-
Notifications
You must be signed in to change notification settings - Fork 108
/
SignInChallengeHelper.kt
130 lines (126 loc) · 6.05 KB
/
SignInChallengeHelper.kt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/*
* Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.amplifyframework.auth.cognito.helpers
import aws.sdk.kotlin.services.cognitoidentityprovider.model.AuthenticationResultType
import aws.sdk.kotlin.services.cognitoidentityprovider.model.ChallengeNameType
import aws.smithy.kotlin.runtime.time.Instant
import com.amplifyframework.auth.AuthCodeDeliveryDetails
import com.amplifyframework.auth.AuthException
import com.amplifyframework.auth.exceptions.UnknownException
import com.amplifyframework.auth.result.AuthSignInResult
import com.amplifyframework.auth.result.step.AuthNextSignInStep
import com.amplifyframework.auth.result.step.AuthSignInStep
import com.amplifyframework.core.Consumer
import com.amplifyframework.statemachine.StateMachineEvent
import com.amplifyframework.statemachine.codegen.data.AuthChallenge
import com.amplifyframework.statemachine.codegen.data.CognitoUserPoolTokens
import com.amplifyframework.statemachine.codegen.data.DeviceMetadata
import com.amplifyframework.statemachine.codegen.data.SignInMethod
import com.amplifyframework.statemachine.codegen.data.SignedInData
import com.amplifyframework.statemachine.codegen.events.AuthenticationEvent
import com.amplifyframework.statemachine.codegen.events.SignInEvent
import java.util.Date
import kotlin.time.Duration.Companion.seconds
internal object SignInChallengeHelper {
fun evaluateNextStep(
username: String,
challengeNameType: ChallengeNameType?,
session: String?,
challengeParameters: Map<String, String>?,
authenticationResult: AuthenticationResultType?,
signInMethod: SignInMethod = SignInMethod.ApiBased(SignInMethod.ApiBased.AuthType.USER_SRP_AUTH)
): StateMachineEvent {
return when {
authenticationResult != null -> {
authenticationResult.let {
val userId = it.accessToken?.let { token -> SessionHelper.getUserSub(token) } ?: ""
val expiresIn = Instant.now().plus(it.expiresIn.seconds).epochSeconds
val tokens = CognitoUserPoolTokens(it.idToken, it.accessToken, it.refreshToken, expiresIn)
val signedInData = SignedInData(
userId,
username,
Date(),
signInMethod,
tokens
)
it.newDeviceMetadata?.let { metadata ->
SignInEvent(
SignInEvent.EventType.ConfirmDevice(
DeviceMetadata.Metadata(
metadata.deviceKey ?: "",
metadata.deviceGroupKey ?: ""
),
signedInData
)
)
} ?: AuthenticationEvent(
AuthenticationEvent.EventType.SignInCompleted(
signedInData,
DeviceMetadata.Empty
)
)
}
}
challengeNameType is ChallengeNameType.SmsMfa ||
challengeNameType is ChallengeNameType.CustomChallenge ||
challengeNameType is ChallengeNameType.NewPasswordRequired -> {
val challenge =
AuthChallenge(challengeNameType.value, username, session, challengeParameters)
SignInEvent(SignInEvent.EventType.ReceivedChallenge(challenge))
}
challengeNameType is ChallengeNameType.DeviceSrpAuth -> {
SignInEvent(SignInEvent.EventType.InitiateSignInWithDeviceSRP(username, mapOf()))
}
else -> SignInEvent(SignInEvent.EventType.ThrowError(Exception("Response did not contain sign in info.")))
}
}
fun getNextStep(
challenge: AuthChallenge,
onSuccess: Consumer<AuthSignInResult>,
onError: Consumer<AuthException>
) {
val challengeParams = challenge.parameters?.toMutableMap() ?: mapOf()
when (ChallengeNameType.fromValue(challenge.challengeName)) {
is ChallengeNameType.SmsMfa -> {
val deliveryDetails = AuthCodeDeliveryDetails(
challengeParams.getValue("CODE_DELIVERY_DESTINATION"),
AuthCodeDeliveryDetails.DeliveryMedium.fromString(
challengeParams.getValue("CODE_DELIVERY_DELIVERY_MEDIUM")
)
)
val authSignInResult = AuthSignInResult(
false,
AuthNextSignInStep(AuthSignInStep.CONFIRM_SIGN_IN_WITH_SMS_MFA_CODE, mapOf(), deliveryDetails)
)
onSuccess.accept(authSignInResult)
}
is ChallengeNameType.NewPasswordRequired -> {
val authSignInResult = AuthSignInResult(
false,
AuthNextSignInStep(AuthSignInStep.CONFIRM_SIGN_IN_WITH_NEW_PASSWORD, challengeParams, null)
)
onSuccess.accept(authSignInResult)
}
is ChallengeNameType.CustomChallenge -> {
val authSignInResult = AuthSignInResult(
false,
AuthNextSignInStep(AuthSignInStep.CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE, challengeParams, null)
)
onSuccess.accept(authSignInResult)
}
else -> onError.accept(UnknownException(cause = Exception("Challenge type not supported.")))
}
}
}