Skip to content

Commit

Permalink
fix(auth): Fix for checking current preferred type before setting the…
Browse files Browse the repository at this point in the history 
… MFAType as enabled to ensure the current preference is not cleared ou (#2580)
  • Loading branch information
@gpanshu
gpanshu committed Oct 23, 2023
1 parent 71eec07 commit cb81805
Show file tree
Hide file tree
Showing 6 changed files with 849 additions and 60 deletions.
2 changes: 1 addition & 1 deletion ...-cognito/src/main/java/com/amplifyframework/auth/cognito/CognitoAuthExceptionConverter.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ internal class CognitoAuthExceptionConverter {
is InvalidPasswordException ->
com.amplifyframework.auth.cognito.exceptions.service.InvalidPasswordException(error)
is InvalidParameterException ->
com.amplifyframework.auth.cognito.exceptions.service.InvalidParameterException(error)
com.amplifyframework.auth.cognito.exceptions.service.InvalidParameterException(cause = error)
is ExpiredCodeException -> CodeExpiredException(error)
is CodeMismatchException -> com.amplifyframework.auth.cognito.exceptions.service.CodeMismatchException(
error
Expand Down
100 changes: 66 additions & 34 deletions aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/RealAWSCognitoAuthPlugin.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ import com.amplifyframework.auth.cognito.exceptions.invalidstate.SignedInExcepti
import com.amplifyframework.auth.cognito.exceptions.service.CodeDeliveryFailureException
import com.amplifyframework.auth.cognito.exceptions.service.HostedUISignOutException
import com.amplifyframework.auth.cognito.exceptions.service.InvalidAccountTypeException
import com.amplifyframework.auth.cognito.exceptions.service.InvalidParameterException
import com.amplifyframework.auth.cognito.exceptions.service.UserCancelledException
import com.amplifyframework.auth.cognito.helpers.AuthHelper
import com.amplifyframework.auth.cognito.helpers.HostedUIHelper
Expand Down Expand Up @@ -2194,7 +2195,7 @@ internal class RealAWSCognitoAuthPlugin(
var enabledSet: MutableSet<MFAType>? = null
var preferred: MFAType? = null
if (!response.userMfaSettingList.isNullOrEmpty()) {
enabledSet = mutableSetOf<MFAType>()
enabledSet = mutableSetOf()
response.userMfaSettingList?.forEach { mfaType ->
enabledSet.add(getMFAType(mfaType))
}
Expand Down Expand Up @@ -2227,45 +2228,76 @@ internal class RealAWSCognitoAuthPlugin(
onSuccess: Action,
onError: Consumer<AuthException>
) {
authStateMachine.getCurrentState { authState ->
when (authState.authNState) {
is AuthenticationState.SignedIn -> {
GlobalScope.launch {
try {
val accessToken = getSession().userPoolTokensResult.value?.accessToken
accessToken?.let { token ->
authEnvironment.cognitoAuthService.cognitoIdentityProviderClient?.setUserMfaPreference {
this.accessToken = token
this.smsMfaSettings = sms?.let {
SmsMfaSettingsType.invoke {
enabled = it.mfaEnabled
it.mfaPreferred ?.let { preferred -> preferredMfa = preferred }
}
}
this.softwareTokenMfaSettings = totp?.let {
SoftwareTokenMfaSettingsType.invoke {
enabled = it.mfaEnabled
it.mfaPreferred ?.let { preferred -> preferredMfa = preferred }
if (sms == null && totp == null) {
onError.accept(InvalidParameterException("No mfa settings given"))
return
}
// If either of the params have preferred setting set then ignore fetched preference preferred property
val overridePreferredSetting: Boolean = !(sms?.mfaPreferred == true || totp?.mfaPreferred == true)
fetchMFAPreference({ userPreference ->
authStateMachine.getCurrentState { authState ->
when (authState.authNState) {
is AuthenticationState.SignedIn -> {
GlobalScope.launch {
try {
val accessToken = getSession().userPoolTokensResult.value?.accessToken
accessToken?.let { token ->
authEnvironment
.cognitoAuthService
.cognitoIdentityProviderClient
?.setUserMfaPreference {
this.accessToken = token
this.smsMfaSettings = sms?.let { it ->
val preferredMFASetting = it.mfaPreferred
?: (
overridePreferredSetting &&
userPreference.preferred == MFAType.SMS &&
it.mfaEnabled
)
SmsMfaSettingsType.invoke {
enabled = it.mfaEnabled
preferredMfa = preferredMFASetting
}
}
this.softwareTokenMfaSettings = totp?.let { it ->
val preferredMFASetting = it.mfaPreferred
?: (
overridePreferredSetting &&
userPreference.preferred == MFAType.TOTP &&
it.mfaEnabled
)
SoftwareTokenMfaSettingsType.invoke {
enabled = it.mfaEnabled
preferredMfa = preferredMFASetting
}
}
}?.also {
onSuccess.call()
}
}
}?.also {
onSuccess.call()
}
} ?: onError.accept(SignedOutException())
} catch (error: Exception) {
onError.accept(
CognitoAuthExceptionConverter.lookup(
error,
"Amazon Cognito cannot update the MFA preferences"
} ?: onError.accept(SignedOutException())
} catch (error: Exception) {
onError.accept(
CognitoAuthExceptionConverter.lookup(
error,
"Amazon Cognito cannot update the MFA preferences"
)
)
)
}
}
}
else -> onError.accept(InvalidStateException())
}

else -> onError.accept(InvalidStateException())
}
}
}, {
onError.accept(
AuthException(
message = "Failed to fetch current MFA preferences " +
"which is a pre-requisite to update MFA preferences",
recoverySuggestion = AmplifyException.TODO_RECOVERY_SUGGESTION,
cause = it
)
)
})
}

private fun verifyTotp(
Expand Down
5 changes: 4 additions & 1 deletion aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/UserMFAPreference.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,10 @@ data class UserMFAPreference(
/**
* Input for updating the MFA preference for a MFA Type
*/
enum class MFAPreference(internal val mfaEnabled: Boolean, internal val mfaPreferred: Boolean? = null) {
enum class MFAPreference(
internal val mfaEnabled: Boolean,
internal val mfaPreferred: Boolean? = null
) {
/**
* MFA not enabled
*/
Expand Down
4 changes: 2 additions & 2 deletions ...in/java/com/amplifyframework/auth/cognito/exceptions/service/InvalidParameterException.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ import com.amplifyframework.auth.exceptions.ServiceException
* Could not perform the action because there are incorrect parameters.
* @param cause The underlying cause of this exception
*/
open class InvalidParameterException(cause: Throwable?) :
ServiceException("One or more parameters are incorrect.", "Enter correct parameters.", cause)
open class InvalidParameterException(message: String? = null, cause: Throwable? = null) :
ServiceException(message ?: "One or more parameters are incorrect.", "Enter correct parameters.", cause)
4 changes: 2 additions & 2 deletions aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/helpers/AuthHelper.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,10 @@ internal open class AuthHelper {
fun getSecretHash(userId: String?, clientId: String?, clientSecret: String?): String? {
return when {
userId == null -> throw InvalidParameterException(
Exception("user ID cannot be null")
cause = Exception("user ID cannot be null")
)
clientId == null -> throw InvalidParameterException(
Exception("client ID cannot be null")
cause = Exception("client ID cannot be null")
)
clientSecret.isNullOrEmpty() -> null
else ->
Expand Down
Loading

0 comments on commit cb81805

Please sign in to comment.