fix: propagate Session parameter through initiateAuth

michaelruocco · May 3, 2020 · 688fd4a · 688fd4a
1 parent f16afe6
commit 688fd4a
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 14 deletions.
diff --git a/src/targets/initiateAuth.test.ts b/src/targets/initiateAuth.test.ts
@@ -77,6 +77,7 @@ describe("InitiateAuth target", () => {
             USERNAME: "0000-0000",
             PASSWORD: "bad-password",
           },
+          Session: "Session",
         })
       ).rejects.toBeInstanceOf(InvalidPasswordError);
     });
@@ -100,6 +101,7 @@ describe("InitiateAuth target", () => {
             USERNAME: "0000-0000",
             PASSWORD: "bad-password",
           },
+          Session: "Session",
         })
       ).rejects.toBeInstanceOf(PasswordResetRequiredError);
     });
@@ -119,19 +121,19 @@ describe("InitiateAuth target", () => {
           });
           mockUserPoolClient.getUserByUsername.mockResolvedValue(null);
 
-          const output = await initiateAuth({
+          const output = (await initiateAuth({
             ClientId: "clientId",
             AuthFlow: "USER_PASSWORD_AUTH",
             AuthParameters: {
               USERNAME: "0000-0000",
               PASSWORD: "hunter2",
             },
-          });
+            Session: "Session",
+          })) as PasswordVerifierOutput;
 
           expect(output).toBeDefined();
-          expect(
-            (output as PasswordVerifierOutput).AuthenticationResult.AccessToken
-          ).toBeDefined();
+          expect(output.Session).toBe("Session");
+          expect(output.AuthenticationResult.AccessToken).toBeDefined();
         });
       });
 
@@ -148,6 +150,7 @@ describe("InitiateAuth target", () => {
                 USERNAME: "0000-0000",
                 PASSWORD: "hunter2",
               },
+              Session: "Session",
             })
           ).rejects.toBeInstanceOf(NotAuthorizedError);
         });
@@ -197,9 +200,12 @@ describe("InitiateAuth target", () => {
                 USERNAME: "0000-0000",
                 PASSWORD: "hunter2",
               },
+              Session: "Session",
             })) as SmsMfaOutput;
 
             expect(output).toBeDefined();
+            expect(output.Session).toBe("Session");
+
             expect(mockCodeDelivery).toHaveBeenCalledWith(user, {
               AttributeName: "phone_number",
               DeliveryMedium: "SMS",
@@ -236,6 +242,7 @@ describe("InitiateAuth target", () => {
                   USERNAME: "0000-0000",
                   PASSWORD: "hunter2",
                 },
+                Session: "Session",
               })
             ).rejects.toBeInstanceOf(NotAuthorizedError);
           });
@@ -284,9 +291,12 @@ describe("InitiateAuth target", () => {
                 USERNAME: "0000-0000",
                 PASSWORD: "hunter2",
               },
+              Session: "Session",
             })) as SmsMfaOutput;
 
             expect(output).toBeDefined();
+            expect(output.Session).toBe("Session");
+
             expect(mockCodeDelivery).toHaveBeenCalledWith(user, {
               AttributeName: "phone_number",
               DeliveryMedium: "SMS",
@@ -325,9 +335,11 @@ describe("InitiateAuth target", () => {
                 USERNAME: "0000-0000",
                 PASSWORD: "hunter2",
               },
+              Session: "Session",
             })) as PasswordVerifierOutput;
 
             expect(output).toBeDefined();
+            expect(output.Session).toBe("Session");
 
             // access token
             expect(output.AuthenticationResult.AccessToken).toBeDefined();
@@ -405,9 +417,11 @@ describe("InitiateAuth target", () => {
               USERNAME: "0000-0000",
               PASSWORD: "hunter2",
             },
+            Session: "Session",
           })) as PasswordVerifierOutput;
 
           expect(output).toBeDefined();
+          expect(output.Session).toBe("Session");
 
           // access token
           expect(output.AuthenticationResult.AccessToken).toBeDefined();

diff --git a/src/targets/initiateAuth.ts b/src/targets/initiateAuth.ts
@@ -14,6 +14,7 @@ interface Input {
   AuthFlow: "USER_PASSWORD_AUTH" | "CUSTOM_AUTH";
   ClientId: string;
   AuthParameters: { USERNAME: string; PASSWORD: string };
+  Session: string | null;
 }
 
 export interface SmsMfaOutput {
@@ -23,13 +24,13 @@ export interface SmsMfaOutput {
     CODE_DELIVERY_DESTINATION: string;
     USER_ID_FOR_SRP: string;
   };
-  Session: string;
+  Session: string | null;
 }
 
 export interface PasswordVerifierOutput {
   ChallengeName: "PASSWORD_VERIFIER";
   ChallengeParameters: {};
-  Session: string;
+  Session: string | null;
   AuthenticationResult: {
     IdToken: string;
     AccessToken: string;
@@ -43,6 +44,7 @@ export type InitiateAuthTarget = (body: Input) => Promise<Output>;
 
 const verifyMfaChallenge = async (
   user: User,
+  body: Input,
   userPool: UserPoolClient,
   codeDelivery: CodeDelivery
 ): Promise<SmsMfaOutput> => {
@@ -79,7 +81,7 @@ const verifyMfaChallenge = async (
       CODE_DELIVERY_DESTINATION: deliveryDestination,
       USER_ID_FOR_SRP: user.Username,
     },
-    Session: "",
+    Session: body.Session,
   };
 };
 
@@ -138,7 +140,7 @@ const verifyPasswordChallenge = (
       ),
       RefreshToken: "<< TODO >>",
     },
-    Session: "",
+    Session: body.Session,
   };
 };
 
@@ -180,12 +182,11 @@ export const InitiateAuth = ({
   }
 
   if (
-    userPool.config.MfaConfiguration === "OPTIONAL" &&
-    (user.MFAOptions ?? []).length > 0
+    (userPool.config.MfaConfiguration === "OPTIONAL" &&
+      (user.MFAOptions ?? []).length > 0) ||
+    userPool.config.MfaConfiguration === "ON"
   ) {
-    return verifyMfaChallenge(user, userPool, codeDelivery);
-  } else if (userPool.config.MfaConfiguration === "ON") {
-    return verifyMfaChallenge(user, userPool, codeDelivery);
+    return verifyMfaChallenge(user, body, userPool, codeDelivery);
   }
 
   return verifyPasswordChallenge(user, body, userPool);