@ttoss/react-auth 1.2.17 → 1.2.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/esm/index.js +123 -13
  2. package/dist/index.js +123 -13
  3. package/package.json +3 -3
package/dist/esm/index.js CHANGED
@@ -212,10 +212,16 @@ var PASSWORD_MINIMUM_LENGTH = 8;
212
212
  var CognitoUserPoolLogicalId = "CognitoUserPool";
213
213
  var CognitoUserPoolClientLogicalId = "CognitoUserPoolClient";
214
214
  var CognitoIdentityPoolLogicalId = "CognitoIdentityPool";
215
+ var IdentityPoolAuthenticatedIAMRoleLogicalId = "IdentityPoolAuthenticatedIAMRole";
216
+ var IdentityPoolUnauthenticatedIAMRoleLogicalId = "IdentityPoolUnauthenticatedIAMRole";
217
+ var DenyStatement = {
218
+ Effect: "Deny",
219
+ Action: ["*"],
220
+ Resource: ["*"]
221
+ };
215
222
  var createAuthTemplate = ({
216
223
  autoVerifiedAttributes = ["email"],
217
- identityPool = true,
218
- roles,
224
+ identityPool,
219
225
  schema,
220
226
  usernameAttributes = ["email"]
221
227
  } = {}) => {
@@ -237,7 +243,6 @@ var createAuthTemplate = ({
237
243
  TemporaryPasswordValidityDays: 30
238
244
  }
239
245
  },
240
- Schema: schema,
241
246
  UsernameAttributes: usernameAttributes,
242
247
  UsernameConfiguration: {
243
248
  CaseSensitive: false
@@ -293,7 +298,35 @@ var createAuthTemplate = ({
293
298
  }
294
299
  }
295
300
  };
296
- if (identityPool) {
301
+ if (schema) {
302
+ const Schema = schema.map((attribute) => {
303
+ let NumberAttributeConstraints = void 0;
304
+ if (attribute.numberAttributeConstraints) {
305
+ NumberAttributeConstraints = {
306
+ MaxValue: attribute.numberAttributeConstraints?.maxValue,
307
+ MinValue: attribute.numberAttributeConstraints?.minValue
308
+ };
309
+ }
310
+ let StringAttributeConstraints = void 0;
311
+ if (attribute.stringAttributeConstraints) {
312
+ StringAttributeConstraints = {
313
+ MaxLength: attribute.stringAttributeConstraints?.maxLength,
314
+ MinLength: attribute.stringAttributeConstraints?.minLength
315
+ };
316
+ }
317
+ return {
318
+ AttributeDataType: attribute.attributeDataType,
319
+ DeveloperOnlyAttribute: attribute.developerOnlyAttribute,
320
+ Mutable: attribute.mutable,
321
+ Name: attribute.name,
322
+ NumberAttributeConstraints,
323
+ Required: attribute.required,
324
+ StringAttributeConstraints
325
+ };
326
+ });
327
+ template.Resources[CognitoUserPoolLogicalId].Properties.Schema = Schema;
328
+ }
329
+ if (identityPool?.enabled) {
297
330
  template.Resources[CognitoIdentityPoolLogicalId] = {
298
331
  Type: "AWS::Cognito::IdentityPool",
299
332
  Properties: {
@@ -310,17 +343,94 @@ var createAuthTemplate = ({
310
343
  ]
311
344
  }
312
345
  };
313
- if (roles) {
314
- template.Resources.CognitoIdentityPoolRoleAttachment = {
315
- Type: "AWS::Cognito::IdentityPoolRoleAttachment",
316
- Properties: {
317
- IdentityPoolId: {
318
- Ref: CognitoIdentityPoolLogicalId
346
+ template.Resources[IdentityPoolAuthenticatedIAMRoleLogicalId] = {
347
+ Type: "AWS::IAM::Role",
348
+ Properties: {
349
+ AssumeRolePolicyDocument: {
350
+ Version: "2012-10-17",
351
+ Statement: [
352
+ {
353
+ Effect: "Allow",
354
+ Principal: {
355
+ Federated: "cognito-identity.amazonaws.com"
356
+ },
357
+ Action: ["sts:AssumeRoleWithWebIdentity", "sts:TagSession"],
358
+ Condition: {
359
+ StringEquals: {
360
+ "cognito-identity.amazonaws.com:aud": {
361
+ Ref: CognitoIdentityPoolLogicalId
362
+ }
363
+ },
364
+ "ForAnyValue:StringLike": {
365
+ "cognito-identity.amazonaws.com:amr": "authenticated"
366
+ }
367
+ }
368
+ }
369
+ ]
370
+ },
371
+ Policies: identityPool.authenticatedPolicies || [
372
+ {
373
+ PolicyName: "IdentityPoolAuthenticatedIAMRolePolicyName",
374
+ PolicyDocument: {
375
+ Version: "2012-10-17",
376
+ Statement: [DenyStatement]
377
+ }
378
+ }
379
+ ]
380
+ }
381
+ };
382
+ template.Resources[IdentityPoolUnauthenticatedIAMRoleLogicalId] = {
383
+ Type: "AWS::IAM::Role",
384
+ Properties: {
385
+ AssumeRolePolicyDocument: {
386
+ Version: "2012-10-17",
387
+ Statement: [
388
+ {
389
+ Effect: "Allow",
390
+ Principal: {
391
+ Federated: "cognito-identity.amazonaws.com"
392
+ },
393
+ Action: "sts:AssumeRoleWithWebIdentity",
394
+ Condition: {
395
+ StringEquals: {
396
+ "cognito-identity.amazonaws.com:aud": {
397
+ Ref: CognitoIdentityPoolLogicalId
398
+ }
399
+ },
400
+ "ForAnyValue:StringLike": {
401
+ "cognito-identity.amazonaws.com:amr": "unauthenticated"
402
+ }
403
+ }
404
+ }
405
+ ]
406
+ },
407
+ Policies: identityPool.authenticatedPolicies || [
408
+ {
409
+ PolicyName: "IdentityPoolUnauthenticatedIAMRolePolicyName",
410
+ PolicyDocument: {
411
+ Version: "2012-10-17",
412
+ Statement: [DenyStatement]
413
+ }
414
+ }
415
+ ]
416
+ }
417
+ };
418
+ template.Resources.CognitoIdentityPoolRoleAttachment = {
419
+ Type: "AWS::Cognito::IdentityPoolRoleAttachment",
420
+ Properties: {
421
+ IdentityPoolId: {
422
+ Ref: CognitoIdentityPoolLogicalId
423
+ },
424
+ Roles: {
425
+ authenticated: {
426
+ "Fn::GetAtt": [IdentityPoolAuthenticatedIAMRoleLogicalId, "Arn"]
319
427
  },
320
- Roles: roles
428
+ unauthenticated: {
429
+ "Fn::GetAtt": [IdentityPoolUnauthenticatedIAMRoleLogicalId, "Arn"]
430
+ }
321
431
  }
322
- };
323
- }
432
+ }
433
+ };
324
434
  if (!template.Outputs) {
325
435
  template.Outputs = {};
326
436
  }
package/dist/index.js CHANGED
@@ -249,10 +249,16 @@ var PASSWORD_MINIMUM_LENGTH = 8;
249
249
  var CognitoUserPoolLogicalId = "CognitoUserPool";
250
250
  var CognitoUserPoolClientLogicalId = "CognitoUserPoolClient";
251
251
  var CognitoIdentityPoolLogicalId = "CognitoIdentityPool";
252
+ var IdentityPoolAuthenticatedIAMRoleLogicalId = "IdentityPoolAuthenticatedIAMRole";
253
+ var IdentityPoolUnauthenticatedIAMRoleLogicalId = "IdentityPoolUnauthenticatedIAMRole";
254
+ var DenyStatement = {
255
+ Effect: "Deny",
256
+ Action: ["*"],
257
+ Resource: ["*"]
258
+ };
252
259
  var createAuthTemplate = ({
253
260
  autoVerifiedAttributes = ["email"],
254
- identityPool = true,
255
- roles,
261
+ identityPool,
256
262
  schema,
257
263
  usernameAttributes = ["email"]
258
264
  } = {}) => {
@@ -274,7 +280,6 @@ var createAuthTemplate = ({
274
280
  TemporaryPasswordValidityDays: 30
275
281
  }
276
282
  },
277
- Schema: schema,
278
283
  UsernameAttributes: usernameAttributes,
279
284
  UsernameConfiguration: {
280
285
  CaseSensitive: false
@@ -330,7 +335,35 @@ var createAuthTemplate = ({
330
335
  }
331
336
  }
332
337
  };
333
- if (identityPool) {
338
+ if (schema) {
339
+ const Schema = schema.map((attribute) => {
340
+ let NumberAttributeConstraints = void 0;
341
+ if (attribute.numberAttributeConstraints) {
342
+ NumberAttributeConstraints = {
343
+ MaxValue: attribute.numberAttributeConstraints?.maxValue,
344
+ MinValue: attribute.numberAttributeConstraints?.minValue
345
+ };
346
+ }
347
+ let StringAttributeConstraints = void 0;
348
+ if (attribute.stringAttributeConstraints) {
349
+ StringAttributeConstraints = {
350
+ MaxLength: attribute.stringAttributeConstraints?.maxLength,
351
+ MinLength: attribute.stringAttributeConstraints?.minLength
352
+ };
353
+ }
354
+ return {
355
+ AttributeDataType: attribute.attributeDataType,
356
+ DeveloperOnlyAttribute: attribute.developerOnlyAttribute,
357
+ Mutable: attribute.mutable,
358
+ Name: attribute.name,
359
+ NumberAttributeConstraints,
360
+ Required: attribute.required,
361
+ StringAttributeConstraints
362
+ };
363
+ });
364
+ template.Resources[CognitoUserPoolLogicalId].Properties.Schema = Schema;
365
+ }
366
+ if (identityPool?.enabled) {
334
367
  template.Resources[CognitoIdentityPoolLogicalId] = {
335
368
  Type: "AWS::Cognito::IdentityPool",
336
369
  Properties: {
@@ -347,17 +380,94 @@ var createAuthTemplate = ({
347
380
  ]
348
381
  }
349
382
  };
350
- if (roles) {
351
- template.Resources.CognitoIdentityPoolRoleAttachment = {
352
- Type: "AWS::Cognito::IdentityPoolRoleAttachment",
353
- Properties: {
354
- IdentityPoolId: {
355
- Ref: CognitoIdentityPoolLogicalId
383
+ template.Resources[IdentityPoolAuthenticatedIAMRoleLogicalId] = {
384
+ Type: "AWS::IAM::Role",
385
+ Properties: {
386
+ AssumeRolePolicyDocument: {
387
+ Version: "2012-10-17",
388
+ Statement: [
389
+ {
390
+ Effect: "Allow",
391
+ Principal: {
392
+ Federated: "cognito-identity.amazonaws.com"
393
+ },
394
+ Action: ["sts:AssumeRoleWithWebIdentity", "sts:TagSession"],
395
+ Condition: {
396
+ StringEquals: {
397
+ "cognito-identity.amazonaws.com:aud": {
398
+ Ref: CognitoIdentityPoolLogicalId
399
+ }
400
+ },
401
+ "ForAnyValue:StringLike": {
402
+ "cognito-identity.amazonaws.com:amr": "authenticated"
403
+ }
404
+ }
405
+ }
406
+ ]
407
+ },
408
+ Policies: identityPool.authenticatedPolicies || [
409
+ {
410
+ PolicyName: "IdentityPoolAuthenticatedIAMRolePolicyName",
411
+ PolicyDocument: {
412
+ Version: "2012-10-17",
413
+ Statement: [DenyStatement]
414
+ }
415
+ }
416
+ ]
417
+ }
418
+ };
419
+ template.Resources[IdentityPoolUnauthenticatedIAMRoleLogicalId] = {
420
+ Type: "AWS::IAM::Role",
421
+ Properties: {
422
+ AssumeRolePolicyDocument: {
423
+ Version: "2012-10-17",
424
+ Statement: [
425
+ {
426
+ Effect: "Allow",
427
+ Principal: {
428
+ Federated: "cognito-identity.amazonaws.com"
429
+ },
430
+ Action: "sts:AssumeRoleWithWebIdentity",
431
+ Condition: {
432
+ StringEquals: {
433
+ "cognito-identity.amazonaws.com:aud": {
434
+ Ref: CognitoIdentityPoolLogicalId
435
+ }
436
+ },
437
+ "ForAnyValue:StringLike": {
438
+ "cognito-identity.amazonaws.com:amr": "unauthenticated"
439
+ }
440
+ }
441
+ }
442
+ ]
443
+ },
444
+ Policies: identityPool.authenticatedPolicies || [
445
+ {
446
+ PolicyName: "IdentityPoolUnauthenticatedIAMRolePolicyName",
447
+ PolicyDocument: {
448
+ Version: "2012-10-17",
449
+ Statement: [DenyStatement]
450
+ }
451
+ }
452
+ ]
453
+ }
454
+ };
455
+ template.Resources.CognitoIdentityPoolRoleAttachment = {
456
+ Type: "AWS::Cognito::IdentityPoolRoleAttachment",
457
+ Properties: {
458
+ IdentityPoolId: {
459
+ Ref: CognitoIdentityPoolLogicalId
460
+ },
461
+ Roles: {
462
+ authenticated: {
463
+ "Fn::GetAtt": [IdentityPoolAuthenticatedIAMRoleLogicalId, "Arn"]
356
464
  },
357
- Roles: roles
465
+ unauthenticated: {
466
+ "Fn::GetAtt": [IdentityPoolUnauthenticatedIAMRoleLogicalId, "Arn"]
467
+ }
358
468
  }
359
- };
360
- }
469
+ }
470
+ };
361
471
  if (!template.Outputs) {
362
472
  template.Outputs = {};
363
473
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ttoss/react-auth",
3
- "version": "1.2.17",
3
+ "version": "1.2.18",
4
4
  "description": "ttoss authentication module for React apps.",
5
5
  "license": "UNLICENSED",
6
6
  "author": "ttoss",
@@ -34,7 +34,7 @@
34
34
  "react": ">=16.8.0"
35
35
  },
36
36
  "devDependencies": {
37
- "@ttoss/cloud-auth": "^0.6.4",
37
+ "@ttoss/cloud-auth": "^0.7.0",
38
38
  "@ttoss/config": "^1.28.2",
39
39
  "@ttoss/i18n-cli": "^0.3.5",
40
40
  "@ttoss/react-i18n": "^1.18.8",
@@ -50,5 +50,5 @@
50
50
  "publishConfig": {
51
51
  "access": "public"
52
52
  },
53
- "gitHead": "0a6b947e6dc4386ff80861cbed8c119c6bd39f47"
53
+ "gitHead": "ff8bed71bb39e2e7d7385f8bb4a1bfda3553cb5c"
54
54
  }