Revert "refactor: use a prefix matching for the claim in subscriptions (

#10199)" (#10264) This reverts commit 22386de.
aws-amplify · Apr 22, 2022 · eff77da · eff77da
1 parent a59b89e
commit eff77da
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 22 deletions.
diff --git a/packages/amplify-graphql-auth-transformer/src/__tests__/owner-auth.test.ts b/packages/amplify-graphql-auth-transformer/src/__tests__/owner-auth.test.ts
@@ -93,13 +93,13 @@ test('owner field with subscriptions', () => {
 
   // expect logic in the resolvers to check for postOwner args as an allowed owner
   expect(out.resolvers['Subscription.onCreatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner, null) )',
   );
   expect(out.resolvers['Subscription.onUpdatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner, null) )',
   );
   expect(out.resolvers['Subscription.onDeletePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner, null) )',
   );
 });
 
@@ -137,24 +137,24 @@ test('multiple owner rules with subscriptions', () => {
 
   // expect logic in the resolvers to check for owner args as an allowedOwner
   expect(out.resolvers['Subscription.onCreatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner, null) )',
   );
   expect(out.resolvers['Subscription.onUpdatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner, null) )',
   );
   expect(out.resolvers['Subscription.onDeletePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner, null) )',
   );
 
   // expect logic in the resolvers to check for editor args as an allowedOwner
   expect(out.resolvers['Subscription.onCreatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor.split(":")[0], null) )',
+    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor, null) )',
   );
   expect(out.resolvers['Subscription.onUpdatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor.split(":")[0], null) )',
+    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor, null) )',
   );
   expect(out.resolvers['Subscription.onDeletePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor.split(":")[0], null) )',
+    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor, null) )',
   );
 });
 

diff --git a/packages/amplify-graphql-auth-transformer/src/resolvers/subscriptions.ts b/packages/amplify-graphql-auth-transformer/src/resolvers/subscriptions.ts
@@ -35,19 +35,16 @@ const dynamicRoleExpression = (roles: Array<RoleDefinition>): Array<Expression>
   // we only check against owner rules which are not list fields
   roles.forEach((role, idx) => {
     if (role.strategy === 'owner') {
-      const roleClaims = role.claim!.split(':');
-      ownerExpression.push(set(ref(`ownerEntity${idx}`), methodCall(ref('util.defaultIfNull'), ref(`ctx.args.${role.entity!}.split(":")[0]`), nul())));
-      roleClaims.forEach((claim, secIdx) => {
-        ownerExpression.push(
-          iff(
-            not(ref(IS_AUTHORIZED_FLAG)),
-            compoundExpression([
-              set(ref(`ownerClaim${idx}_${secIdx}`), getOwnerClaim(claim)),
-              iff(equals(ref(`ownerEntity${idx}`), ref(`ownerClaim${idx}_${secIdx}`)), set(ref(IS_AUTHORIZED_FLAG), bool(true))),
-            ]),
-          ),
-        );
-      });
+      ownerExpression.push(
+        iff(
+          not(ref(IS_AUTHORIZED_FLAG)),
+          compoundExpression([
+            set(ref(`ownerEntity${idx}`), methodCall(ref('util.defaultIfNull'), ref(`ctx.args.${role.entity!}`), nul())),
+            set(ref(`ownerClaim${idx}`), getOwnerClaim(role.claim!)),
+            iff(equals(ref(`ownerEntity${idx}`), ref(`ownerClaim${idx}`)), set(ref(IS_AUTHORIZED_FLAG), bool(true))),
+          ]),
+        ),
+      );
     }
   });