@ttoss/react-auth 1.7.20 → 1.7.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/esm/index.js +121 -69
- package/package.json +3 -3
package/dist/esm/index.js
CHANGED
|
@@ -358,6 +358,10 @@ var DenyStatement = {
|
|
|
358
358
|
Action: ["*"],
|
|
359
359
|
Resource: ["*"]
|
|
360
360
|
};
|
|
361
|
+
var defaultPrincipalTags = {
|
|
362
|
+
appClientId: "aud",
|
|
363
|
+
userId: "sub"
|
|
364
|
+
};
|
|
361
365
|
var createAuthTemplate = ({
|
|
362
366
|
autoVerifiedAttributes = ["email"],
|
|
363
367
|
identityPool,
|
|
@@ -369,6 +373,9 @@ var createAuthTemplate = ({
|
|
|
369
373
|
AWSTemplateFormatVersion: "2010-09-09",
|
|
370
374
|
Resources: {
|
|
371
375
|
[CognitoUserPoolLogicalId]: {
|
|
376
|
+
/**
|
|
377
|
+
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
|
|
378
|
+
*/
|
|
372
379
|
Type: "AWS::Cognito::UserPool",
|
|
373
380
|
Properties: {
|
|
374
381
|
AutoVerifiedAttributes,
|
|
@@ -392,6 +399,9 @@ var createAuthTemplate = ({
|
|
|
392
399
|
}
|
|
393
400
|
},
|
|
394
401
|
[CognitoUserPoolClientLogicalId]: {
|
|
402
|
+
/**
|
|
403
|
+
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html
|
|
404
|
+
*/
|
|
395
405
|
Type: "AWS::Cognito::UserPoolClient",
|
|
396
406
|
Properties: {
|
|
397
407
|
SupportedIdentityProviders: ["COGNITO"],
|
|
@@ -473,9 +483,12 @@ var createAuthTemplate = ({
|
|
|
473
483
|
}
|
|
474
484
|
if (identityPool?.enabled) {
|
|
475
485
|
template.Resources[CognitoIdentityPoolLogicalId] = {
|
|
486
|
+
/**
|
|
487
|
+
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html
|
|
488
|
+
*/
|
|
476
489
|
Type: "AWS::Cognito::IdentityPool",
|
|
477
490
|
Properties: {
|
|
478
|
-
AllowUnauthenticatedIdentities:
|
|
491
|
+
AllowUnauthenticatedIdentities: identityPool.allowUnauthenticatedIdentities || false,
|
|
479
492
|
CognitoIdentityProviders: [{
|
|
480
493
|
ClientId: {
|
|
481
494
|
Ref: CognitoUserPoolClientLogicalId
|
|
@@ -486,86 +499,123 @@ var createAuthTemplate = ({
|
|
|
486
499
|
}]
|
|
487
500
|
}
|
|
488
501
|
};
|
|
489
|
-
|
|
490
|
-
|
|
502
|
+
if (identityPool.name) {
|
|
503
|
+
template.Resources[CognitoIdentityPoolLogicalId].Properties.IdentityPoolName = identityPool.name;
|
|
504
|
+
}
|
|
505
|
+
template.Resources.CognitoIdentityPoolRoleAttachment = {
|
|
506
|
+
/**
|
|
507
|
+
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html
|
|
508
|
+
*/
|
|
509
|
+
Type: "AWS::Cognito::IdentityPoolRoleAttachment",
|
|
491
510
|
Properties: {
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
511
|
+
IdentityPoolId: {
|
|
512
|
+
Ref: CognitoIdentityPoolLogicalId
|
|
513
|
+
},
|
|
514
|
+
Roles: {}
|
|
515
|
+
}
|
|
516
|
+
};
|
|
517
|
+
if (!identityPool.authenticatedRoleArn) {
|
|
518
|
+
template.Resources[IdentityPoolAuthenticatedIAMRoleLogicalId] = {
|
|
519
|
+
Type: "AWS::IAM::Role",
|
|
520
|
+
Properties: {
|
|
521
|
+
AssumeRolePolicyDocument: {
|
|
522
|
+
Version: "2012-10-17",
|
|
523
|
+
Statement: [{
|
|
524
|
+
Effect: "Allow",
|
|
525
|
+
Principal: {
|
|
526
|
+
Federated: "cognito-identity.amazonaws.com"
|
|
505
527
|
},
|
|
506
|
-
"
|
|
507
|
-
|
|
528
|
+
Action: ["sts:AssumeRoleWithWebIdentity", "sts:TagSession"],
|
|
529
|
+
Condition: {
|
|
530
|
+
StringEquals: {
|
|
531
|
+
"cognito-identity.amazonaws.com:aud": {
|
|
532
|
+
Ref: CognitoIdentityPoolLogicalId
|
|
533
|
+
}
|
|
534
|
+
},
|
|
535
|
+
"ForAnyValue:StringLike": {
|
|
536
|
+
"cognito-identity.amazonaws.com:amr": "authenticated"
|
|
537
|
+
}
|
|
508
538
|
}
|
|
539
|
+
}]
|
|
540
|
+
},
|
|
541
|
+
Policies: identityPool.authenticatedPolicies || [{
|
|
542
|
+
PolicyName: "IdentityPoolAuthenticatedIAMRolePolicyName",
|
|
543
|
+
PolicyDocument: {
|
|
544
|
+
Version: "2012-10-17",
|
|
545
|
+
Statement: [DenyStatement]
|
|
509
546
|
}
|
|
510
547
|
}]
|
|
511
|
-
}
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
|
|
548
|
+
}
|
|
549
|
+
};
|
|
550
|
+
template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.authenticated = {
|
|
551
|
+
"Fn::GetAtt": [IdentityPoolAuthenticatedIAMRoleLogicalId, "Arn"]
|
|
552
|
+
};
|
|
553
|
+
} else {
|
|
554
|
+
template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.authenticated = identityPool.authenticatedRoleArn;
|
|
555
|
+
}
|
|
556
|
+
if (!identityPool.unauthenticatedRoleArn) {
|
|
557
|
+
template.Resources[IdentityPoolUnauthenticatedIAMRoleLogicalId] = {
|
|
558
|
+
Type: "AWS::IAM::Role",
|
|
559
|
+
Properties: {
|
|
560
|
+
AssumeRolePolicyDocument: {
|
|
515
561
|
Version: "2012-10-17",
|
|
516
|
-
Statement: [
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
};
|
|
521
|
-
template.Resources[IdentityPoolUnauthenticatedIAMRoleLogicalId] = {
|
|
522
|
-
Type: "AWS::IAM::Role",
|
|
523
|
-
Properties: {
|
|
524
|
-
AssumeRolePolicyDocument: {
|
|
525
|
-
Version: "2012-10-17",
|
|
526
|
-
Statement: [{
|
|
527
|
-
Effect: "Allow",
|
|
528
|
-
Principal: {
|
|
529
|
-
Federated: "cognito-identity.amazonaws.com"
|
|
530
|
-
},
|
|
531
|
-
Action: "sts:AssumeRoleWithWebIdentity",
|
|
532
|
-
Condition: {
|
|
533
|
-
StringEquals: {
|
|
534
|
-
"cognito-identity.amazonaws.com:aud": {
|
|
535
|
-
Ref: CognitoIdentityPoolLogicalId
|
|
536
|
-
}
|
|
562
|
+
Statement: [{
|
|
563
|
+
Effect: "Allow",
|
|
564
|
+
Principal: {
|
|
565
|
+
Federated: "cognito-identity.amazonaws.com"
|
|
537
566
|
},
|
|
538
|
-
"
|
|
539
|
-
|
|
567
|
+
Action: "sts:AssumeRoleWithWebIdentity",
|
|
568
|
+
Condition: {
|
|
569
|
+
StringEquals: {
|
|
570
|
+
"cognito-identity.amazonaws.com:aud": {
|
|
571
|
+
Ref: CognitoIdentityPoolLogicalId
|
|
572
|
+
}
|
|
573
|
+
},
|
|
574
|
+
"ForAnyValue:StringLike": {
|
|
575
|
+
"cognito-identity.amazonaws.com:amr": "unauthenticated"
|
|
576
|
+
}
|
|
540
577
|
}
|
|
578
|
+
}]
|
|
579
|
+
},
|
|
580
|
+
Policies: identityPool.authenticatedPolicies || [{
|
|
581
|
+
PolicyName: "IdentityPoolUnauthenticatedIAMRolePolicyName",
|
|
582
|
+
PolicyDocument: {
|
|
583
|
+
Version: "2012-10-17",
|
|
584
|
+
Statement: [DenyStatement]
|
|
541
585
|
}
|
|
542
586
|
}]
|
|
543
|
-
}
|
|
544
|
-
|
|
545
|
-
|
|
546
|
-
|
|
547
|
-
|
|
548
|
-
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
}
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
587
|
+
}
|
|
588
|
+
};
|
|
589
|
+
template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.unauthenticated = {
|
|
590
|
+
"Fn::GetAtt": [IdentityPoolUnauthenticatedIAMRoleLogicalId, "Arn"]
|
|
591
|
+
};
|
|
592
|
+
} else {
|
|
593
|
+
template.Resources.CognitoIdentityPoolRoleAttachment.Properties.Roles.unauthenticated = identityPool.unauthenticatedRoleArn;
|
|
594
|
+
}
|
|
595
|
+
if (identityPool.principalTags || identityPool.principalTags === void 0) {
|
|
596
|
+
const PrincipalTags = (() => {
|
|
597
|
+
if (typeof identityPool.principalTags === "boolean") {
|
|
598
|
+
return defaultPrincipalTags;
|
|
599
|
+
}
|
|
600
|
+
if (identityPool.principalTags === void 0) {
|
|
601
|
+
return defaultPrincipalTags;
|
|
602
|
+
}
|
|
603
|
+
return identityPool.principalTags;
|
|
604
|
+
})();
|
|
605
|
+
template.Resources.CognitoIdentityPoolPrincipalTag = {
|
|
606
|
+
Type: "AWS::Cognito::IdentityPoolPrincipalTag",
|
|
607
|
+
Properties: {
|
|
608
|
+
IdentityPoolId: {
|
|
609
|
+
Ref: CognitoIdentityPoolLogicalId
|
|
562
610
|
},
|
|
563
|
-
|
|
564
|
-
"Fn::GetAtt": [
|
|
565
|
-
}
|
|
611
|
+
IdentityProviderName: {
|
|
612
|
+
"Fn::GetAtt": [CognitoUserPoolLogicalId, "ProviderName"]
|
|
613
|
+
},
|
|
614
|
+
PrincipalTags,
|
|
615
|
+
UseDefaults: false
|
|
566
616
|
}
|
|
567
|
-
}
|
|
568
|
-
}
|
|
617
|
+
};
|
|
618
|
+
}
|
|
569
619
|
if (!template.Outputs) {
|
|
570
620
|
template.Outputs = {};
|
|
571
621
|
}
|
|
@@ -588,6 +638,8 @@ var createAuthTemplate = ({
|
|
|
588
638
|
createAuthTemplate.CognitoUserPoolLogicalId = CognitoUserPoolLogicalId;
|
|
589
639
|
createAuthTemplate.CognitoUserPoolClientLogicalId = CognitoUserPoolClientLogicalId;
|
|
590
640
|
createAuthTemplate.CognitoIdentityPoolLogicalId = CognitoIdentityPoolLogicalId;
|
|
641
|
+
createAuthTemplate.IdentityPoolAuthenticatedIAMRoleLogicalId = IdentityPoolAuthenticatedIAMRoleLogicalId;
|
|
642
|
+
createAuthTemplate.IdentityPoolUnauthenticatedIAMRoleLogicalId = IdentityPoolUnauthenticatedIAMRoleLogicalId;
|
|
591
643
|
|
|
592
644
|
// src/AuthForgotPasswordResetPassword.tsx
|
|
593
645
|
import { useI18n as useI18n3 } from "@ttoss/react-i18n";
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ttoss/react-auth",
|
|
3
|
-
"version": "1.7.
|
|
3
|
+
"version": "1.7.22",
|
|
4
4
|
"description": "ttoss authentication module for React apps.",
|
|
5
5
|
"author": "ttoss",
|
|
6
6
|
"contributors": [
|
|
@@ -32,8 +32,8 @@
|
|
|
32
32
|
"peerDependencies": {
|
|
33
33
|
"aws-amplify": "^5.0.0",
|
|
34
34
|
"react": ">=16.8.0",
|
|
35
|
-
"@ttoss/react-i18n": "^1.25.8",
|
|
36
35
|
"@ttoss/react-notifications": "^1.24.22",
|
|
36
|
+
"@ttoss/react-i18n": "^1.25.8",
|
|
37
37
|
"@ttoss/ui": "^4.0.7"
|
|
38
38
|
},
|
|
39
39
|
"devDependencies": {
|
|
@@ -42,7 +42,7 @@
|
|
|
42
42
|
"aws-amplify": "^5.3.11",
|
|
43
43
|
"jest": "^29.7.0",
|
|
44
44
|
"tsup": "^8.0.1",
|
|
45
|
-
"@ttoss/cloud-auth": "^0.
|
|
45
|
+
"@ttoss/cloud-auth": "^0.12.0",
|
|
46
46
|
"@ttoss/config": "^1.31.4",
|
|
47
47
|
"@ttoss/i18n-cli": "^0.7.5",
|
|
48
48
|
"@ttoss/react-i18n": "^1.25.8",
|