test(auth): Updated email is reflected in ID token

aws-amplify · Apr 18, 2023 · 7743676 · 7743676
1 parent d39374e
commit 7743676
Showing 1 changed file with 77 additions and 0 deletions.
diff --git a/packages/auth/amplify_auth_cognito/example/integration_test/fetch_auth_session_test.dart b/packages/auth/amplify_auth_cognito/example/integration_test/fetch_auth_session_test.dart
@@ -15,6 +15,8 @@ void main() {
   initTests();
 
   group('fetchAuthSession', () {
+    tearDown(signOutUser);
+
     group('unauthenticated access enabled', () {
       group('no user pool', () {
         setUpAll(() async {
@@ -331,6 +333,81 @@ void main() {
             reason: 'Token is updated via force refresh',
           );
         });
+
+        asyncTest('force refresh reflects updated email', (_) async {
+          final username = generateUsername();
+          final password = generatePassword();
+          final originalEmail = generateEmail();
+
+          final cognitoUsername = await adminCreateUser(
+            username,
+            password,
+            autoConfirm: true,
+            verifyAttributes: true,
+            attributes: [
+              AuthUserAttribute(
+                userAttributeKey: AuthUserAttributeKey.email,
+                value: originalEmail,
+              ),
+            ],
+          );
+          addTearDown(() => deleteUser(cognitoUsername));
+
+          final res = await Amplify.Auth.signIn(
+            username: username,
+            password: password,
+          );
+          expect(res.nextStep.signInStep, AuthSignInStep.done);
+
+          expect(
+            await getCustomAttributes(),
+            containsPair('email', originalEmail),
+            reason: 'Original email is present in token',
+          );
+
+          final newEmail = generateEmail();
+          final verificationCode = await getOtpCode(
+            UserAttribute.email(newEmail),
+          );
+
+          final attributeRes = await Amplify.Auth.updateUserAttribute(
+            userAttributeKey: AuthUserAttributeKey.email,
+            value: newEmail,
+          );
+          expect(
+            attributeRes.nextStep.updateAttributeStep,
+            AuthUpdateAttributeStep.confirmAttributeWithCode,
+          );
+
+          expect(
+            await getCustomAttributes(),
+            containsPair('email', originalEmail),
+            reason: 'Tokens are not yet refreshed',
+          );
+
+          expect(
+            await getCustomAttributes(forceRefresh: true),
+            allOf([
+              containsPair('email', newEmail),
+              containsPair('email_verified', false),
+            ]),
+            reason: 'New email is not yet confirmed',
+          );
+
+          await Amplify.Auth.confirmUserAttribute(
+            userAttributeKey: AuthUserAttributeKey.email,
+            confirmationCode: await verificationCode.code,
+          );
+
+          expect(
+            await getCustomAttributes(forceRefresh: true),
+            allOf([
+              containsPair('email', newEmail),
+              containsPair('email_verified', true),
+            ]),
+            reason: 'New email is confirmed',
+          );
+        });
       });
     }
   });