switch to admininitiateauth; fix refresh tokens (#38)

Code-4-Community · Oct 13, 2024 · d606020 · d606020
1 parent e17079c
commit d606020
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 18 deletions.
diff --git a/apps/backend/src/auth/auth.controller.ts b/apps/backend/src/auth/auth.controller.ts
@@ -49,7 +49,7 @@ export class AuthController {
   @Post('/verify')
   verifyUser(@Body() body: VerifyUserDto): void {
     try {
-      this.authService.verifyUser(body.email, String(body.verificationCode));
+      this.authService.verifyUser(body.email, body.verificationCode);
     } catch (e) {
       throw new BadRequestException(e.message);
     }
@@ -60,13 +60,9 @@ export class AuthController {
     return this.authService.signin(signInDto);
   }
 
-  @UseGuards(AuthGuard('jwt'))
   @Post('/refresh')
-  refresh(
-    @Body() refreshDto: RefreshTokenDto,
-    @Request() request,
-  ): Promise<SignInResponseDto> {
-    return this.authService.refreshToken(refreshDto, request.user.idUser);
+  refresh(@Body() refreshDto: RefreshTokenDto): Promise<SignInResponseDto> {
+    return this.authService.refreshToken(refreshDto);
   }
 
   @Post('/forgotPassword')

diff --git a/apps/backend/src/auth/auth.service.ts b/apps/backend/src/auth/auth.service.ts
@@ -1,12 +1,12 @@
 import { Injectable } from '@nestjs/common';
 import {
   AdminDeleteUserCommand,
+  AdminInitiateAuthCommand,
   AttributeType,
   CognitoIdentityProviderClient,
   ConfirmForgotPasswordCommand,
   ConfirmSignUpCommand,
   ForgotPasswordCommand,
-  InitiateAuthCommand,
   ListUsersCommand,
   SignUpCommand,
 } from '@aws-sdk/client-cognito-identity-provider';
@@ -98,9 +98,10 @@ export class AuthService {
   }
 
   async signin({ email, password }: SignInDto): Promise<SignInResponseDto> {
-    const signInCommand = new InitiateAuthCommand({
-      AuthFlow: 'USER_PASSWORD_AUTH',
+    const signInCommand = new AdminInitiateAuthCommand({
+      AuthFlow: 'ADMIN_USER_PASSWORD_AUTH',
       ClientId: CognitoAuthConfig.clientId,
+      UserPoolId: CognitoAuthConfig.userPoolId,
       AuthParameters: {
         USERNAME: email,
         PASSWORD: password,
@@ -118,13 +119,14 @@ export class AuthService {
   }
 
   // Refresh token hash uses a user's sub (unique ID), not their username (typically their email)
-  async refreshToken(
-    { refreshToken }: RefreshTokenDto,
-    userSub: string,
-  ): Promise<SignInResponseDto> {
-    const refreshCommand = new InitiateAuthCommand({
+  async refreshToken({
+    refreshToken,
+    userSub,
+  }: RefreshTokenDto): Promise<SignInResponseDto> {
+    const refreshCommand = new AdminInitiateAuthCommand({
       AuthFlow: 'REFRESH_TOKEN_AUTH',
       ClientId: CognitoAuthConfig.clientId,
+      UserPoolId: CognitoAuthConfig.userPoolId,
       AuthParameters: {
         REFRESH_TOKEN: refreshToken,
         SECRET_HASH: this.calculateHash(userSub),

diff --git a/apps/backend/src/auth/dtos/refresh-token.dto.ts b/apps/backend/src/auth/dtos/refresh-token.dto.ts
@@ -3,4 +3,7 @@ import { IsString } from 'class-validator';
 export class RefreshTokenDto {
   @IsString()
   refreshToken: string;
+
+  @IsString()
+  userSub: string;
 }
diff --git a/apps/backend/src/auth/dtos/verify-user.dto.ts b/apps/backend/src/auth/dtos/verify-user.dto.ts
@@ -1,9 +1,9 @@
-import { IsEmail, IsNumber } from 'class-validator';
+import { IsEmail, IsString } from 'class-validator';
 
 export class VerifyUserDto {
   @IsEmail()
   email: string;
 
-  @IsNumber()
-  verificationCode: number;
+  @IsString()
+  verificationCode: string;
 }