warden-cognito 0.1.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bf59a14b691d78eb16f048087c84307efd4a37789d2f85fe5100523571fcc134
-  data.tar.gz: 0be9c19501448ac6d78498e1570c3e2d763726463ab672d6b4194a5f3836ebf3
+  metadata.gz: 67b38f626935f1b428eade990cec7e0aa79be73de6ecdf12f747a0cf9fca8b9d
+  data.tar.gz: f9e1ae36d5bc9508e02e57c479848d195ad5d47baa01b597f819479dd285d954
 SHA512:
-  metadata.gz: 19570e460e1d0d19b7e8c13d6bef79effaf77abb9770b48c0806bdd156e6357072f670b28cd8044d2ae34cb3f4ad822329942a9b860c7f636889fcb9b7a96b55
-  data.tar.gz: 8170cedc239e47cf814e8ec2fdb5e5a5c89b63443593fcd155a6de440440de5d5c061d3218f211f49bd9b43acbb6885afcd1acd13b403e5438893f8b941c3df3
+  metadata.gz: 185dc40763cc5a39964b9f088cb122597abc78bef86b6937a8a630bb5813bb3cfbaa7bc7a7e32732d8daff9892f1033e30a408b8bf2121376b16b220f6c4afae
+  data.tar.gz: 49917c80e5c75c2a29fc62597e697438e8e21bffe15f53ec4c79ec701f50dc57de8e836f87b16cf39ff5fb6390f0d4a10016167ca7140622d5a97b42b6b336f1

data/.rubocop.yml

@@ -2,6 +2,7 @@ AllCops:
   Exclude:
     - 'bin/*'
     - 'db/**/*'
+    - 'vendor/**/*'
 
 Style/FrozenStringLiteralComment:
   Enabled: false

data/.travis.yml

@@ -3,5 +3,16 @@ sudo: false
 language: ruby
 cache: bundler
 rvm:
-  - 2.6.3
-before_install: gem install bundler -v 1.17.2
+  - 2.6
+  - 2.7
+  - ruby-head
+before_install:
+  - gem update --system --no-doc
+  - gem install bundler
+script:
+  - bundle exec rspec
+  - bundle exec rubocop
+jobs:
+  allow_failures:
+    - rvm: ruby-head
+

data/CHANGELOG.md

@@ -5,4 +5,32 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+
+## [0.3.0]
+- **Breaking Changes**: Configuration explicitly moved to `user_pools` object
+
+## [0.2.3]
+- Require the HTTP dependency
+
+## [0.2.2]
+- Fix missing HTTP dependency
+
+## [0.2.1]
+- Fix rspec dependency in implementation
+
+## [0.2.0]
+- Extended exposed API
+- TestHelpers utils
+- Add Travis setup
+
+## [0.1.0]
+
 - Scratching the gem
+
+[Unreleased]: https://github.com/barkibu/warden-cognito/compare/v0.3.0...HEAD
+[0.3.0]: https://github.com/barkibu/warden-cognito/compare/v0.2.3...v0.3.0
+[0.2.3]: https://github.com/barkibu/warden-cognito/compare/v0.2.2...v0.2.3
+[0.2.2]: https://github.com/barkibu/warden-cognito/compare/v0.2.1...v0.2.2
+[0.2.1]: https://github.com/barkibu/warden-cognito/compare/v0.2.0...v0.2.1
+[0.2.0]: https://github.com/barkibu/warden-cognito/compare/v0.1.0...v0.2.0
+[0.1.0]: https://github.com/barkibu/warden-cognito/releases/tag/v0.1.0

data/README.md

@@ -1,6 +1,6 @@
 # Warden::Cognito
 
-[![Codeship Status for barkibu/warden-cognito](https://app.codeship.com/projects/f305e0e4-e1e3-40ef-90b3-ab7475ed480c/status?branch=master)](https://app.codeship.com/projects/417617)
+[![Build Status](https://travis-ci.com/barkibu/warden-cognito.svg?branch=master)](https://travis-ci.com/barkibu/warden-cognito)
 
 Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/warden/cognito`. To experiment with that code, run `bin/console` for an interactive prompt.
 
@@ -24,31 +24,113 @@ Or install it yourself as:
 
 ## Usage
 
-
-Add to  your initializers the following:
+Configure how the gem maps Cognito users to local ones adding to your initializers the following:
 ```ruby
  Warden::Cognito.configure do |config|
     config.user_repository = User
     config.identifying_attribute = 'sub'
-    config.after_local_user_not_found = ->(cognito_user) { User.create(username: cognito_user.username) }
+    config.after_local_user_not_found = ->(cognito_user, pool_identifier) { User.create(username: cognito_user.username) }
     config.cache =  ActiveSupport::Cache::MemCacheStore.new
+    config.user_pools = { default: {region: 'AWS_REGION', pool_id: 'AWS Cognito UserPool Id', client_id: 'AWS Cognito Client Id'} }
 end
 ```
 
+### With Devise
+
+You can know protects endpoints by settings the available strategies in the Warden section of your Device's configuration:
+```ruby
+  # config/initializers/devise.rb
+  # 
+  # /***/
+  config.warden do |manager|
+    manager.default_strategies(scope: :user).unshift :cognito_auth
+    manager.default_strategies(scope: :user).unshift :cognito_jwt
+    # /***/
+  end
+```
+
 ### User Repository
 
 The user repository will be used to look for an entity to mark as authenticated, it must implement the following:
-- `find_by_cognito_username` that should return the user identified by the given username or nil
-- `find_by_cognito_attribute` that should return the user identified by the given Cognito User attribute (`config.identifying_attribute`) or nil
+- `find_by_cognito_username` that should return the user identified by the given username or nil (receives as second param the pool_identifier)
+- `find_by_cognito_attribute` that should return the user identified by the given Cognito User attribute (`config.identifying_attribute`) or nil (receives as second param the pool_identifier)
+
+### User Model
+
+The user model must expose a message `cognito_id` that returns the `identifying_attribute` for the given user.
 
 ### `after_local_user_not_found` Callback
 
-A callback triggered whenever the user correctly authenticated on Cognito but no local user exists (receives the full [cognito user](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Types/GetUserResponse.html))
+A callback triggered whenever the user correctly authenticated on Cognito but no local user exists (receives the full [cognito user](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Types/GetUserResponse.html), and the pool_identifier as second parameter).
 
 ### Cache 
 The cache used to store the AWS Json Web Keys as well as the mapping between local and remote identifiers.
 Defaults to `ActiveSupport::Cache::NullStore`
 
+### Testing
+
+The TestHelpers module is here to help testing code using this gem to validate tokens and authenticate users:
+
+Create a module and make sure it is loaded as part of the support files of your rspec configuration:
+
+```ruby
+module Helpers
+  module JWT
+    def self.included(base)
+      base.class_eval do
+        Warden::Cognito::TestHelpers.setup
+      end
+    end
+
+    def auth_headers_for_user(user, headers = {})
+      Warden::Cognito::TestHelpers.auth_headers(headers, user)
+    end
+
+    def jwt_for_user(user)
+      auth_headers_for_user(user)[:Authorization].split[1]
+    end
+  end
+end
+```
+
+Include this module in the relevant test types:
+```ruby
+RSpec.configure do |config|
+  # /***/
+  config.include Helpers::JWT, type: :request
+end
+```
+
+You can now generate tokens for your users in your tests, for instance:
+```ruby
+let(:user) { create(:user) } # Your users needs to be available through the UserRepository you defined
+let(:headers) { auth_headers_for_user(user) }
+let(:token) { jwt_for_user(user) }
+```
+
+### API
+
+This gem also exposes classes that you can use to validate tokens and/or fetch a user from a given token:
+
+```ruby
+token = 'The token a user passed along in a request'
+token_decoder = TokenDecoder.new(token, nil) # Pass nil as pool_identifier to loop over all the configured pools and automatically bind the right one [Based on the issuer]
+
+# Is the token valid ?
+token_decoder.validate!
+
+# What's in this token ?
+token_decoder.decoded_token
+
+# What's the phone_number attribute of the user identified by this token ?
+token_decoder.user_attribute('phone_number')
+
+# Who is the local user associated with this token
+user = LocalUserMapper.find(token_decoder)
+# or 
+user = LocalUserMapper.find_by_token(token)
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
@@ -67,7 +149,7 @@ An then, for example:
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/warden-cognito.
+Bug reports and pull requests are welcome on GitHub at https://github.com/barkibu/warden-cognito.
 
 ## License
 

data/docker-compose.yml

@@ -5,5 +5,9 @@ services:
     command: tail -f Gemfile
     volumes:
       - .:/app
+      - bundle:/usr/local/bundle
+      - ~/.ssh:/root/.ssh
       - ~/.gitconfig:/root/.gitconfig
 
+volumes:
+  bundle:

data/lib/warden/cognito.rb

@@ -1,3 +1,4 @@
+require 'http'
 require 'jwt'
 require 'warden'
 require 'dry/configurable'
@@ -8,19 +9,54 @@ require 'active_support/core_ext'
 
 module Warden
   module Cognito
+    class CognitoError < StandardError; end
+
     extend Dry::Configurable
 
+    def jwk_config_keys
+      %i[key issuer]
+    end
+
+    def jwk_instance(value)
+      attributes = value&.symbolize_keys&.slice(*jwk_config_keys) || {}
+      Struct.new(*jwk_config_keys, keyword_init: true).new(attributes)
+    end
+
+    def user_pool_configuration_keys
+      %i[identifier region pool_id client_id]
+    end
+
+    def user_pool_configurations(value)
+      value.map do |key, conf|
+        attributes = conf.symbolize_keys.slice(*user_pool_configuration_keys).merge(identifier: key)
+        Struct.new(*user_pool_configuration_keys, keyword_init: true).new(attributes)
+      end
+    end
+
+    module_function :jwk_config_keys, :jwk_instance, :user_pool_configuration_keys, :user_pool_configurations
+
     setting :user_repository
-    setting :identifying_attribute, 'sub'
+    setting(:identifying_attribute, 'sub', &:to_s)
     setting :after_local_user_not_found
     setting :cache, ActiveSupport::Cache::NullStore.new
 
+    setting(:jwk, nil) { |value| jwk_instance(value) }
+
+    setting(:user_pools, []) { |value| user_pool_configurations(value) }
+
     Import = Dry::AutoInject(config)
   end
 end
 
+require 'warden/cognito/pool_related_iterator'
+require 'warden/cognito/has_user_pool_identifier'
+require 'warden/cognito/jwk_loader'
 require 'warden/cognito/version'
+require 'warden/cognito/user_not_found_callback'
+require 'warden/cognito/local_user_mapper'
 require 'warden/cognito/authenticatable_strategy'
 require 'warden/cognito/token_authenticatable_strategy'
+require 'warden/cognito/token_decoder'
 require 'warden/cognito/user_helper'
 require 'warden/cognito/cognito_client'
+require 'warden/cognito/test_helpers'

data/lib/warden/cognito/authenticatable_strategy.rb

@@ -4,11 +4,12 @@ require 'aws-sdk-cognitoidentityprovider'
 module Warden
   module Cognito
     class AuthenticatableStrategy < Warden::Strategies::Base
-      attr_reader :helper
+      attr_reader :helper, :user_not_found_callback
 
       def initialize(env, scope = nil)
         super
-        @helper = UserHelper
+        @user_not_found_callback = UserNotFoundCallback.new
+        @helper = UserHelper.new
       end
 
       def valid?
@@ -16,11 +17,11 @@ module Warden
       end
 
       def authenticate!
-        initiate_auth_response = CognitoClient.initiate_auth(email, password)
+        attempt = cognito_client.initiate_auth(email, password)
 
-        return fail(:unknow_cognito_response) unless initiate_auth_response
+        return fail(:unknow_cognito_response) unless attempt
 
-        user = local_user || after_user_local_not_found(initiate_auth_response.authentication_result)
+        user = local_user || trigger_callback(attempt.authentication_result)
 
         fail!(:unknown_user) unless user.present?
         success!(user)
@@ -32,13 +33,17 @@ module Warden
 
       private
 
-      def local_user
-        helper.find_by_cognito_username(email)
+      def cognito_client
+        CognitoClient.scope pool_identifier
+      end
+
+      def trigger_callback(authentication_result)
+        cognito_user = cognito_client.fetch(authentication_result.access_token)
+        user_not_found_callback.call(cognito_user, cognito_client.pool_identifier)
       end
 
-      def after_user_local_not_found(authentication_result)
-        user_response = CognitoClient.fetch(authentication_result.access_token)
-        Cognito.config.after_local_user_not_found&.call(user_response)
+      def local_user
+        helper.find_by_cognito_username(email, cognito_client.pool_identifier)
       end
 
       def cognito_authenticable?
@@ -53,8 +58,12 @@ module Warden
         auth_params[:password]
       end
 
+      def pool_identifier
+        auth_params[:pool_identifier]&.to_sym
+      end
+
       def auth_params
-        params[scope.to_s].symbolize_keys.slice(:password, :email)
+        params[scope.to_s].symbolize_keys.slice(:password, :email, :pool_identifier)
       end
     end
   end

data/lib/warden/cognito/cognito_client.rb

@@ -1,27 +1,42 @@
 module Warden
   module Cognito
     class CognitoClient
-      class << self
-        # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Types/GetUserResponse.html
-        def fetch(access_token)
-          client.get_user(access_token: access_token)
-        end
+      include Cognito::Import['user_pools']
+      include HasUserPoolIdentifier
+
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/CognitoIdentityProvider/Types/GetUserResponse.html
+      def fetch(access_token)
+        client.get_user(access_token: access_token)
+      end
+
+      def initiate_auth(email, password)
+        client.initiate_auth(
+          client_id: user_pool.client_id,
+          auth_flow: 'USER_PASSWORD_AUTH',
+          auth_parameters: {
+            'USERNAME' => email,
+            'PASSWORD' => password
+          }
+        )
+      end
+
+      private
 
-        def initiate_auth(email, password)
-          client.initiate_auth(
-            client_id: ENV['AWS_COGNITO_CLIENT_ID'],
-            auth_flow: 'USER_PASSWORD_AUTH',
-            auth_parameters: {
-              'USERNAME' => email,
-              'PASSWORD' => password
-            }
-          )
+      def client
+        Aws::CognitoIdentityProvider::Client.new
+      end
+
+      class << self
+        def scope(pool_identifier)
+          new.tap do |client|
+            client.user_pool = pool_identifier || default_pool_identifier
+          end
         end
 
         private
 
-        def client
-          Aws::CognitoIdentityProvider::Client.new
+        def default_pool_identifier
+          Warden::Cognito.config.user_pools.first.identifier
         end
       end
     end

data/lib/warden/cognito/has_user_pool_identifier.rb

@@ -0,0 +1,34 @@
+module Warden
+  module Cognito
+    module HasUserPoolIdentifier
+      def self.included(base)
+        base.extend ClassMethods
+        base.class_eval do
+          attr_reader :user_pool
+        end
+      end
+
+      def user_pool=(pool_identifier)
+        @user_pool = user_pools.detect(self.class.invalid_issuer_error) { |pool| pool.identifier == pool_identifier }
+      end
+
+      def pool_identifier
+        user_pool.identifier
+      end
+
+      module ClassMethods
+        def pool_iterator
+          PoolRelatedIterator.new do |pool|
+            new.tap do |pool_related|
+              pool_related.user_pool = pool.identifier
+            end
+          end
+        end
+
+        def invalid_issuer_error
+          -> { raise ::JWT::InvalidIssuerError, 'The token was not generated by any of the configured User Pools' }
+        end
+      end
+    end
+  end
+end

data/lib/warden/cognito/jwk_loader.rb

@@ -0,0 +1,34 @@
+module Warden
+  module Cognito
+    class JwkLoader
+      include Cognito::Import['cache', 'jwk', 'user_pools']
+      include HasUserPoolIdentifier
+
+      def jwt_issuer
+        jwk.issuer || "https://cognito-idp.#{user_pool.region}.amazonaws.com/#{user_pool.pool_id}"
+      end
+
+      def issued?(token)
+        ::JWT.decode(token, nil, false).first['iss'] == jwt_issuer
+      rescue StandardError
+        false
+      end
+
+      def call(options)
+        return { keys: [jwk.key.export] } if jwk.key.present?
+
+        cache.delete(jwk_url) if options[:invalidate]
+
+        cache.fetch(jwk_url, expires_in: 1.hour) do
+          JSON.parse(HTTP.get(jwk_url).body.to_s).deep_symbolize_keys
+        end
+      end
+
+      private
+
+      def jwk_url
+        "#{jwt_issuer}/.well-known/jwks.json"
+      end
+    end
+  end
+end

data/lib/warden/cognito/local_user_mapper.rb

@@ -0,0 +1,34 @@
+module Warden
+  module Cognito
+    class LocalUserMapper
+      include Cognito::Import['cache', 'identifying_attribute']
+
+      class << self
+        def find(token_decoder)
+          new.call(token_decoder)
+        end
+
+        def find_by_token(token)
+          find(TokenDecoder.new(token))
+        end
+      end
+
+      def call(token_decoder)
+        helper.find_by_cognito_attribute local_identifier(token_decoder), token_decoder.pool_identifier
+      end
+
+      private
+
+      def local_identifier(token_decoder)
+        cache_key = "COGNITO_POOL_#{token_decoder.pool_identifier}LOCAL_IDENTIFIER_#{token_decoder.sub}"
+        cache.fetch(cache_key, skip_nil: true) do
+          token_decoder.user_attribute(identifying_attribute)
+        end
+      end
+
+      def helper
+        UserHelper.new
+      end
+    end
+  end
+end

data/lib/warden/cognito/pool_related_iterator.rb

@@ -0,0 +1,15 @@
+class PoolRelatedIterator
+  include Enumerable
+
+  attr_reader :factory
+
+  def initialize(&factory)
+    @factory = factory
+  end
+
+  def each(&block)
+    Warden::Cognito.config.user_pools.each do |pool|
+      block.call factory.call(pool)
+    end
+  end
+end

data/lib/warden/cognito/test_helpers.rb

@@ -0,0 +1,39 @@
+module Warden
+  module Cognito
+    class TestHelpers
+      class EnvironmentError < StandardError; end
+
+      @jwk = JWT::JWK.new(OpenSSL::PKey::RSA.new(2048))
+
+      class << self
+        attr_reader :jwk
+
+        def setup
+          Warden::Cognito.config.jwk = { key: jwk, issuer: local_issuer }
+        end
+
+        def auth_headers(headers, user)
+          headers.merge(Authorization: "Bearer #{generate_token(user)}")
+        end
+
+        def local_issuer
+          'local_issuer'
+        end
+
+        private
+
+        def generate_token(user)
+          payload = { sub: user.object_id,
+                      "#{identifying_attribute}": user.cognito_id,
+                      iss: local_issuer }
+          headers = { kid: jwk.kid }
+          JWT.encode(payload, jwk.keypair, 'RS256', headers)
+        end
+
+        def identifying_attribute
+          Warden::Cognito.config.identifying_attribute
+        end
+      end
+    end
+  end
+end

data/lib/warden/cognito/token_authenticatable_strategy.rb

@@ -6,22 +6,15 @@ module Warden
     class TokenAuthenticatableStrategy < Warden::Strategies::Base
       METHOD = 'Bearer'.freeze
 
-      attr_reader :helper, :config
+      attr_reader :helper
 
       def initialize(env, scope = nil)
         super
-        @config = Cognito.config
-        @helper = UserHelper
-      end
-
-      def jwks
-        config.cache.fetch(jwk_url, expires_in: 1.hour) do
-          JSON.parse(HTTP.get(jwk_url).body.to_s).deep_symbolize_keys
-        end
+        @helper = UserHelper.new
       end
 
       def valid?
-        decoded_token.present?
+        token_decoder.validate!
       rescue ::JWT::ExpiredSignature
         true
       rescue StandardError
@@ -29,7 +22,8 @@ module Warden
       end
 
       def authenticate!
-        user = local_user || config.after_local_user_not_found&.call(cognito_user)
+        user = local_user || UserNotFoundCallback.call(cognito_user, token_decoder.pool_identifier)
+
         fail!(:unknown_user) unless user.present?
         success!(user)
       rescue ::JWT::ExpiredSignature
@@ -40,49 +34,20 @@ module Warden
 
       private
 
-      def jwt_issuer
-        "https://cognito-idp.#{ENV['AWS_REGION']}.amazonaws.com/#{ENV['AWS_COGNITO_USER_POOL_ID']}"
-      end
-
-      def jwk_url
-        "#{jwt_issuer}/.well-known/jwks.json"
-      end
-
-      def local_user
-        helper.find_by_cognito_attribute(local_identifier)
-      end
-
-      def cognito_user_cache_key
-        "COGNITO_LOCAL_IDENTIFIER_#{cognito_user_identifier}"
-      end
-
-      def cognito_user_identifier
-        decoded_token.first['sub']
-      end
-
-      def local_identifier
-        config.cache.fetch(cognito_user_cache_key, skip_nil: true) do
-          user_attribute identifying_attribute
-        end
-      end
-
       def cognito_user
-        @cognito_user ||= CognitoClient.fetch(token)
+        token_decoder.cognito_user
       end
 
-      def user_attribute(attribute_name)
-        cognito_user.user_attributes.detect do |attribute|
-          attribute.name == attribute_name
-        end&.value
+      def local_user
+        LocalUserMapper.find token_decoder
       end
 
-      def identifying_attribute
-        config.identifying_attribute.to_s
+      def token_decoder
+        @token_decoder ||= TokenDecoder.new(token, pool_identifier)
       end
 
-      def decoded_token
-        @decoded_token ||= ::JWT.decode(token, nil, true, iss: jwt_issuer, verify_iss: true,
-                                                          algorithms: ['RS256'], jwks: jwks)
+      def pool_identifier
+        env['HTTP_X_AUTHORIZATION_POOL_IDENTIFIER']
       end
 
       def token

data/lib/warden/cognito/token_decoder.rb

@@ -0,0 +1,60 @@
+module Warden
+  module Cognito
+    class TokenDecoder
+      attr_reader :jwk_loader, :token
+
+      def initialize(token, pool_identifier = nil)
+        @token = token
+        @jwk_loader = find_loader(pool_identifier)
+      end
+
+      def validate!
+        decoded_token.present?
+      end
+
+      def sub
+        decoded_token.first['sub']
+      end
+
+      def decoded_token
+        @decoded_token ||= ::JWT.decode(token, nil, true, iss: jwk_loader.jwt_issuer, verify_iss: true,
+                                                          algorithms: ['RS256'], jwks: jwk_loader)
+      end
+
+      def cognito_user
+        @cognito_user ||= CognitoClient.scope(pool_identifier).fetch(token)
+      end
+
+      def user_attribute(attribute_name)
+        token_attribute(attribute_name).presence || cognito_user_attribute(attribute_name)
+      end
+
+      def pool_identifier
+        jwk_loader.pool_identifier
+      end
+
+      private
+
+      def token_attribute(attribute_name)
+        decoded_token.first[attribute_name] if decoded_token.first.key? attribute_name
+      end
+
+      def cognito_user_attribute(attribute_name)
+        cognito_user.user_attributes.detect do |attribute|
+          attribute.name == attribute_name
+        end&.value
+      end
+
+      def find_loader(pool_identifier)
+        if pool_identifier.present?
+          return JwkLoader.new.tap do |loader|
+            loader.user_pool = pool_identifier
+          end
+        end
+        JwkLoader.pool_iterator.detect(JwkLoader.invalid_issuer_error) do |loader|
+          loader.issued? token
+        end
+      end
+    end
+  end
+end

data/lib/warden/cognito/user_helper.rb

@@ -1,20 +1,14 @@
 module Warden
   module Cognito
-    module UserHelper
-      class << self
-        def find_by_cognito_username(username)
-          user_repository.find_by_cognito_username(username)
-        end
+    class UserHelper
+      include Cognito::Import['user_repository']
 
-        def find_by_cognito_attribute(arg)
-          user_repository.find_by_cognito_attribute(arg)
-        end
-
-        private
+      def find_by_cognito_username(username, pool_identifier)
+        user_repository.find_by_cognito_username(username, pool_identifier)
+      end
 
-        def user_repository
-          Cognito.config.user_repository
-        end
+      def find_by_cognito_attribute(arg, pool_identifier)
+        user_repository.find_by_cognito_attribute(arg, pool_identifier)
       end
     end
   end

data/lib/warden/cognito/user_not_found_callback.rb

@@ -0,0 +1,17 @@
+module Warden
+  module Cognito
+    class UserNotFoundCallback
+      include Cognito::Import['after_local_user_not_found']
+
+      class << self
+        def call(cognito_user, pool_identifier)
+          new.call(cognito_user, pool_identifier)
+        end
+      end
+
+      def call(cognito_user, pool_identifier)
+        after_local_user_not_found&.call(cognito_user, pool_identifier)
+      end
+    end
+  end
+end

data/lib/warden/cognito/version.rb

@@ -1,5 +1,5 @@
 module Warden
   module Cognito
-    VERSION = '0.1.0'.freeze
+    VERSION = '0.3.0'.freeze
   end
 end

data/warden-cognito.gemspec

@@ -5,7 +5,7 @@ require 'warden/cognito/version'
 Gem::Specification.new do |spec|
   spec.name          = 'warden-cognito'
   spec.version       = Warden::Cognito::VERSION
-  spec.authors       = ['Juan F. Pérez']
+  spec.authors       = ['Juan F. Pérez', 'Léo Figea']
   spec.email         = ['761794+jguitar@users.noreply.github.com']
 
   spec.summary       = 'Amazon Cognito authentication for Warden'
@@ -36,10 +36,11 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'aws-sdk-cognitoidentityprovider', '~> 1.47'
   spec.add_dependency 'dry-auto_inject', '~> 0.6'
   spec.add_dependency 'dry-configurable', '~> 0.9'
+  spec.add_dependency 'http'
   spec.add_dependency 'jwt', '~> 2.1'
   spec.add_dependency 'warden', '~> 1.2'
 
-  spec.add_development_dependency 'bundler', '~> 1.17'
+  spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'pry-byebug', '~> 3.7'
   spec.add_development_dependency 'rack-test', '~> 1.1'
   spec.add_development_dependency 'rake', '>= 12.3.3'

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: warden-cognito
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Juan F. Pérez
+- Léo Figea
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-11-12 00:00:00.000000000 Z
+date: 2021-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -66,6 +67,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -98,16 +113,16 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
@@ -189,7 +204,6 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".ruby-version"
 - ".travis.yml"
 - CHANGELOG.md
 - Dockerfile
@@ -203,8 +217,15 @@ files:
 - lib/warden/cognito.rb
 - lib/warden/cognito/authenticatable_strategy.rb
 - lib/warden/cognito/cognito_client.rb
+- lib/warden/cognito/has_user_pool_identifier.rb
+- lib/warden/cognito/jwk_loader.rb
+- lib/warden/cognito/local_user_mapper.rb
+- lib/warden/cognito/pool_related_iterator.rb
+- lib/warden/cognito/test_helpers.rb
 - lib/warden/cognito/token_authenticatable_strategy.rb
+- lib/warden/cognito/token_decoder.rb
 - lib/warden/cognito/user_helper.rb
+- lib/warden/cognito/user_not_found_callback.rb
 - lib/warden/cognito/version.rb
 - warden-cognito.gemspec
 homepage: https://github.com/barkibu/warden-cognito

data/.ruby-version

@@ -1 +0,0 @@
-2.6.5