npm - quidproquo-actionprocessor-awslambda - Versions diffs - 0.0.98 → 0.0.99 - Mend

quidproquo-actionprocessor-awslambda 0.0.98 → 0.0.99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/lib/getActionProcessor/core/userDirectory/getUserDirectoryRespondToAuthChallengeActionProcessor.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { UserDirectoryRespondToAuthChallengeActionProcessor, QPQConfig } from 'quidproquo-core';
+declare const _default: (qpqConfig: QPQConfig) => {
+    "@quidproquo-core/UserDirectory/RespondToAuthChallenge": UserDirectoryRespondToAuthChallengeActionProcessor;
+};
+export default _default;

package/lib/getActionProcessor/core/userDirectory/getUserDirectoryRespondToAuthChallengeActionProcessor.js ADDED Viewed

@@ -0,0 +1,39 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const quidproquo_core_1 = require("quidproquo-core");
+const awsNamingUtils_1 = require("../../../awsNamingUtils");
+const getExportedValue_1 = require("../../../logic/cloudformation/getExportedValue");
+const respondToAuthChallengeChallenge_1 = require("../../../logic/cognito/respondToAuthChallengeChallenge");
+const anyAuthChallengeToCognitoAttributes = (authChallenge) => {
+    switch (authChallenge.challenge) {
+        case quidproquo_core_1.AuthenticateUserChallenge.NEW_PASSWORD_REQUIRED:
+            return {
+                NEW_PASSWORD: authChallenge.newPassword,
+            };
+        default:
+            return {};
+    }
+};
+const getUserDirectoryRespondToAuthChallengeActionProcessor = (qpqConfig) => {
+    return ({ userDirectoryName, authChallenge }) => __awaiter(void 0, void 0, void 0, function* () {
+        const region = quidproquo_core_1.qpqCoreUtils.getApplicationModuleDeployRegion(qpqConfig);
+        const userPoolId = yield (0, getExportedValue_1.getExportedValue)((0, awsNamingUtils_1.getCFExportNameUserPoolIdFromConfig)(userDirectoryName, qpqConfig), region);
+        const userPoolClientId = yield (0, getExportedValue_1.getExportedValue)((0, awsNamingUtils_1.getCFExportNameUserPoolClientIdFromConfig)(userDirectoryName, qpqConfig), region);
+        const response = yield (0, respondToAuthChallengeChallenge_1.respondToAuthChallengeChallenge)(userPoolId, userPoolClientId, region, authChallenge.username, authChallenge.session, anyAuthChallengeToCognitoAttributes(authChallenge));
+        return (0, quidproquo_core_1.actionResult)(response);
+    });
+};
+exports.default = (qpqConfig) => {
+    return {
+        [quidproquo_core_1.UserDirectoryActionType.RespondToAuthChallenge]: getUserDirectoryRespondToAuthChallengeActionProcessor(qpqConfig),
+    };
+};

package/lib/getActionProcessor/core/userDirectory/index.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { QPQConfig } from 'quidproquo-core';
 declare const _default: (qpqConfig: QPQConfig) => {
+    "@quidproquo-core/UserDirectory/RespondToAuthChallenge": import("quidproquo-core").UserDirectoryRespondToAuthChallengeActionProcessor;
     "@quidproquo-core/UserDirectory/RequestEmailVerification": import("quidproquo-core").UserDirectoryRequestEmailVerificationActionProcessor;
     "@quidproquo-core/UserDirectory/RefreshToken": import("quidproquo-core").UserDirectoryRefreshTokenActionProcessor;
     "@quidproquo-core/UserDirectory/ReadAccessToken": import("quidproquo-core").UserDirectoryReadAccessTokenActionProcessor;

package/lib/getActionProcessor/core/userDirectory/index.js CHANGED Viewed

@@ -11,4 +11,5 @@ const getUserDirectoryForgetPasswordActionProcessor_1 = __importDefault(require(
 const getUserDirectoryReadAccessTokenActionProcessor_1 = __importDefault(require("./getUserDirectoryReadAccessTokenActionProcessor"));
 const getUserDirectoryRefreshTokenActionProcessor_1 = __importDefault(require("./getUserDirectoryRefreshTokenActionProcessor"));
 const getUserDirectoryRequestEmailVerificationActionProcessor_1 = __importDefault(require("./getUserDirectoryRequestEmailVerificationActionProcessor"));
-exports.default = (qpqConfig) => (Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({}, (0, getUserDirectoryAuthenticateUserActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryConfirmEmailVerificationActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryConfirmForgetPasswordActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryCreateUserActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryForgetPasswordActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryReadAccessTokenActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryRefreshTokenActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryRequestEmailVerificationActionProcessor_1.default)(qpqConfig)));
+const getUserDirectoryRespondToAuthChallengeActionProcessor_1 = __importDefault(require("./getUserDirectoryRespondToAuthChallengeActionProcessor"));
+exports.default = (qpqConfig) => (Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({}, (0, getUserDirectoryAuthenticateUserActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryConfirmEmailVerificationActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryConfirmForgetPasswordActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryCreateUserActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryForgetPasswordActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryReadAccessTokenActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryRefreshTokenActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryRequestEmailVerificationActionProcessor_1.default)(qpqConfig)), (0, getUserDirectoryRespondToAuthChallengeActionProcessor_1.default)(qpqConfig)));

package/lib/logic/cognito/authenticateUser.js CHANGED Viewed

@@ -34,6 +34,7 @@ const authenticateUser = (userPoolId, clientId, region, username, password) => _
     };
     try {
         const response = yield cognitoClient.send(new client_cognito_identity_provider_1.AdminInitiateAuthCommand(params));
+        console.log('authenticateUser response: ', JSON.stringify(response, null, 2));
         return (0, transformCognitoResponse_1.cognitoAdminInitiateAuthResponseToQpqAuthenticationInfo)(response, issueDateTime);
     }
     catch (e) {

package/lib/logic/cognito/respondToAuthChallengeChallenge.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { AuthenticateUserResponse } from 'quidproquo-core';
2	+ export declare const respondToAuthChallengeChallenge: (userPoolId: string, clientId: string, region: string, username: string, session: string, attributes: Record<string, string>) => Promise<AuthenticateUserResponse>;

package/lib/logic/cognito/respondToAuthChallengeChallenge.js ADDED Viewed

@@ -0,0 +1,33 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.respondToAuthChallengeChallenge = void 0;
+const client_cognito_identity_provider_1 = require("@aws-sdk/client-cognito-identity-provider");
+const calculateSecretHash_1 = require("./utils/calculateSecretHash");
+const getUserPoolClientSecret_1 = require("./getUserPoolClientSecret");
+const transformCognitoResponse_1 = require("./utils/transformCognitoResponse");
+const respondToAuthChallengeChallenge = (userPoolId, clientId, region, username, session, attributes) => __awaiter(void 0, void 0, void 0, function* () {
+    const cognitoClient = new client_cognito_identity_provider_1.CognitoIdentityProviderClient({ region });
+    const clientSecret = yield (0, getUserPoolClientSecret_1.getUserPoolClientSecret)(userPoolId, clientId, region);
+    const secretHash = (0, calculateSecretHash_1.calculateSecretHash)(username, clientId, clientSecret);
+    const params = {
+        ChallengeName: client_cognito_identity_provider_1.ChallengeNameType.NEW_PASSWORD_REQUIRED,
+        ClientId: clientId,
+        Session: session,
+        ChallengeResponses: Object.assign({ USERNAME: username, SECRET_HASH: secretHash }, attributes),
+    };
+    console.log('params', JSON.stringify(params, null, 2));
+    const issueDateTime = new Date().toISOString();
+    const response = yield cognitoClient.send(new client_cognito_identity_provider_1.RespondToAuthChallengeCommand(params));
+    // transform the response into your custom format, similar to your refreshToken function
+    return (0, transformCognitoResponse_1.cognitoAdminInitiateAuthResponseToQpqAuthenticationInfo)(response, issueDateTime);
+});
+exports.respondToAuthChallengeChallenge = respondToAuthChallengeChallenge;

package/lib/logic/cognito/utils/transformCognitoResponse.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
-import { AuthenticateUserResponse, AuthenticationInfo } from 'quidproquo-core';
-import { AuthenticationResultType, AdminInitiateAuthResponse } from '@aws-sdk/client-cognito-identity-provider';
+import { AuthenticateUserResponse, AuthenticationInfo, AuthenticateUserChallenge } from 'quidproquo-core';
+import { AuthenticationResultType, AdminInitiateAuthResponse, ChallengeNameType } from '@aws-sdk/client-cognito-identity-provider';
 export declare const cognitoAuthenticationResultTypeToQpqAuthenticationInfo: (authResult: AuthenticationResultType, issueDateTime: string) => AuthenticationInfo;
+export declare const cognitoChallengeNameTypeToQpqAuthenticateUserChallenge: (cognitoChallengeName: ChallengeNameType | string | undefined) => AuthenticateUserChallenge;
 export declare const cognitoAdminInitiateAuthResponseToQpqAuthenticationInfo: (authResponse: AdminInitiateAuthResponse, issueDateTime: string) => AuthenticateUserResponse;

package/lib/logic/cognito/utils/transformCognitoResponse.js CHANGED Viewed

@@ -1,7 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.cognitoAdminInitiateAuthResponseToQpqAuthenticationInfo = exports.cognitoAuthenticationResultTypeToQpqAuthenticationInfo = void 0;
+exports.cognitoAdminInitiateAuthResponseToQpqAuthenticationInfo = exports.cognitoChallengeNameTypeToQpqAuthenticateUserChallenge = exports.cognitoAuthenticationResultTypeToQpqAuthenticationInfo = void 0;
 const quidproquo_core_1 = require("quidproquo-core");
+const client_cognito_identity_provider_1 = require("@aws-sdk/client-cognito-identity-provider");
 const cognitoAuthenticationResultTypeToQpqAuthenticationInfo = (authResult, issueDateTime) => {
     // Parse the issueDateTime and add the expiresIn to get the expiration date
     let issueDate = new Date(issueDateTime);
@@ -17,10 +18,22 @@ const cognitoAuthenticationResultTypeToQpqAuthenticationInfo = (authResult, issu
     };
 };
 exports.cognitoAuthenticationResultTypeToQpqAuthenticationInfo = cognitoAuthenticationResultTypeToQpqAuthenticationInfo;
+const cognitoChallengeNameTypeToQpqAuthenticateUserChallenge = (cognitoChallengeName) => {
+    if (!cognitoChallengeName) {
+        return quidproquo_core_1.AuthenticateUserChallenge.NONE;
+    }
+    const map = {
+        [client_cognito_identity_provider_1.ChallengeNameType.NEW_PASSWORD_REQUIRED]: quidproquo_core_1.AuthenticateUserChallenge.NEW_PASSWORD_REQUIRED,
+    };
+    // TODO: handle the NOT-IMP cases
+    const challenge = map[cognitoChallengeName] || `NOT-IMP-${cognitoChallengeName}`;
+    return challenge;
+};
+exports.cognitoChallengeNameTypeToQpqAuthenticateUserChallenge = cognitoChallengeNameTypeToQpqAuthenticateUserChallenge;
 const cognitoAdminInitiateAuthResponseToQpqAuthenticationInfo = (authResponse, issueDateTime) => {
     const res = {
         session: authResponse.Session,
-        challenge: quidproquo_core_1.AuthenticateUserChallenge.NONE,
+        challenge: (0, exports.cognitoChallengeNameTypeToQpqAuthenticateUserChallenge)(authResponse.ChallengeName),
     };
     if (authResponse.AuthenticationResult) {
         res.authenticationInfo = (0, exports.cognitoAuthenticationResultTypeToQpqAuthenticationInfo)(authResponse.AuthenticationResult, issueDateTime);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "quidproquo-actionprocessor-awslambda",
-  "version": "0.0.98",
+  "version": "0.0.99",
   "description": "",
   "main": "./lib/index.js",
   "types": "./lib/index.d.js",