feat(cognito): route verification email -> SES, SMS -> SNS; add CustomEmailSender/CustomSMSSender triggers#736
Merged
vieiralucas merged 2 commits intomainfrom Apr 24, 2026
Conversation
…tomEmailSender/CustomSMSSender triggers Cognito previously stored EmailSendingAccount and accepted the verification message templates but never actually dispatched anything. Verification codes generated by SignUp / ResendConfirmationCode / ForgotPassword / GetUserAttributeVerificationCode now route through: - SES for email (visible at /_fakecloud/ses/emails) - SNS for SMS (visible at the new /_fakecloud/sns/sms endpoint) - Or the CustomEmailSender / CustomSMSSender Lambda when configured on the pool (real AWS behavior — these take precedence over the default SES/SNS path). Trigger source coverage increases from 10 to 12 by adding CustomEmailSender and CustomSMSSender (with all their flow variants). DeliveryBus picks up two small new traits — EmailDispatcher and SmsDispatcher — implemented in the server crate against the SES sent_emails table and the SNS sms_messages list, so test code can assert on the dispatched payloads without needing real network delivery. Also adds the SnsSmsResponse / SnsSmsMessage types to the introspection SDK, the Cognito service-page coverage notes, the cross-service integration matrix update, and the README support-table line.
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 12 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="crates/fakecloud-cognito/src/triggers.rs">
<violation number="1" location="crates/fakecloud-cognito/src/triggers.rs:483">
P2: Custom SMS sender events are emitted with the email request type (`customEmailSenderRequestV1`) instead of `customSMSSenderRequestV1`.</violation>
</file>
<file name="crates/fakecloud-cognito/src/service/auth.rs">
<violation number="1" location="crates/fakecloud-cognito/src/service/auth.rs:1712">
P2: The new SignUp verification path does not invoke `CustomMessage_SignUp`, so pools that rely on that trigger won't run their sign-up message customization logic.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| .find(|a| a.name == "email") | ||
| .map(|a| a.value.clone()) | ||
| { | ||
| self.dispatch_verification_email( |
There was a problem hiding this comment.
P2: The new SignUp verification path does not invoke CustomMessage_SignUp, so pools that rely on that trigger won't run their sign-up message customization logic.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At crates/fakecloud-cognito/src/service/auth.rs, line 1712:
<comment>The new SignUp verification path does not invoke `CustomMessage_SignUp`, so pools that rely on that trigger won't run their sign-up message customization logic.</comment>
<file context>
@@ -1685,6 +1685,43 @@ impl CognitoService {
+ .find(|a| a.name == "email")
+ .map(|a| a.value.clone())
+ {
+ self.dispatch_verification_email(
+ &pool_id,
+ Some(client_id),
</file context>
Two findings from Cubic on PR #736: - `customSMSSenderRequestV1` was being emitted as `customEmailSenderRequestV1`. The build_custom_sender_event helper now picks the right request type based on the trigger source. - The new SignUp verification path skipped the CustomMessage_SignUp Lambda. Routing now invokes the trigger synchronously and uses its `emailSubject` / `emailMessage` response to override the default templates before sending through SES, matching AWS. Same wiring is applied for ForgotPassword / ResendCode / VerifyUserAttribute since they share the dispatch helper.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the Cognito-side gap from the integrations audit. Verification codes generated by Cognito now actually go somewhere instead of being silently swallowed:
SignUp/ResendConfirmationCode/ForgotPassword/GetUserAttributeVerificationCode(email attr) dispatch through SES, observable atGET /_fakecloud/ses/emails.GetUserAttributeVerificationCode(phone attr) dispatches through SNS, observable at the newGET /_fakecloud/sns/sms.TriggerSourceenum (full set of 12 now wired).Architecture: two new tiny traits in
fakecloud-core(EmailDispatcher,SmsDispatcher) keep the Cognito crate from taking direct deps on SES/SNS. The server crate provides the impls that write into the SESsent_emailstable and the SNSsms_messageslist.Test plan
dispatch_verification_email/dispatch_verification_smspathscognito_signup_dispatches_verification_email_via_ses— round-trips the verification code from/_fakecloud/cognito/confirmation-codesto the SES sent-emails bodycognito_get_user_attribute_phone_dispatches_sms_via_sns— phone-attribute verification produces an SNS SMS entry with the 6-digit codecognito_custom_email_sender_lambda_takes_precedence_over_ses— pool withLambdaConfig.CustomEmailSenderset suppresses the SES pathcargo clippy --workspace --all-targets -- -D warningscleancargo fmt --checkcleanSummary by cubic
Routes Cognito verification emails through SES and SMS through SNS, with
CustomEmailSender/CustomSMSSendertriggers taking precedence to match AWS. InvokesCustomMessageto allow subject/body overrides and adds an SMS introspection endpoint; completes coverage of all 12 Cognito trigger sources.New Features
CustomEmailSender/CustomSMSSenderLambdas take precedence; all 12 trigger sources supported. SignUp now generates a verification code.Bug Fixes
customSMSSenderRequestV1forCustomSMSSenderevents (was incorrectly using the email request type).CustomMessagefor SignUp, ResendConfirmationCode, ForgotPassword, and VerifyUserAttribute so its response can override email subject/body before SES send.Written for commit 692b20c. Summary will update on new commits.