fix(Authenticator): Handling expired sessions

aws-amplify · Aug 12, 2024 · 087051b · 087051b
1 parent 6561a42
commit 087051b
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,9 +1,14 @@
 # Changelog
 
+## 1.1.6 (2024-08-13)
+
+### Bug Fixes
+- **Authenticator**: Properly handling expired sessions when loading the component (#87)
+
 ## 1.1.5 (2024-07-02)
 
 ### Bug Fixes
-- **Authenticator**: Settting corner radius according to the theme (#84)
+- **Authenticator**: Setting corner radius according to the theme (#84)
 
 ## 1.1.4 (2024-06-07)
 

diff --git a/Sources/Authenticator/Configuration/AmplifyConfiguration.swift b/Sources/Authenticator/Configuration/AmplifyConfiguration.swift
@@ -106,11 +106,25 @@ struct AmplifyConfiguration {
             }
         }
 
+        var hasIdentityPool = false
+        if let cognitoConfiguration = configuration.value(at: "CredentialsProvider.CognitoIdentity.Default"),
+           case .string(let poolId) = cognitoConfiguration["PoolId"], !poolId.isEmpty {
+            hasIdentityPool = true
+        }
+
+        var hasUserPool = false
+        if let cognitoConfiguration = configuration.value(at: "CognitoUserPool.Default"),
+           case .string(let poolId) = cognitoConfiguration["PoolId"], !poolId.isEmpty {
+            hasUserPool = true
+        }
+
         self.cognito = CognitoConfiguration(
             usernameAttributes: usernameAttributes,
             signupAttributes: signUpAttributes,
             passwordProtectionSettings: passwordProtectionSettings,
-            verificationMechanisms: verificationMechanisms
+            verificationMechanisms: verificationMechanisms,
+            hasUserPool: hasUserPool,
+            hasIdentityPool: hasIdentityPool
         )
     }
 }
@@ -179,12 +193,18 @@ struct CognitoConfiguration {
         return .username
     }
 
+    var hasUserPool: Bool
+    var hasIdentityPool: Bool
+
     static var empty: CognitoConfiguration {
         .init(
             usernameAttributes: [],
             signupAttributes: [],
             passwordProtectionSettings: .init(minLength: 0, characterPolicy: []),
-            verificationMechanisms: [])
+            verificationMechanisms: [],
+            hasUserPool: false,
+            hasIdentityPool: false
+        )
     }
 }
 

diff --git a/Sources/Authenticator/Constants/ComponentInformation.swift b/Sources/Authenticator/Constants/ComponentInformation.swift
@@ -8,6 +8,6 @@
 import Foundation
 
 public class ComponentInformation {
-    public static let version = "1.1.5"
+    public static let version = "1.1.6"
     public static let name = "amplify-ui-swift-authenticator"
 }
diff --git a/Sources/Authenticator/Models/AuthenticatorState.swift b/Sources/Authenticator/Models/AuthenticatorState.swift
@@ -88,9 +88,20 @@ public class AuthenticatorState: ObservableObject, AuthenticatorStateProtocol {
             let authSession = try await authenticationService.fetchAuthSession(options: nil)
 
             if authSession.isSignedIn {
-                let user = try await authenticationService.getCurrentUser()
-                log.info("The user is signed in, going to signedIn step")
-                setCurrentStep(.signedIn(user: user))
+                // The user has previously signed in, but validate if they still have valid credentials
+                guard let cognitoSession = authSession as? AWSAuthCognitoSession else {
+                    // In the unlikely case of this happening, honour the `isSignedIn` flag
+                    try await setSignedInStep()
+                    return
+                }
+
+                if hasValidCredentials(session: cognitoSession) {
+                    try await setSignedInStep()
+                } else {
+                    log.info("The user's credentials have expired. Signing out and going to signedOut step")
+                    _ = await Amplify.Auth.signOut()
+                    setCurrentStep(signedOutStep)
+                }
             } else {
                 log.info("The user is not signed in, going to signedOut step")
                 setCurrentStep(signedOutStep)
@@ -103,6 +114,26 @@ public class AuthenticatorState: ObservableObject, AuthenticatorStateProtocol {
         }
     }
 
+    private func hasValidCredentials(session: AWSAuthCognitoSession) -> Bool {
+        if configuration.hasIdentityPool, case .failure(_) = session.getIdentityId() {
+            log.verbose("Could not fetch Identity ID")
+            return false
+        }
+
+        if configuration.hasUserPool, case .failure(_) = session.getCognitoTokens(){
+            log.verbose("Could not fetch Cognito Tokens")
+            return false
+        }
+
+        return true
+    }
+
+    private func setSignedInStep() async throws {
+        log.info("The user is signed in, going to signedIn step")
+        let user = try await authenticationService.getCurrentUser()
+        setCurrentStep(.signedIn(user: user))
+    }
+
     private func setUserAgentSuffix() {
         guard let plugin = try? Amplify.Auth.getPlugin(for: "awsCognitoAuthPlugin") as? AWSCognitoAuthPlugin else {
             log.error("Unable to retrieve the AWSCognitoAuthPlugin")