoolEvent = {
@@ -61,14 +79,14 @@ export const createLambda: CreateLambda = (config, lambdaClient) => ({
     }
 
     console.log(
-      `Invoking "${lambdaName}" with event`,
+      `Invoking "${functionName}" with event`,
       JSON.stringify(lambdaEvent, undefined, 2)
     );
     let result: InvocationResponse;
     try {
       result = await lambdaClient
         .invoke({
-          FunctionName: lambdaName,
+          FunctionName: functionName,
           InvocationType: "RequestResponse",
           Payload: JSON.stringify(lambdaEvent),
         })

src/services/triggers/postConfirmation.test.ts

@@ -0,0 +1,72 @@
+import { NotAuthorizedError } from "../../errors";
+import { Lambda } from "../lambda";
+import { UserPool } from "../userPool";
+import { PostConfirmation, PostConfirmationTrigger } from "./postConfirmation";
+
+const UUID = /[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/i;
+
+describe("PostConfirmation trigger", () => {
+  let mockLambda: jest.Mocked<Lambda>;
+  let mockUserPool: jest.Mocked<UserPool>;
+  let postConfirmation: PostConfirmationTrigger;
+
+  beforeEach(() => {
+    mockLambda = {
+      enabled: jest.fn(),
+      invoke: jest.fn(),
+    };
+    mockUserPool = {
+      getUserByUsername: jest.fn(),
+      getUserPoolIdForClientId: jest.fn(),
+      saveUser: jest.fn(),
+    };
+
+    postConfirmation = PostConfirmation({
+      lambda: mockLambda,
+      userPool: mockUserPool,
+    });
+  });
+
+  describe.each([
+    "PostConfirmation_ConfirmSignUp",
+    "PostConfirmation_ConfirmForgotPassword",
+  ])("%s", (source) => {
+    describe("when lambda invoke fails", () => {
+      it("quietly completes", async () => {
+        mockLambda.invoke.mockRejectedValue(
+          new Error("Something bad happened")
+        );
+
+        await postConfirmation({
+          userPoolId: "userPoolId",
+          clientId: "clientId",
+          username: "username",
+          userAttributes: [],
+          source: source as any,
+        });
+      });
+    });
+
+    describe("when lambda invoke succeeds", () => {
+      it("quietly completes", async () => {
+        mockLambda.invoke.mockResolvedValue({});
+
+        await postConfirmation({
+          userPoolId: "userPoolId",
+          clientId: "clientId",
+          username: "[email protected]",
+          userAttributes: [{ Name: "email", Value: "[email protected]" }],
+          source: source as any,
+        });
+
+        expect(mockLambda.invoke).toHaveBeenCalledWith("PostConfirmation", {
+          clientId: "clientId",
+          triggerSource: source,
+          userAttributes: { email: "[email protected]" },
+          userPoolId: "userPoolId",
+          username: "[email protected]",
+        });
+      });
+    });
+  });
+});

src/services/triggers/postConfirmation.ts

@@ -0,0 +1,38 @@
+import { UserPool } from "../index";
+import { Lambda } from "../lambda";
+import { attributesToRecord } from "../userPool";
+
+export type PostConfirmationTrigger = (params: {
+  source:
+    | "PostConfirmation_ConfirmSignUp"
+    | "PostConfirmation_ConfirmForgotPassword";
+  userPoolId: string;
+  clientId: string;
+  username: string;
+  userAttributes: readonly { Name: string; Value: string }[];
+}) => Promise<void>;
+
+export const PostConfirmation = ({
+  lambda,
+}: {
+  lambda: Lambda;
+  userPool: UserPool;
+}): PostConfirmationTrigger => async ({
+  source,
+  userPoolId,
+  clientId,
+  username,
+  userAttributes,
+}): Promise<void> => {
+  try {
+    await lambda.invoke("PostConfirmation", {
+      userPoolId,
+      clientId,
+      username,
+      triggerSource: source,
+      userAttributes: attributesToRecord(userAttributes),
+    });
+  } catch (ex) {
+    console.error(ex);
+  }
+};

src/services/triggers/triggers.ts

@@ -1,10 +1,12 @@
 import { Services, UserPool } from "../index";
 import { Lambda } from "../lambda";
+import { PostConfirmation, PostConfirmationTrigger } from "./postConfirmation";
 import { UserMigration, UserMigrationTrigger } from "./userMigration";
 
 export interface Triggers {
-  enabled(trigger: "UserMigration"): boolean;
+  enabled(trigger: "UserMigration" | "PostConfirmation"): boolean;
   userMigration: UserMigrationTrigger;
+  postConfirmation: PostConfirmationTrigger;
 }
 
 export const createTriggers = (services: {
@@ -13,4 +15,5 @@ export const createTriggers = (services: {
 }): Triggers => ({
   enabled: (trigger: "UserMigration") => services.lambda.enabled(trigger),
   userMigration: UserMigration(services),
+  postConfirmation: PostConfirmation(services),
 });

src/targets/confirmForgotPassword.test.ts

@@ -1,5 +1,9 @@
 import { advanceBy, advanceTo } from "jest-date-mock";
-import { CodeMismatchError, UserNotFoundError } from "../errors";
+import {
+  CodeMismatchError,
+  ResourceNotFoundError,
+  UserNotFoundError,
+} from "../errors";
 import { UserPool } from "../services";
 import { Triggers } from "../services/triggers";
 import {
@@ -26,6 +30,7 @@ describe("ConfirmForgotPassword target", () => {
     mockCodeDelivery = jest.fn();
     mockTriggers = {
       enabled: jest.fn(),
+      postConfirmation: jest.fn(),
       userMigration: jest.fn(),
     };
 
@@ -36,7 +41,21 @@ describe("ConfirmForgotPassword target", () => {
     });
   });
 
+  it("throws if can't find user pool by client id", async () => {
+    mockDataStore.getUserPoolIdForClientId.mockResolvedValue(null);
+
+    await expect(
+      confirmForgotPassword({
+        ClientId: "clientId",
+        Username: "janice",
+        ConfirmationCode: "1234",
+        Password: "newPassword",
+      })
+    ).rejects.toBeInstanceOf(ResourceNotFoundError);
+  });
+
   it("throws if user doesn't exist", async () => {
+    mockDataStore.getUserPoolIdForClientId.mockResolvedValue("userPoolId");
     mockDataStore.getUserByUsername.mockResolvedValue(null);
 
     await expect(
@@ -50,6 +69,7 @@ describe("ConfirmForgotPassword target", () => {
   });
 
   it("throws if confirmation code doesn't match stored value", async () => {
+    mockDataStore.getUserPoolIdForClientId.mockResolvedValue("userPoolId");
     mockDataStore.getUserByUsername.mockResolvedValue({
       Attributes: [{ Name: "email", Value: "[email protected]" }],
       ConfirmationCode: "4567",
@@ -73,6 +93,7 @@ describe("ConfirmForgotPassword target", () => {
 
   describe("when code matches", () => {
     it("updates the user's password", async () => {
+      mockDataStore.getUserPoolIdForClientId.mockResolvedValue("userPoolId");
       mockDataStore.getUserByUsername.mockResolvedValue({
         Attributes: [{ Name: "email", Value: "[email protected]" }],
         ConfirmationCode: "4567",
@@ -106,5 +127,70 @@ describe("ConfirmForgotPassword target", () => {
         Username: "0000-0000",
       });
     });
+
+    describe("when PostConfirmation trigger configured", () => {
+      it("invokes the trigger", async () => {
+        mockTriggers.enabled.mockReturnValue(true);
+
+        mockDataStore.getUserPoolIdForClientId.mockResolvedValue("userPoolId");
+        mockDataStore.getUserByUsername.mockResolvedValue({
+          Attributes: [{ Name: "email", Value: "[email protected]" }],
+          ConfirmationCode: "4567",
+          Enabled: true,
+          Password: "pwd",
+          UserCreateDate: now.getTime(),
+          UserLastModifiedDate: now.getTime(),
+          UserStatus: "UNCONFIRMED",
+          Username: "0000-0000",
+        });
+
+        await confirmForgotPassword({
+          ClientId: "clientId",
+          Username: "janice",
+          ConfirmationCode: "4567",
+          Password: "newPassword",
+        });
+
+        expect(mockTriggers.postConfirmation).toHaveBeenCalledWith({
+          clientId: "clientId",
+          source: "PostConfirmation_ConfirmForgotPassword",
+          userAttributes: [
+            {
+              Name: "email",
+              Value: "[email protected]",
+            },
+          ],
+          userPoolId: "userPoolId",
+          username: "0000-0000",
+        });
+      });
+    });
+
+    describe("when PostConfirmation trigger not configured", () => {
+      it("doesn't invoke the trigger", async () => {
+        mockTriggers.enabled.mockReturnValue(false);
+
+        mockDataStore.getUserPoolIdForClientId.mockResolvedValue("userPoolId");
+        mockDataStore.getUserByUsername.mockResolvedValue({
+          Attributes: [{ Name: "email", Value: "[email protected]" }],
+          ConfirmationCode: "4567",
+          Enabled: true,
+          Password: "pwd",
+          UserCreateDate: now.getTime(),
+          UserLastModifiedDate: now.getTime(),
+          UserStatus: "UNCONFIRMED",
+          Username: "0000-0000",
+        });
+
+        await confirmForgotPassword({
+          ClientId: "clientId",
+          Username: "janice",
+          ConfirmationCode: "4567",
+          Password: "newPassword",
+        });
+
+        expect(mockTriggers.postConfirmation).not.toHaveBeenCalled();
+      });
+    });
   });
 });

src/targets/confirmForgotPassword.ts

@@ -1,4 +1,8 @@
-import { CodeMismatchError, UserNotFoundError } from "../errors";
+import {
+  CodeMismatchError,
+  ResourceNotFoundError,
+  UserNotFoundError,
+} from "../errors";
 import { Services } from "../services";
 
 interface Input {
@@ -12,7 +16,13 @@ export type ConfirmForgotPasswordTarget = (body: Input) => Promise<{}>;
 
 export const ConfirmForgotPassword = ({
   userPool,
+  triggers,
 }: Services): ConfirmForgotPasswordTarget => async (body) => {
+  const userPoolId = await userPool.getUserPoolIdForClientId(body.ClientId);
+  if (!userPoolId) {
+    throw new ResourceNotFoundError();
+  }
+
   const user = await userPool.getUserByUsername(body.Username);
 
   if (!user) {
@@ -31,5 +41,15 @@ export const ConfirmForgotPassword = ({
     Password: body.Password,
   });
 
+  if (triggers.enabled("PostConfirmation")) {
+    await triggers.postConfirmation({
+      source: "PostConfirmation_ConfirmForgotPassword",
+      username: user.Username,
+      clientId: body.ClientId,
+      userPoolId,
+      userAttributes: user.Attributes,
+    });
+  }
+
   return {};
 };