From d6060200fa1665465cfe39b97b6bfffdecc68a63 Mon Sep 17 00:00:00 2001 From: Avery Huang <68914997+huang0h@users.noreply.github.com> Date: Sun, 13 Oct 2024 18:50:59 -0400 Subject: [PATCH] switch to admininitiateauth; fix refresh tokens (#38) --- apps/backend/src/auth/auth.controller.ts | 10 +++------- apps/backend/src/auth/auth.service.ts | 18 ++++++++++-------- .../backend/src/auth/dtos/refresh-token.dto.ts | 3 +++ apps/backend/src/auth/dtos/verify-user.dto.ts | 6 +++--- 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/apps/backend/src/auth/auth.controller.ts b/apps/backend/src/auth/auth.controller.ts index 70d06c5..91ad550 100644 --- a/apps/backend/src/auth/auth.controller.ts +++ b/apps/backend/src/auth/auth.controller.ts @@ -49,7 +49,7 @@ export class AuthController { @Post('/verify') verifyUser(@Body() body: VerifyUserDto): void { try { - this.authService.verifyUser(body.email, String(body.verificationCode)); + this.authService.verifyUser(body.email, body.verificationCode); } catch (e) { throw new BadRequestException(e.message); } @@ -60,13 +60,9 @@ export class AuthController { return this.authService.signin(signInDto); } - @UseGuards(AuthGuard('jwt')) @Post('/refresh') - refresh( - @Body() refreshDto: RefreshTokenDto, - @Request() request, - ): Promise { - return this.authService.refreshToken(refreshDto, request.user.idUser); + refresh(@Body() refreshDto: RefreshTokenDto): Promise { + return this.authService.refreshToken(refreshDto); } @Post('/forgotPassword') diff --git a/apps/backend/src/auth/auth.service.ts b/apps/backend/src/auth/auth.service.ts index e011982..d78a12d 100644 --- a/apps/backend/src/auth/auth.service.ts +++ b/apps/backend/src/auth/auth.service.ts @@ -1,12 +1,12 @@ import { Injectable } from '@nestjs/common'; import { AdminDeleteUserCommand, + AdminInitiateAuthCommand, AttributeType, CognitoIdentityProviderClient, ConfirmForgotPasswordCommand, ConfirmSignUpCommand, ForgotPasswordCommand, - InitiateAuthCommand, ListUsersCommand, SignUpCommand, } from '@aws-sdk/client-cognito-identity-provider'; @@ -98,9 +98,10 @@ export class AuthService { } async signin({ email, password }: SignInDto): Promise { - const signInCommand = new InitiateAuthCommand({ - AuthFlow: 'USER_PASSWORD_AUTH', + const signInCommand = new AdminInitiateAuthCommand({ + AuthFlow: 'ADMIN_USER_PASSWORD_AUTH', ClientId: CognitoAuthConfig.clientId, + UserPoolId: CognitoAuthConfig.userPoolId, AuthParameters: { USERNAME: email, PASSWORD: password, @@ -118,13 +119,14 @@ export class AuthService { } // Refresh token hash uses a user's sub (unique ID), not their username (typically their email) - async refreshToken( - { refreshToken }: RefreshTokenDto, - userSub: string, - ): Promise { - const refreshCommand = new InitiateAuthCommand({ + async refreshToken({ + refreshToken, + userSub, + }: RefreshTokenDto): Promise { + const refreshCommand = new AdminInitiateAuthCommand({ AuthFlow: 'REFRESH_TOKEN_AUTH', ClientId: CognitoAuthConfig.clientId, + UserPoolId: CognitoAuthConfig.userPoolId, AuthParameters: { REFRESH_TOKEN: refreshToken, SECRET_HASH: this.calculateHash(userSub), diff --git a/apps/backend/src/auth/dtos/refresh-token.dto.ts b/apps/backend/src/auth/dtos/refresh-token.dto.ts index 3c56e21..f67905d 100644 --- a/apps/backend/src/auth/dtos/refresh-token.dto.ts +++ b/apps/backend/src/auth/dtos/refresh-token.dto.ts @@ -3,4 +3,7 @@ import { IsString } from 'class-validator'; export class RefreshTokenDto { @IsString() refreshToken: string; + + @IsString() + userSub: string; } diff --git a/apps/backend/src/auth/dtos/verify-user.dto.ts b/apps/backend/src/auth/dtos/verify-user.dto.ts index d26eeff..6639160 100644 --- a/apps/backend/src/auth/dtos/verify-user.dto.ts +++ b/apps/backend/src/auth/dtos/verify-user.dto.ts @@ -1,9 +1,9 @@ -import { IsEmail, IsNumber } from 'class-validator'; +import { IsEmail, IsString } from 'class-validator'; export class VerifyUserDto { @IsEmail() email: string; - @IsNumber() - verificationCode: number; + @IsString() + verificationCode: string; }