cognito_rails 0.1.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 48fe70f5578d90db88e1a7546f12a16a3b24941bf20a2e8bb4a37b24b3678adc
-  data.tar.gz: 5463df9f063b8b986ca1ef49d0f9a8efce22862854e7e74cb4aee77a8f101fea
+  metadata.gz: 1b69f6c8db91a764df6878e0de53feb9879f7509e79bf0d406e6fe9522f96e61
+  data.tar.gz: f44a4f4dfce641e54493730c9f183c9bd2f6a2e73fe4cd0c7a60d084b6d0d09a
 SHA512:
-  metadata.gz: '058bb0a9820ee032ca2d56f7c3954c5acb434543d599ddf3aedb029e2c8b6e06b9d93445a9989248c0a9223cc5038a91cd680313d7d1735837c18826a3008999'
-  data.tar.gz: 5fa75f4e6109b4144a33759340672eee19253d33ba8e9c167b0c4187b85f7b736d8129cfd22221188119c793f8250d550b36ba49b55742d47133ec9fd7d4ec14
+  metadata.gz: 17551dd1de906fd5813214f4fdd98bd49f7d4503138cfa5cd9beedc235707dc00b000d356e090a154b7de0c08e692553154b273d50236b31f455903044c97594
+  data.tar.gz: ee07b9c1b821bc601ac2c62d4268392783e5f687da1d9b810d6160f64c5b7f3546ffd7e5998f05a5a03fc2326bd162e338e0be2ceda461d2cae1152072e44ec8

data/lib/cognito_rails/config.rb

@@ -5,26 +5,21 @@ require 'logger'
 module CognitoRails
   class Config
     class << self
-      # @raise [RuntimeError] if not set
       # @return [String] AWS access key id
-      def aws_access_key_id
-        # @type [String,nil]
-        @aws_access_key_id || (raise 'Missing config aws_access_key_id')
+      def aws_client_credentials
+        @aws_client_credentials || {}
       end
 
-      # @!attribute aws_access_key_id [w]
-      #   @return [String]
+      # @!attribute aws_client_credentials [w]
+      #   @return [Hash]
       # @!attribute aws_region [w]
       #   @return [String]
-      # @!attribute aws_secret_access_key [w]
-      #   @return [String]
       # @!attribute aws_user_pool_id [w]
       #   @return [String]
       # @!attribute default_user_class [w]
       #   @return [String,nil]
-      attr_writer :aws_access_key_id, :skip_model_hooks, :aws_region,
-                  :aws_secret_access_key, :aws_user_pool_id,
-                  :default_user_class
+      attr_writer :aws_client_credentials, :skip_model_hooks, :aws_region,
+                  :aws_user_pool_id, :default_user_class, :password_generator
 
       # @return [Boolean] skip model hooks
       def skip_model_hooks
@@ -43,12 +38,6 @@ module CognitoRails
         @aws_region || (raise 'Missing config aws_region')
       end
 
-      # @return [String] AWS secret access key
-      # @raise [RuntimeError] if not set
-      def aws_secret_access_key
-        @aws_secret_access_key || (raise 'Missing config aws_secret_access_key')
-      end
-
       # @return [String] AWS user pool id
       # @raise [RuntimeError] if not set
       def aws_user_pool_id
@@ -60,6 +49,10 @@ module CognitoRails
       def default_user_class
         @default_user_class || (raise 'Missing config default_user_class')
       end
+
+      def password_generator
+        @password_generator || CognitoRails::PasswordGenerator.method(:generate)
+      end
     end
   end
 end

data/lib/cognito_rails/model.rb

@@ -23,6 +23,55 @@ module CognitoRails
       end
     end
 
+    # rubocop:disable Metrics/BlockLength
+    class_methods do
+      # @return [Array<ActiveRecord::Base>] all users
+      # @raise [CognitoRails::Error] if failed to fetch users
+      # @raise [ActiveRecord::RecordInvalid] if failed to save user
+      def sync_from_cognito!
+        response = User.all
+        response.users.map do |user_data|
+          sync_user!(user_data)
+        end
+      end
+
+      # @return [Array<ActiveRecord::Base>] all users
+      # @raise [CognitoRails::Error] if failed to fetch users
+      # @raise [ActiveRecord::RecordInvalid] if failed to save user
+      def sync_to_cognito!
+        find_each.map do |user|
+          user.init_cognito_user
+          user.save!
+        end
+      end
+
+      private
+
+      def sync_user!(user_data)
+        external_id = user_data.username
+        return if external_id.blank?
+
+        user = find_or_initialize_by(_cognito_attribute_name => external_id)
+        user.email = User.extract_cognito_attribute(user_data.attributes, :email)
+        user.phone = User.extract_cognito_attribute(user_data.attributes, :phone_number) if user.respond_to?(:phone)
+        _cognito_resolve_custom_attribute(user, user_data)
+
+        user.save!
+        user
+      end
+
+      def _cognito_resolve_custom_attribute(user, user_data)
+        _cognito_custom_attributes.each do |attribute|
+          next if attribute[:value].is_a?(String)
+
+          value = User.extract_cognito_attribute(user_data.attributes, attribute[:name])
+          next unless value
+
+          user[attribute[:name].gsub('custom:', '')] = value
+        end
+      end
+    end
+
     # @return [String]
     def cognito_external_id
       self[self.class._cognito_attribute_name]
@@ -43,12 +92,17 @@ module CognitoRails
     def init_cognito_user
       return if cognito_external_id.present?
 
+      cognito_user = User.new(init_attributes)
+      cognito_user.save!
+      self.cognito_external_id = cognito_user.id
+    end
+
+    def init_attributes
       attrs = { email: email, user_class: self.class }
       attrs[:phone] = phone if respond_to?(:phone)
+      attrs[:password] = password if respond_to?(:password)
       attrs[:custom_attributes] = instance_custom_attributes
-      cognito_user = User.new(attrs)
-      cognito_user.save!
-      self.cognito_external_id = cognito_user.id
+      attrs
     end
 
     # @return [Array<Hash>]

data/lib/cognito_rails/password_generator.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module CognitoRails
+  class PasswordGenerator
+    NUMERIC = (0..9).to_a.freeze
+    LOWER_CASE = ('a'..'z').to_a.freeze
+    UPPER_CASE = ('A'..'Z').to_a.freeze
+    SPECIAL = [
+      '^', '$', '*', '.', '[', ']', '{', '}',
+      '(', ')', '?', '"', '!', '@', '#', '%',
+      '&', '/', '\\', ',', '>', '<', "'", ':',
+      ';', '|', '_', '~', '`', '=', '+', '-'
+    ].freeze
+
+    # Generates a random password given a length range
+    #
+    # @param range [Range]
+    # @return [String]
+    def self.generate(range = 8..16)
+      password_length = rand(range)
+      numeric_count = rand(1..(password_length-3))
+
+      lower_case_count = rand(1..(password_length-(numeric_count+2)))
+      upper_case_count = rand(1..(password_length-(numeric_count + lower_case_count + 1)))
+      special_count = password_length-(numeric_count + lower_case_count + upper_case_count)
+
+      numeric_characters = numeric_count.times.map { NUMERIC.sample }
+      lower_case_characters = lower_case_count.times.map { LOWER_CASE.sample }
+      upper_case_characters = upper_case_count.times.map { UPPER_CASE.sample }
+      special_characters = special_count.times.map { SPECIAL.sample }
+
+      (numeric_characters + lower_case_characters + upper_case_characters + special_characters).shuffle.join
+    end
+  end
+end

data/lib/cognito_rails/user.rb

@@ -39,7 +39,7 @@ module CognitoRails
     def initialize(attributes = {})
       attributes = attributes.with_indifferent_access
       self.email = attributes[:email]
-      self.password = SecureRandom.urlsafe_base64 || attributes[:password]
+      self.password = attributes[:password] || Config.password_generator.call
       self.phone = attributes[:phone]
       self.user_class = attributes[:user_class] || Config.default_user_class.constantize
       self.custom_attributes = attributes[:custom_attributes]
@@ -57,11 +57,15 @@ module CognitoRails
       )
       user = new(user_class: user_class)
       user.id = result.username
-      user.email = result.user_attributes.find { |attribute| attribute[:name] == 'email' }[:value]
-      user.phone = result.user_attributes.find { |attribute| attribute[:name] == 'phone_number' }&.dig(:value)
+      user.email = extract_cognito_attribute(result.user_attributes, :email)
+      user.phone = extract_cognito_attribute(result.user_attributes, :phone_number)
       user
     end
 
+    def self.all
+      cognito_client.list_users(user_pool_id: CognitoRails::Config.aws_user_pool_id)
+    end
+
     # @param attributes [Hash]
     # @option attributes [String] :email
     # @option attributes [String] :password
@@ -138,6 +142,18 @@ module CognitoRails
       destroy || (raise ActiveRecord::RecordInvalid, self)
     end
 
+    # @return [Aws::CognitoIdentityProvider::Client]
+    # @raise [RuntimeError]
+    def self.cognito_client
+      @cognito_client ||= Aws::CognitoIdentityProvider::Client.new(
+        { region: CognitoRails::Config.aws_region }.merge(CognitoRails::Config.aws_client_credentials)
+      )
+    end
+
+    def self.extract_cognito_attribute(attributes, column)
+      attributes.find { |attribute| attribute[:name] == column.to_s }&.dig(:value)
+    end
+
     private
 
     # @return [Aws::CognitoIdentityProvider::Client]
@@ -155,18 +171,6 @@ module CognitoRails
       user_class._cognito_verify_phone
     end
 
-    # @return [Aws::CognitoIdentityProvider::Client]
-    # @raise [RuntimeError]
-    def self.cognito_client
-      raise 'Can\'t create user in test mode' if Rails.env.test?
-
-      @cognito_client ||= Aws::CognitoIdentityProvider::Client.new(
-        access_key_id: CognitoRails::Config.aws_access_key_id,
-        secret_access_key: CognitoRails::Config.aws_secret_access_key,
-        region: CognitoRails::Config.aws_region
-      )
-    end
-
     # @return [Array<Hash>]
     def general_user_attributes
       [

data/lib/cognito_rails/version.rb

@@ -2,5 +2,5 @@
 
 module CognitoRails
   # @return [String] gem version
-  VERSION = '0.1.0'
+  VERSION = '1.1.0'
 end

data/lib/cognito_rails.rb

@@ -15,6 +15,7 @@ module CognitoRails
   autoload :Model
   autoload :User
   autoload :JWT
+  autoload :PasswordGenerator
 
   # @private
   module ModelInitializer

data/spec/cognito_rails/controller_spec.rb

@@ -1,8 +1,6 @@
 require 'spec_helper'
 
-# rubocop:disable Metrics/BlockLength
 RSpec.describe CognitoRails::Controller, type: :model do
-  # rubocop:enable Metrics/BlockLength
   include CognitoRails::Helpers
 
   context 'with an API controller' do

data/spec/cognito_rails/jwt_spec.rb

@@ -2,9 +2,7 @@
 
 require 'spec_helper'
 
-# rubocop:disable Metrics/BlockLength
 RSpec.describe CognitoRails::JWT, type: :model do
-  # rubocop:enable Metrics/BlockLength
   before do
     allow(URI).to receive(:open).and_return(double(read: jwks))
   end

data/spec/cognito_rails/password_generator_spec.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe CognitoRails::PasswordGenerator do
+  it 'generates a password' do
+    expect(described_class.generate).to be_a(String)
+  end
+
+  it 'generates a password with the correct length' do
+    1000.times do
+      expect(described_class.generate(8..8).length).to eq(8)
+    end
+  end
+
+  it 'contains at least one letter, one number, one upper case letter, one symbol' do
+    1000.times do
+      password = described_class.generate
+      expect(password).to match(/[a-z]/)
+      expect(password).to match(/[A-Z]/)
+      expect(password).to match(/[0-9]/)
+      include_symbol = CognitoRails::PasswordGenerator::SPECIAL.any? do |symbol|
+        password.include?(symbol)
+      end
+      expect(include_symbol).to be_truthy
+    end
+  end
+end

data/spec/cognito_rails/user_spec.rb

@@ -2,7 +2,6 @@
 
 require 'spec_helper'
 
-# rubocop:disable Metrics/BlockLength
 RSpec.describe CognitoRails::User, type: :model do
   include CognitoRails::Helpers
 
@@ -83,6 +82,34 @@ RSpec.describe CognitoRails::User, type: :model do
       user.destroy!
     end
 
+    it 'uses the password generator defined in config' do
+      CognitoRails::Config.password_generator = -> { 'ciao' }
+      expect(CognitoRails::User).to receive(:cognito_client).at_least(:once).and_return(fake_cognito_client)
+
+      expect(fake_cognito_client).to receive(:admin_create_user).with(
+        hash_including(
+          temporary_password: 'ciao'
+        )
+      )
+      user = User.new(email: sample_cognito_email)
+      user.save!
+    ensure
+      CognitoRails::Config.password_generator = nil
+    end
+
+    it 'uses the custom password passed as parameter' do
+      expect(CognitoRails::User).to receive(:cognito_client).at_least(:once).and_return(fake_cognito_client)
+
+      expect(fake_cognito_client).to receive(:admin_create_user).with(
+        hash_including(
+          temporary_password: '12345678'
+        )
+      )
+      user = User.new(email: sample_cognito_email)
+      user.password = '12345678'
+      user.save!
+    end
+
     it 'saves custom attributes in cognito' do
       expect(CognitoRails::User).to receive(:cognito_client).at_least(:once).and_return(fake_cognito_client)
 
@@ -111,6 +138,42 @@ RSpec.describe CognitoRails::User, type: :model do
     end
   end
 
+  context 'class methods' do
+    before do
+      expect(CognitoRails::User).to receive(:cognito_client).at_least(:once).and_return(fake_cognito_client)
+    end
+
+    it '#sync_from_cognito!' do
+      expect(fake_cognito_client).to receive(:list_users).and_return(
+        OpenStruct.new(
+          users: [
+            build_cognito_user_data('some@example.com'),
+            build_cognito_user_data('some2@example.com')
+          ],
+          pagination_token: nil
+        )
+      )
+
+      expect do
+        users = User.sync_from_cognito!
+
+        expect(users).to be_a(Array)
+        expect(users.size).to eq(2)
+        expect(users.first).to be_a(User)
+      end.to change { User.count }.by(2)
+
+      expect(User.pluck(:email)).to match_array(['some@example.com', 'some2@example.com'])
+      expect(User.pluck(:name)).to match_array(['Giovanni', 'Giovanni'])
+    end
+
+    it '#sync_to_cognito!' do
+      User.create!(email: sample_cognito_email)
+
+      expect_any_instance_of(User).to receive(:init_cognito_user).exactly(1).times
+      User.sync_to_cognito!
+    end
+  end
+
   context 'admin' do
     before do
       expect(CognitoRails::User).to receive(:cognito_client).at_least(:once).and_return(fake_cognito_client)

data/spec/spec_helper.rb

@@ -11,16 +11,17 @@ require 'factories/user'
 I18n.enforce_available_locales = false
 RSpec::Expectations.configuration.warn_about_potential_false_positives = false
 
-Dir[File.expand_path('../support/*.rb', __FILE__)].each { |f| require f }
+Dir[File.expand_path('../support/*.rb', __FILE__)].sort.each { |f| require f }
 
-CognitoRails::Config.aws_access_key_id = 'access_key_id'
+CognitoRails::Config.aws_client_credentials = {
+  access_key_id: 'access_key_id',
+  secret_access_key: 'secret_access_key'
+}
 CognitoRails::Config.aws_region = 'region'
-CognitoRails::Config.aws_secret_access_key = 'secret_access_key'
 CognitoRails::Config.aws_user_pool_id = 'user_pool_id'
 CognitoRails::Config.default_user_class = 'User'
 
 RSpec.configure do |config|
-
   config.include FactoryBot::Syntax::Methods
 
   config.before(:suite) do

data/spec/support/cognito_helpers.rb

@@ -40,4 +40,24 @@ module CognitoRails::Helpers
       client
     end
   end
+
+  def build_cognito_user_data(email)
+    OpenStruct.new(
+      username: SecureRandom.uuid,
+      user_status: 'CONFIRMED',
+      enabled: true,
+      user_last_modified_date: Time.now,
+      attributes: [
+        OpenStruct.new(
+          name: 'email',
+          value: email
+        ),
+        OpenStruct.new(
+          name: 'custom:name',
+          value: 'Giovanni'
+        )
+      ],
+      mfa_options: []
+    )
+  end
 end

data/spec/support/schema.rb

@@ -13,6 +13,8 @@ class User < ActiveRecord::Base
   cognito_verify_email
   define_cognito_attribute 'role', 'user'
   define_cognito_attribute 'name', :name
+
+  attr_accessor :password
 end
 
 class Admin < ActiveRecord::Base

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cognito_rails
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Mònade
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-03-27 00:00:00.000000000 Z
+date: 2023-04-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -97,10 +97,12 @@ files:
 - lib/cognito_rails/controller.rb
 - lib/cognito_rails/jwt.rb
 - lib/cognito_rails/model.rb
+- lib/cognito_rails/password_generator.rb
 - lib/cognito_rails/user.rb
 - lib/cognito_rails/version.rb
 - spec/cognito_rails/controller_spec.rb
 - spec/cognito_rails/jwt_spec.rb
+- spec/cognito_rails/password_generator_spec.rb
 - spec/cognito_rails/user_spec.rb
 - spec/factories/user.rb
 - spec/spec_helper.rb
@@ -133,6 +135,7 @@ summary: Add Cognito authentication to your Rails API
 test_files:
 - spec/cognito_rails/controller_spec.rb
 - spec/cognito_rails/jwt_spec.rb
+- spec/cognito_rails/password_generator_spec.rb
 - spec/cognito_rails/user_spec.rb
 - spec/factories/user.rb
 - spec/spec_helper.rb