Merge branch 'next/main' into chore/sync-console-preview-10-5-4

aws-amplify · Oct 5, 2023 · 0d030ed · 0d030ed
2 parents 7049e04 + a667688
commit 0d030ed
Show file tree

Hide file tree

Showing 8 changed files with 143 additions and 77 deletions.
diff --git a/packages/analytics/package.json b/packages/analytics/package.json
@@ -93,18 +93,18 @@
 	],
 	"dependencies": {
 		"tslib": "^2.5.0",
-		"uuid": "^9.0.0"
+		"uuid": "^9.0.0",
+		"@aws-sdk/client-kinesis": "3.398.0",
+		"@aws-sdk/client-firehose": "3.398.0",
+		"@aws-sdk/client-personalize-events": "3.398.0",
+		"@smithy/util-utf8": "2.0.0"
 	},
 	"peerDependencies": {
 		"@aws-amplify/core": "^6.0.0"
 	},
 	"devDependencies": {
 		"@aws-amplify/core": "6.0.0",
-		"@aws-sdk/client-kinesis": "3.398.0",
-		"@aws-sdk/client-firehose": "3.398.0",
-		"@aws-sdk/client-personalize-events": "3.398.0",
 		"@aws-sdk/types": "3.398.0",
-		"@smithy/util-utf8": "2.0.0",
 		"@types/uuid": "^9.0.0",
 		"typescript": "5.0.2"
 	},

diff --git a/packages/auth/__tests__/providers/cognito/tokenProvider.test.ts b/packages/auth/__tests__/providers/cognito/tokenProvider.test.ts
@@ -78,6 +78,57 @@ describe('Loading tokens', () => {
 		expect(result?.deviceMetadata?.randomPassword).toBe('random-password');
 		expect(result?.deviceMetadata?.deviceKey).toBe('device-key');
 	});
+
+	test('load device tokens from store', async () => {
+		const tokenStore = new DefaultTokenStore();
+		const memoryStorage = new MemoryStorage();
+		const userPoolClientId = 'userPoolClientId';
+		const userSub1 = '[email protected]';
+		const userSub1Encoded = 'user1%40email.com';
+		const userSub2 = '[email protected]';
+
+		memoryStorage.setItem(
+			`CognitoIdentityServiceProvider.${userPoolClientId}.${userSub1Encoded}.deviceKey`,
+			'user1-device-key'
+		);
+		memoryStorage.setItem(
+			`CognitoIdentityServiceProvider.${userPoolClientId}.${userSub1Encoded}.deviceGroupKey`,
+			'user1-device-group-key'
+		);
+		memoryStorage.setItem(
+			`CognitoIdentityServiceProvider.${userPoolClientId}.${userSub1Encoded}.randomPasswordKey`,
+			'user1-random-password'
+		);
+		memoryStorage.setItem(
+			`CognitoIdentityServiceProvider.${userPoolClientId}.${userSub2}.deviceKey`,
+			'user2-device-key'
+		);
+		memoryStorage.setItem(
+			`CognitoIdentityServiceProvider.${userPoolClientId}.${userSub2}.deviceGroupKey`,
+			'user2-device-group-key'
+		);
+		memoryStorage.setItem(
+			`CognitoIdentityServiceProvider.${userPoolClientId}.${userSub2}.randomPasswordKey`,
+			'user2-random-password'
+		);
+
+		tokenStore.setKeyValueStorage(memoryStorage);
+		tokenStore.setAuthConfig({
+			Cognito: {
+				userPoolId: 'us-east-1:1111111',
+				userPoolClientId,
+			},
+		});
+		const user1DeviceMetadata = await tokenStore.getDeviceMetadata(userSub1);
+		expect(user1DeviceMetadata?.randomPassword).toBe('user1-random-password');
+		expect(user1DeviceMetadata?.deviceGroupKey).toBe('user1-device-group-key');
+		expect(user1DeviceMetadata?.deviceKey).toBe('user1-device-key');
+
+		const user2DeviceMetadata = await tokenStore.getDeviceMetadata(userSub2);
+		expect(user2DeviceMetadata?.randomPassword).toBe('user2-random-password');
+		expect(user2DeviceMetadata?.deviceGroupKey).toBe('user2-device-group-key');
+		expect(user2DeviceMetadata?.deviceKey).toBe('user2-device-key');
+	});
 });
 
 describe('saving tokens', () => {

diff --git a/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts b/packages/auth/src/providers/cognito/apis/signInWithRedirect.ts
@@ -160,10 +160,7 @@ async function handleCodeFlow({
 	}
 	const code = url.searchParams.get('code');
 
-	const currentUrlPathname = url.pathname ?? '/';
-	const redirectUriPathname = new URL(redirectUri).pathname ?? '/';
-
-	if (!code || currentUrlPathname !== redirectUriPathname) {
+	if (!code) {
 		return;
 	}
 

diff --git a/packages/auth/src/providers/cognito/tokenProvider/TokenOrchestrator.ts b/packages/auth/src/providers/cognito/tokenProvider/TokenOrchestrator.ts
@@ -150,10 +150,10 @@ export class TokenOrchestrator implements AuthTokenOrchestrator {
 		return this.getTokenStore().clearTokens();
 	}
 
-	getDeviceMetadata(): Promise<DeviceMetadata | null> {
-		return this.getTokenStore().getDeviceMetadata();
+	getDeviceMetadata(username?: string): Promise<DeviceMetadata | null> {
+		return this.getTokenStore().getDeviceMetadata(username);
 	}
-	clearDeviceMetadata(): Promise<void> {
-		return this.getTokenStore().clearDeviceMetadata();
+	clearDeviceMetadata(username?: string): Promise<void> {
+		return this.getTokenStore().clearDeviceMetadata(username);
 	}
 }
diff --git a/packages/auth/src/providers/cognito/tokenProvider/TokenStore.ts b/packages/auth/src/providers/cognito/tokenProvider/TokenStore.ts
@@ -145,8 +145,8 @@ export class DefaultTokenStore implements AuthTokenStore {
 		]);
 	}
 
-	async getDeviceMetadata(): Promise<DeviceMetadata | null> {
-		const authKeys = await this.getAuthKeys();
+	async getDeviceMetadata(username?: string): Promise<DeviceMetadata | null> {
+		const authKeys = await this.getDeviceAuthKeys(username);
 		const deviceKey = await this.getKeyValueStorage().getItem(
 			authKeys.deviceKey
 		);
@@ -165,25 +165,43 @@ export class DefaultTokenStore implements AuthTokenStore {
 			  }
 			: null;
 	}
-	async clearDeviceMetadata(): Promise<void> {
-		const authKeys = await this.getAuthKeys();
+	async clearDeviceMetadata(username?: string): Promise<void> {
+		const authKeys = await this.getDeviceAuthKeys(username);
 		await Promise.all([
 			this.getKeyValueStorage().removeItem(authKeys.deviceKey),
 			this.getKeyValueStorage().removeItem(authKeys.deviceGroupKey),
 			this.getKeyValueStorage().removeItem(authKeys.randomPasswordKey),
 		]);
 	}
 
-	private async getAuthKeys(): Promise<
-		AuthKeys<keyof typeof AuthTokenStorageKeys>
-	> {
+	private async getAuthKeys(
+		username?: string
+	): Promise<AuthKeys<keyof typeof AuthTokenStorageKeys>> {
 		assertTokenProviderConfig(this.authConfig?.Cognito);
-		const lastAuthUser = await this.getLastAuthUser();
+		const lastAuthUser = username ?? (await this.getLastAuthUser());
 		return createKeysForAuthStorage(
 			this.name,
 			`${this.authConfig.Cognito.userPoolClientId}.${lastAuthUser}`
 		);
 	}
+	private async getDeviceAuthKeys(
+		username?: string
+	): Promise<AuthKeys<keyof typeof AuthTokenStorageKeys>> {
+		let authKeys: AuthKeys<keyof typeof AuthTokenStorageKeys>;
+		if (username) {
+			const authEncodedKeys = await this.getAuthKeys(
+				encodeURIComponent(username)
+			);
+			const authNonEncodedKeys = await this.getAuthKeys(username);
+			const isEncodedKeysPresent = !!(await this.getKeyValueStorage().getItem(
+				authEncodedKeys.randomPasswordKey
+			));
+			authKeys = isEncodedKeysPresent ? authEncodedKeys : authNonEncodedKeys;
+		} else {
+			authKeys = await this.getAuthKeys();
+		}
+		return authKeys;
+	}
 
 	private getLastAuthUserKey() {
 		assertTokenProviderConfig(this.authConfig?.Cognito);

diff --git a/packages/auth/src/providers/cognito/tokenProvider/types.ts b/packages/auth/src/providers/cognito/tokenProvider/types.ts
@@ -36,8 +36,8 @@ export interface AuthTokenStore {
 	storeTokens(tokens: CognitoAuthTokens): Promise<void>;
 	clearTokens(): Promise<void>;
 	setKeyValueStorage(keyValueStorage: KeyValueStorageInterface): void;
-	getDeviceMetadata(): Promise<DeviceMetadata | null>;
-	clearDeviceMetadata(): Promise<void>;
+	getDeviceMetadata(username?: string): Promise<DeviceMetadata | null>;
+	clearDeviceMetadata(username?: string): Promise<void>;
 }
 
 export interface AuthTokenOrchestrator {
@@ -46,8 +46,8 @@ export interface AuthTokenOrchestrator {
 	getTokens: (options?: FetchAuthSessionOptions) => Promise<AuthTokens | null>;
 	setTokens: ({ tokens }: { tokens: CognitoAuthTokens }) => Promise<void>;
 	clearTokens: () => Promise<void>;
-	getDeviceMetadata(): Promise<DeviceMetadata | null>;
-	clearDeviceMetadata(): Promise<void>;
+	getDeviceMetadata(username?: string): Promise<DeviceMetadata | null>;
+	clearDeviceMetadata(username?: string): Promise<void>;
 }
 
 export interface CognitoUserPoolTokenProviderType extends TokenProvider {

diff --git a/packages/auth/src/providers/cognito/utils/signInHelpers.ts b/packages/auth/src/providers/cognito/utils/signInHelpers.ts
@@ -91,7 +91,7 @@ export async function handleCustomChallenge({
 		ANSWER: challengeResponse,
 	};
 
-	const deviceMetadata = await tokenOrchestrator?.getDeviceMetadata();
+	const deviceMetadata = await tokenOrchestrator?.getDeviceMetadata(username);
 	if (deviceMetadata && deviceMetadata.deviceKey) {
 		challengeResponses['DEVICE_KEY'] = deviceMetadata.deviceKey;
 	}
@@ -267,7 +267,7 @@ export async function handleUserPasswordAuthFlow(
 		USERNAME: username,
 		PASSWORD: password,
 	};
-	const deviceMetadata = await tokenOrchestrator.getDeviceMetadata();
+	const deviceMetadata = await tokenOrchestrator.getDeviceMetadata(username);
 
 	if (deviceMetadata && deviceMetadata.deviceKey) {
 		authParameters['DEVICE_KEY'] = deviceMetadata.deviceKey;
@@ -310,7 +310,7 @@ export async function handleUserSRPAuthFlow(
 		USERNAME: username,
 		SRP_A: authenticationHelper.A.toString(16),
 	};
-	const deviceMetadata = await tokenOrchestrator.getDeviceMetadata();
+	const deviceMetadata = await tokenOrchestrator.getDeviceMetadata(username);
 
 	if (deviceMetadata && deviceMetadata.deviceKey) {
 		authParameters['DEVICE_KEY'] = deviceMetadata.deviceKey;
@@ -346,7 +346,7 @@ export async function handleCustomAuthFlowWithoutSRP(
 	const authParameters: Record<string, string> = {
 		USERNAME: username,
 	};
-	const deviceMetadata = await tokenOrchestrator.getDeviceMetadata();
+	const deviceMetadata = await tokenOrchestrator.getDeviceMetadata(username);
 
 	if (deviceMetadata && deviceMetadata.deviceKey) {
 		authParameters['DEVICE_KEY'] = deviceMetadata.deviceKey;
@@ -386,7 +386,7 @@ export async function handleCustomSRPAuthFlow(
 	const userPoolName = userPoolId?.split('_')[1] || '';
 	const authenticationHelper = await getAuthenticationHelper(userPoolName);
 
-	const deviceMetadata = await tokenOrchestrator.getDeviceMetadata();
+	const deviceMetadata = await tokenOrchestrator.getDeviceMetadata(username);
 
 	const authParameters: Record<string, string> = {
 		USERNAME: username,
@@ -427,7 +427,7 @@ async function handleDeviceSRPAuth({
 }: HandleDeviceSRPInput): Promise<RespondToAuthChallengeCommandOutput> {
 	const userPoolId = config.userPoolId;
 	const clientId = config.userPoolClientId;
-	const deviceMetadata = await tokenOrchestrator?.getDeviceMetadata();
+	const deviceMetadata = await tokenOrchestrator?.getDeviceMetadata(username);
 	assertDeviceMetadata(deviceMetadata);
 	const authenticationHelper = await getAuthenticationHelper(
 		deviceMetadata.deviceGroupKey
@@ -470,7 +470,7 @@ async function handleDevicePasswordVerifier(
 	{ userPoolId, userPoolClientId }: CognitoUserPoolConfig,
 	tokenOrchestrator?: AuthTokenOrchestrator
 ): Promise<RespondToAuthChallengeCommandOutput> {
-	const deviceMetadata = await tokenOrchestrator?.getDeviceMetadata();
+	const deviceMetadata = await tokenOrchestrator?.getDeviceMetadata(username);
 	assertDeviceMetadata(deviceMetadata);
 
 	const serverBValue = new BigInteger(challengeParameters?.SRP_B, 16);
@@ -554,7 +554,7 @@ export async function handlePasswordVerifierChallenge(
 		}),
 	} as { [key: string]: string };
 
-	const deviceMetadata = await tokenOrchestrator.getDeviceMetadata();
+	const deviceMetadata = await tokenOrchestrator.getDeviceMetadata(username);
 	if (deviceMetadata && deviceMetadata.deviceKey) {
 		challengeResponses['DEVICE_KEY'] = deviceMetadata.deviceKey;
 	}