From 9c6057f9e11726b6a811122cf2ec74d50e641e65 Mon Sep 17 00:00:00 2001 From: Armando Luja Date: Thu, 23 May 2024 12:43:36 -0700 Subject: [PATCH] chore: update tests --- packages/auth-construct/src/construct.test.ts | 18 +++-- packages/auth-construct/src/construct.ts | 76 +++++++++++++------ 2 files changed, 64 insertions(+), 30 deletions(-) diff --git a/packages/auth-construct/src/construct.test.ts b/packages/auth-construct/src/construct.test.ts index 285b29612c..c55317c56f 100644 --- a/packages/auth-construct/src/construct.test.ts +++ b/packages/auth-construct/src/construct.test.ts @@ -753,7 +753,10 @@ void describe('Auth construct', () => { authConstruct.node.findChild('UserPoolAppClient') as UserPoolClient ).userPoolClientId; const expectedRegion = Stack.of(authConstruct).region; - + const expectedCognitoDomain = + authConstruct.resources.userPool.node['_children']['UserPoolDomain'][ + 'domainName' + ]; const storeOutputArgs = storeOutputMock.mock.calls[0].arguments; assert.equal(storeOutputArgs.length, 2); const oidcProviders = authConstruct['providerSetupResult']['oidc']; @@ -788,8 +791,8 @@ void describe('Auth construct', () => { verificationMechanisms: '["email"]', usernameAttributes: '["email"]', oauthClientId: expectedWebClientId, // same thing - oauthCognitoDomain: `test-prefix.auth.${expectedRegion}.amazoncognito.com`, - oauthScope: '["email","profile"]', + oauthCognitoDomain: expectedCognitoDomain, + oauthScope: '["email","profile","openid"]', oauthRedirectSignIn: 'http://callback.com', oauthRedirectSignOut: 'http://logout.com', oauthResponseType: 'code', @@ -831,7 +834,10 @@ void describe('Auth construct', () => { authConstruct.node.findChild('UserPoolAppClient') as UserPoolClient ).userPoolClientId; const expectedRegion = Stack.of(authConstruct).region; - + const expectedCognitoDomain = + authConstruct.resources.userPool.node['_children']['UserPoolDomain'][ + 'domainName' + ]; const storeOutputArgs = storeOutputMock.mock.calls[0].arguments; assert.equal(storeOutputArgs.length, 2); assert.deepStrictEqual(storeOutputArgs, [ @@ -851,8 +857,8 @@ void describe('Auth construct', () => { verificationMechanisms: '["email"]', usernameAttributes: '["email"]', oauthClientId: expectedWebClientId, // same thing - oauthCognitoDomain: `test-prefix.auth.${expectedRegion}.amazoncognito.com`, - oauthScope: '["email","profile"]', + oauthCognitoDomain: expectedCognitoDomain, + oauthScope: '["email","profile","openid"]', oauthRedirectSignIn: 'http://callback.com', oauthRedirectSignOut: 'http://logout.com', oauthResponseType: 'code', diff --git a/packages/auth-construct/src/construct.ts b/packages/auth-construct/src/construct.ts index 268af3c9be..de31384703 100644 --- a/packages/auth-construct/src/construct.ts +++ b/packages/auth-construct/src/construct.ts @@ -44,7 +44,6 @@ import * as path from 'path'; type DefaultRoles = { auth: Role; unAuth: Role }; type IdentityProviderSetupResult = { oAuthMappings: Record; - providersList: string[]; oAuthSettings: cognito.OAuthSettings | undefined; google?: UserPoolIdentityProviderGoogle; facebook?: UserPoolIdentityProviderFacebook; @@ -636,7 +635,6 @@ export class AmplifyAuth const shouldMapEmailAttributes = loginOptions.email && !loginOptions.phone; const result: IdentityProviderSetupResult = { oAuthMappings: {}, - providersList: [], oAuthSettings: { flows: DEFAULTS.OAUTH_FLOWS, }, @@ -681,7 +679,6 @@ export class AmplifyAuth ); result.oAuthMappings[oauthProviderToProviderDomainMap.google] = external.google.clientId; - result.providersList.push('GOOGLE'); } if (external.facebook) { result.facebook = new cognito.UserPoolIdentityProviderFacebook( @@ -704,7 +701,6 @@ export class AmplifyAuth ); result.oAuthMappings[oauthProviderToProviderDomainMap.facebook] = external.facebook.clientId; - result.providersList.push('FACEBOOK'); } if (external.loginWithAmazon) { result.amazon = new cognito.UserPoolIdentityProviderAmazon( @@ -727,7 +723,6 @@ export class AmplifyAuth ); result.oAuthMappings[oauthProviderToProviderDomainMap.amazon] = external.loginWithAmazon.clientId; - result.providersList.push('LOGIN_WITH_AMAZON'); } if (external.signInWithApple) { result.apple = new cognito.UserPoolIdentityProviderApple( @@ -750,7 +745,6 @@ export class AmplifyAuth ); result.oAuthMappings[oauthProviderToProviderDomainMap.apple] = external.signInWithApple.clientId; - result.providersList.push('SIGN_IN_WITH_APPLE'); } if (external.oidc && external.oidc.length > 0) { result.oidc = []; @@ -790,7 +784,6 @@ export class AmplifyAuth } ); result.oidc?.push(generatedProvider); - result.providersList.push(generatedProvider.providerName); }); } if (external.saml) { @@ -815,7 +808,6 @@ export class AmplifyAuth name: saml.name, } ); - result.providersList.push('SAML'); } // Always generate a domain prefix if external provider is configured @@ -915,7 +907,18 @@ export class AmplifyAuth .allowUnauthenticatedIdentities === true ? 'true' : 'false', + // socialProviders: Lazy.string({ + // produce: () => { + // const getProviders = () => { + + // } + // return undefined; + // }; + // return getProviders(); + // }, + // }), }; + const cfnUserPool = this.resources.cfnResources.cfnUserPool; // extract signupAttributes from UserPool schema's required attributes const requiredAttributes: string[] = []; @@ -969,37 +972,62 @@ export class AmplifyAuth }); output.mfaTypes = JSON.stringify(mfaTypes); - if (this.providerSetupResult.providersList.length > 0) { - output.socialProviders = JSON.stringify( - this.providerSetupResult.providersList - ); + const outputProviders = []; + const userPoolProviders = this.resources.userPool.identityProviders; + if (userPoolProviders) { + for (const provider of userPoolProviders) { + const providerType = + provider.node['_children']['Resource']['providerType']; + + if (providerType === 'Google') { + outputProviders.push('GOOGLE'); + } + if (providerType === 'Facebook') { + outputProviders.push('FACEBOOK'); + } + if (providerType === 'SignInWithApple') { + outputProviders.push('SIGN_IN_WITH_APPLE'); + } + if (providerType === 'LoginWithAmazon') { + outputProviders.push('LOGIN_WITH_AMAZON'); + } + if (providerType === 'OIDC') { + outputProviders.push(provider.providerName); + } + if (providerType === 'SAML') { + outputProviders.push('SAML'); + } + } + if (outputProviders.length > 0) { + output.socialProviders = JSON.stringify(outputProviders); + } } //TODO: extract callback URLs from cfn and remove this block below // if callback URLs are configured, we must expose the oauth settings to the output if ( - //cfnUserPoolClient.callbackUrLs this.providerSetupResult.oAuthSettings && this.providerSetupResult.oAuthSettings.callbackUrls ) { - const oAuthSettings = this.providerSetupResult.oAuthSettings; - if (this.domainPrefix) { - output.oauthCognitoDomain = `${this.domainPrefix}.auth.${ - Stack.of(this).region - }.amazoncognito.com`; + if (this.userPool.node['_children']['UserPoolDomain']) { + output.oauthCognitoDomain = + this.userPool.node['_children']['UserPoolDomain']['domainName']; } + const userPoolClientResource = + this.resources.userPoolClient.node['_children']['Resource']; output.oauthScope = JSON.stringify( - oAuthSettings.scopes?.map((s) => s.scopeName) ?? [] + userPoolClientResource['allowedOAuthScopes'] ?? [] ); - output.oauthRedirectSignIn = oAuthSettings.callbackUrls - ? oAuthSettings.callbackUrls.join(',') + output.oauthRedirectSignIn = userPoolClientResource['callbackUrLs'] + ? userPoolClientResource['callbackUrLs'].join(',') : ''; - output.oauthRedirectSignOut = oAuthSettings.logoutUrls - ? oAuthSettings.logoutUrls.join(',') + output.oauthRedirectSignOut = userPoolClientResource['logoutUrLs'] + ? userPoolClientResource['logoutUrLs'].join(',') : ''; output.oauthClientId = this.resources.userPoolClient.userPoolClientId; - output.oauthResponseType = 'code'; + output.oauthResponseType = + userPoolClientResource['allowedOAuthFlows'].join(','); } outputStorageStrategy.addBackendOutputEntry(authOutputKey, {