Skip to content

Commit 7cba616

Browse files
gpanshugpanshu
authored
fix(auth): Fix for checking current preferred type before setting the MFAType as enabled to ensure the current preference is not cleared ou (#2580)
1 parent 45d19c1 commit 7cba616

File tree

6 files changed

+849
-60
lines changed

6 files changed

+849
-60
lines changed

aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/CognitoAuthExceptionConverter.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ internal class CognitoAuthExceptionConverter {
6969
is InvalidPasswordException ->
7070
com.amplifyframework.auth.cognito.exceptions.service.InvalidPasswordException(error)
7171
is InvalidParameterException ->
72-
com.amplifyframework.auth.cognito.exceptions.service.InvalidParameterException(error)
72+
com.amplifyframework.auth.cognito.exceptions.service.InvalidParameterException(cause = error)
7373
is ExpiredCodeException -> CodeExpiredException(error)
7474
is CodeMismatchException -> com.amplifyframework.auth.cognito.exceptions.service.CodeMismatchException(
7575
error

aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/RealAWSCognitoAuthPlugin.kt

Lines changed: 66 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,7 @@ import com.amplifyframework.auth.cognito.exceptions.invalidstate.SignedInExcepti
6464
import com.amplifyframework.auth.cognito.exceptions.service.CodeDeliveryFailureException
6565
import com.amplifyframework.auth.cognito.exceptions.service.HostedUISignOutException
6666
import com.amplifyframework.auth.cognito.exceptions.service.InvalidAccountTypeException
67+
import com.amplifyframework.auth.cognito.exceptions.service.InvalidParameterException
6768
import com.amplifyframework.auth.cognito.exceptions.service.UserCancelledException
6869
import com.amplifyframework.auth.cognito.helpers.AuthHelper
6970
import com.amplifyframework.auth.cognito.helpers.HostedUIHelper
@@ -2194,7 +2195,7 @@ internal class RealAWSCognitoAuthPlugin(
21942195
var enabledSet: MutableSet<MFAType>? = null
21952196
var preferred: MFAType? = null
21962197
if (!response.userMfaSettingList.isNullOrEmpty()) {
2197-
enabledSet = mutableSetOf<MFAType>()
2198+
enabledSet = mutableSetOf()
21982199
response.userMfaSettingList?.forEach { mfaType ->
21992200
enabledSet.add(getMFAType(mfaType))
22002201
}
@@ -2227,45 +2228,76 @@ internal class RealAWSCognitoAuthPlugin(
22272228
onSuccess: Action,
22282229
onError: Consumer<AuthException>
22292230
) {
2230-
authStateMachine.getCurrentState { authState ->
2231-
when (authState.authNState) {
2232-
is AuthenticationState.SignedIn -> {
2233-
GlobalScope.launch {
2234-
try {
2235-
val accessToken = getSession().userPoolTokensResult.value?.accessToken
2236-
accessToken?.let { token ->
2237-
authEnvironment.cognitoAuthService.cognitoIdentityProviderClient?.setUserMfaPreference {
2238-
this.accessToken = token
2239-
this.smsMfaSettings = sms?.let {
2240-
SmsMfaSettingsType.invoke {
2241-
enabled = it.mfaEnabled
2242-
it.mfaPreferred ?.let { preferred -> preferredMfa = preferred }
2243-
}
2244-
}
2245-
this.softwareTokenMfaSettings = totp?.let {
2246-
SoftwareTokenMfaSettingsType.invoke {
2247-
enabled = it.mfaEnabled
2248-
it.mfaPreferred ?.let { preferred -> preferredMfa = preferred }
2231+
if (sms == null && totp == null) {
2232+
onError.accept(InvalidParameterException("No mfa settings given"))
2233+
return
2234+
}
2235+
// If either of the params have preferred setting set then ignore fetched preference preferred property
2236+
val overridePreferredSetting: Boolean = !(sms?.mfaPreferred == true || totp?.mfaPreferred == true)
2237+
fetchMFAPreference({ userPreference ->
2238+
authStateMachine.getCurrentState { authState ->
2239+
when (authState.authNState) {
2240+
is AuthenticationState.SignedIn -> {
2241+
GlobalScope.launch {
2242+
try {
2243+
val accessToken = getSession().userPoolTokensResult.value?.accessToken
2244+
accessToken?.let { token ->
2245+
authEnvironment
2246+
.cognitoAuthService
2247+
.cognitoIdentityProviderClient
2248+
?.setUserMfaPreference {
2249+
this.accessToken = token
2250+
this.smsMfaSettings = sms?.let { it ->
2251+
val preferredMFASetting = it.mfaPreferred
2252+
?: (
2253+
overridePreferredSetting &&
2254+
userPreference.preferred == MFAType.SMS &&
2255+
it.mfaEnabled
2256+
)
2257+
SmsMfaSettingsType.invoke {
2258+
enabled = it.mfaEnabled
2259+
preferredMfa = preferredMFASetting
2260+
}
2261+
}
2262+
this.softwareTokenMfaSettings = totp?.let { it ->
2263+
val preferredMFASetting = it.mfaPreferred
2264+
?: (
2265+
overridePreferredSetting &&
2266+
userPreference.preferred == MFAType.TOTP &&
2267+
it.mfaEnabled
2268+
)
2269+
SoftwareTokenMfaSettingsType.invoke {
2270+
enabled = it.mfaEnabled
2271+
preferredMfa = preferredMFASetting
2272+
}
2273+
}
2274+
}?.also {
2275+
onSuccess.call()
22492276
}
2250-
}
2251-
}?.also {
2252-
onSuccess.call()
2253-
}
2254-
} ?: onError.accept(SignedOutException())
2255-
} catch (error: Exception) {
2256-
onError.accept(
2257-
CognitoAuthExceptionConverter.lookup(
2258-
error,
2259-
"Amazon Cognito cannot update the MFA preferences"
2277+
} ?: onError.accept(SignedOutException())
2278+
} catch (error: Exception) {
2279+
onError.accept(
2280+
CognitoAuthExceptionConverter.lookup(
2281+
error,
2282+
"Amazon Cognito cannot update the MFA preferences"
2283+
)
22602284
)
2261-
)
2285+
}
22622286
}
22632287
}
2288+
else -> onError.accept(InvalidStateException())
22642289
}
2265-
2266-
else -> onError.accept(InvalidStateException())
22672290
}
2268-
}
2291+
}, {
2292+
onError.accept(
2293+
AuthException(
2294+
message = "Failed to fetch current MFA preferences " +
2295+
"which is a pre-requisite to update MFA preferences",
2296+
recoverySuggestion = AmplifyException.TODO_RECOVERY_SUGGESTION,
2297+
cause = it
2298+
)
2299+
)
2300+
})
22692301
}
22702302

22712303
private fun verifyTotp(

aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/UserMFAPreference.kt

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,10 @@ data class UserMFAPreference(
3030
/**
3131
* Input for updating the MFA preference for a MFA Type
3232
*/
33-
enum class MFAPreference(internal val mfaEnabled: Boolean, internal val mfaPreferred: Boolean? = null) {
33+
enum class MFAPreference(
34+
internal val mfaEnabled: Boolean,
35+
internal val mfaPreferred: Boolean? = null
36+
) {
3437
/**
3538
* MFA not enabled
3639
*/

aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/exceptions/service/InvalidParameterException.kt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,5 +20,5 @@ import com.amplifyframework.auth.exceptions.ServiceException
2020
* Could not perform the action because there are incorrect parameters.
2121
* @param cause The underlying cause of this exception
2222
*/
23-
open class InvalidParameterException(cause: Throwable?) :
24-
ServiceException("One or more parameters are incorrect.", "Enter correct parameters.", cause)
23+
open class InvalidParameterException(message: String? = null, cause: Throwable? = null) :
24+
ServiceException(message ?: "One or more parameters are incorrect.", "Enter correct parameters.", cause)

aws-auth-cognito/src/main/java/com/amplifyframework/auth/cognito/helpers/AuthHelper.kt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,10 +36,10 @@ internal open class AuthHelper {
3636
fun getSecretHash(userId: String?, clientId: String?, clientSecret: String?): String? {
3737
return when {
3838
userId == null -> throw InvalidParameterException(
39-
Exception("user ID cannot be null")
39+
cause = Exception("user ID cannot be null")
4040
)
4141
clientId == null -> throw InvalidParameterException(
42-
Exception("client ID cannot be null")
42+
cause = Exception("client ID cannot be null")
4343
)
4444
clientSecret.isNullOrEmpty() -> null
4545
else ->

0 commit comments

Comments
 (0)