Skip to content

Commit

Permalink
fix(Auth): Resolve AuthZ state correctly when in error state
Browse files Browse the repository at this point in the history
  • Loading branch information
@harsh62
harsh62 committed Jun 25, 2024
1 parent 9ed6c1c commit f494bef
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 11 deletions.
20 changes: 9 additions & 11 deletions ...uth/Sources/AWSCognitoAuthPlugin/Operations/Helpers/FetchAuthSessionOperationHelper.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,23 +66,21 @@ class FetchAuthSessionOperationHelper: DefaultLogger {
authStateMachine: AuthStateMachine,
forceRefresh: Bool) async throws -> AuthSession {

var event: AuthorizationEvent
if forceRefresh || !credentials.areValid() {
if case .identityPoolWithFederation(
let federatedToken,
let identityId,
_
) = credentials {
event = AuthorizationEvent(
eventType: .startFederationToIdentityPool(federatedToken, identityId)
)
} else {
var event: AuthorizationEvent
switch credentials {
case .identityPoolWithFederation(let federatedToken, let identityId, _):
event = AuthorizationEvent(eventType: .startFederationToIdentityPool(federatedToken, identityId))
case .noCredentials:
event = AuthorizationEvent(eventType: .fetchUnAuthSession)
case .userPoolOnly, .identityPoolOnly, .userPoolAndIdentityPool:
event = AuthorizationEvent(eventType: .refreshSession(forceRefresh))
}
await authStateMachine.send(event)
return try await listenForSession(authStateMachine: authStateMachine)
} else {
return credentials.cognitoSession
}
return credentials.cognitoSession
}

func listenForSession(authStateMachine: AuthStateMachine) async throws -> AuthSession {
Expand Down
53 changes: 53 additions & 0 deletions ...luginUnitTests/TaskTests/AuthorizationTests/AWSAuthFetchSignInSessionOperationTests.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -584,6 +584,59 @@ class AWSAuthFetchSignInSessionOperationTests: BaseAuthorizationTests {
}
}

/// Test fetch session with authorization in error state
///
/// - Given: An auth plugin with signedOut state
/// - When:
/// - I invoke fetchAuthSession and mock notSignedIn for getTokens
/// - Then:
/// - I should get an a valid session with the following details:
/// - isSignedIn = false
/// - aws credentails = valid values
/// - identity id = valid values
/// - cognito tokens = signedOut
///
func testFetchSessionWithAuthorizationInErrorState() async throws {

let initialState = AuthState.configured(
AuthenticationState.signedOut(.testData),
AuthorizationState.error(.sessionError(.service(AuthError.unknown("error")), .noCredentials)))

let getId: MockIdentity.MockGetIdResponse = { _ in
return .init(identityId: "mockIdentityId")
}

let getCredentials: MockIdentity.MockGetCredentialsResponse = { _ in
let credentials = CognitoIdentityClientTypes.Credentials(accessKeyId: "accessKey",
expiration: Date(),
secretKey: "secret",
sessionToken: "session")
return .init(credentials: credentials, identityId: "responseIdentityID")
}

let plugin = configurePluginWith(identityPool: {
MockIdentity(mockGetIdResponse: getId,
mockGetCredentialsResponse: getCredentials) },
initialState: initialState)

let session = try await plugin.fetchAuthSession(options: AuthFetchSessionRequest.Options())
XCTAssertFalse(session.isSignedIn)

let creds = try? (session as? AuthAWSCredentialsProvider)?.getAWSCredentials().get()
XCTAssertNotNil(creds?.accessKeyId)
XCTAssertNotNil(creds?.secretAccessKey)

let identityId = try? (session as? AuthCognitoIdentityProvider)?.getIdentityId().get()
XCTAssertNotNil(identityId)

let tokensResult = (session as? AuthCognitoTokensProvider)?.getCognitoTokens()
guard case .failure(let error) = tokensResult,
case .signedOut = error else {
XCTFail("Should return signed out error")
return
}
}

/// Test signedOut state credential refresh
///
/// - Given: Given an auth plugin with signedOut state and expired AWS credentials
Expand Down

0 comments on commit f494bef

Please sign in to comment.