add unit tests to test valid/invalid cognito tokens

packages/auth/__tests__/providers/cognito/tokenProvider.test.ts

@@ -20,17 +20,15 @@ class MemoryStorage implements KeyValueStorageInterface {
 }
 
 describe('Loading tokens', () => {
-	let isValidCognitoTokenSpy: jest.SpyInstance<any>;
-	beforeEach(() => {
-		isValidCognitoTokenSpy = jest
-			.spyOn(coreUtils, 'isValidCognitoToken')
-			.mockReturnValue(Promise.resolve(true));
-	});
 	afterEach(() => {
-		isValidCognitoTokenSpy.mockClear();
+		jest.resetAllMocks();
 	});
 
 	it('should load tokens from store', async () => {
+		const isValidCognitoTokenSpy = jest
+			.spyOn(coreUtils, 'isValidCognitoToken')
+			.mockReturnValue(Promise.resolve(true));
+
 		const tokenStore = new DefaultTokenStore();
 		const memoryStorage = new MemoryStorage();
 		const userPoolClientId = 'abcdefgh';
@@ -106,6 +104,45 @@ describe('Loading tokens', () => {
 		expect(result?.deviceMetadata?.randomPassword).toBe('random-password');
 		expect(result?.deviceMetadata?.deviceKey).toBe('device-key');
 	});
+
+	it('should not load invalid cognito tokens', async () => {
+		jest
+			.spyOn(coreUtils, 'isValidCognitoToken')
+			.mockReturnValue(Promise.resolve(false));
+
+		const tokenStore = new DefaultTokenStore();
+		const memoryStorage = new MemoryStorage();
+		const userPoolClientId = 'abcdefgh';
+		const userSub = 'user123';
+		const userPoolId = 'us-east-1:1111111';
+		const accessToken =
+			'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyLCJleHAiOjE3MTAyOTMxMzB9.Y';
+		const idToken =
+			'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NSIsIm5hbWUiOiJUZXN0IHVzZXIiLCJpYXQiOjE1MTYyMzkwMjIsImV4cCI6MTcxMDI5MzEzMH0.Y';
+
+		memoryStorage.setItem(
+			`CognitoIdentityServiceProvider.${userPoolClientId}.LastAuthUser`,
+			userSub,
+		);
+		memoryStorage.setItem(
+			`CognitoIdentityServiceProvider.${userPoolClientId}.${userSub}.accessToken`,
+			accessToken,
+		);
+		memoryStorage.setItem(
+			`CognitoIdentityServiceProvider.${userPoolClientId}.${userSub}.idToken`,
+			idToken,
+		);
+
+		tokenStore.setKeyValueStorage(memoryStorage);
+		tokenStore.setAuthConfig({
+			Cognito: {
+				userPoolId,
+				userPoolClientId,
+			},
+		});
+		const result = await tokenStore.loadTokens();
+		expect(result).toBe(null);
+	});
 });
 
 describe('saving tokens', () => {

packages/core/__tests__/utils/isValidCognitoToken.test.ts

@@ -0,0 +1,68 @@
+import { CognitoJwtVerifier } from 'aws-jwt-verify';
+
+import { isValidCognitoToken } from '../../src/utils/isValidCognitoToken';
+
+jest.mock('aws-jwt-verify', () => {
+	return {
+		CognitoJwtVerifier: {
+			create: jest.fn(),
+		},
+	};
+});
+
+const mockedCreate = CognitoJwtVerifier.create as jest.MockedFunction<
+	typeof CognitoJwtVerifier.create
+>;
+
+describe('isValidCognitoToken', () => {
+	const token = 'mocked-token';
+	const userPoolId = 'us-east-1_test';
+	const clientId = 'client-id-test';
+	const tokenType = 'id';
+
+	beforeEach(() => {
+		jest.clearAllMocks();
+	});
+
+	it('should return true for a valid token', async () => {
+		const mockVerifier: any = {
+			verify: jest.fn().mockResolvedValue({}),
+		};
+		mockedCreate.mockReturnValue(mockVerifier);
+
+		const result = await isValidCognitoToken({
+			token,
+			userPoolId,
+			clientId,
+			tokenType,
+		});
+		expect(result).toBe(true);
+		expect(CognitoJwtVerifier.create).toHaveBeenCalledWith({
+			userPoolId,
+			clientId,
+			tokenUse: tokenType,
+		});
+		expect(mockVerifier.verify).toHaveBeenCalledWith(token);
+	});
+
+	it('should return false for an invalid token', async () => {
+		const mockVerifier: any = {
+			verify: jest.fn().mockRejectedValue(new Error('Invalid token')),
+		};
+		mockedCreate.mockReturnValue(mockVerifier);
+
+		const result = await isValidCognitoToken({
+			token,
+			userPoolId,
+			clientId,
+			tokenType,
+		});
+		expect(result).toBe(false);
+		expect(CognitoJwtVerifier.create).toHaveBeenCalledWith({
+			userPoolId,
+			clientId,
+			tokenUse: tokenType,
+		});
+		expect(mockVerifier.verify).toHaveBeenCalledWith(token);
+	});
+});