Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4245497a97
moto/tests/test_cognitoidp/test_cognitoidp.py

1918 lines
65 KiB
Python
Raw Normal View History

Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
from __future__ import unicode_literals
import json
import os
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
import random
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 13:08:17 +00:00
import re
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
import hmac
import hashlib
import base64
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 13:08:17 +00:00
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
import requests
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
import uuid
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
import boto3
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
# noinspection PyUnresolvedReferences
import sure # noqa
from botocore.exceptions import ClientError
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
from jose import jws, jwk, jwt
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
import pytest
Added extra test
2018-08-10 14:07:27 +00:00
Cognito - Dont run test in ServerMode
2020-06-20 11:48:10 +00:00
from moto import mock_cognitoidp, settings
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 13:08:17 +00:00
from moto.cognitoidp.utils import create_id
ACCOUNT_ID moved to moto.core, MOTO_ACCOUNT_ID env var override
2019-12-17 02:05:29 +00:00
from moto.core import ACCOUNT_ID
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_create_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
value = str(uuid.uuid4())
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result = conn.create_user_pool(PoolName=name, LambdaConfig={"PreSignUp": value})
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
result["UserPool"]["Id"].should_not.be.none
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result["UserPool"]["Id"].should.match(r"[\w-]+_[0-9a-zA-Z]+")
add Arn to cognito user pool model and response
2020-02-17 21:08:09 +00:00
result["UserPool"]["Arn"].should.equal(
"arn:aws:cognito-idp:us-west-2:{}:userpool/{}".format(
ACCOUNT_ID, result["UserPool"]["Id"]
)
)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
result["UserPool"]["Name"].should.equal(name)
result["UserPool"]["LambdaConfig"]["PreSignUp"].should.equal(value)
@mock_cognitoidp
def test_list_user_pools():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
conn.create_user_pool(PoolName=name)
result = conn.list_user_pools(MaxResults=10)
result["UserPools"].should.have.length_of(1)
result["UserPools"][0]["Name"].should.equal(name)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_user_pools_returns_max_items():
conn = boto3.client("cognito-idp", "us-west-2")
# Given 10 user pools
pool_count = 10
for i in range(pool_count):
conn.create_user_pool(PoolName=str(uuid.uuid4()))
max_results = 5
result = conn.list_user_pools(MaxResults=max_results)
result["UserPools"].should.have.length_of(max_results)
result.should.have.key("NextToken")
@mock_cognitoidp
def test_list_user_pools_returns_next_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
# Given 10 user pool clients
pool_count = 10
for i in range(pool_count):
conn.create_user_pool(PoolName=str(uuid.uuid4()))
max_results = 5
result = conn.list_user_pools(MaxResults=max_results)
result["UserPools"].should.have.length_of(max_results)
result.should.have.key("NextToken")
next_token = result["NextToken"]
result_2 = conn.list_user_pools(MaxResults=max_results, NextToken=next_token)
result_2["UserPools"].should.have.length_of(max_results)
result_2.shouldnt.have.key("NextToken")
@mock_cognitoidp
def test_list_user_pools_when_max_items_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
# Given 10 user pool clients
pool_count = 10
for i in range(pool_count):
conn.create_user_pool(PoolName=str(uuid.uuid4()))
max_results = pool_count + 5
result = conn.list_user_pools(MaxResults=max_results)
result["UserPools"].should.have.length_of(pool_count)
result.shouldnt.have.key("NextToken")
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_describe_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_details = conn.create_user_pool(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
PoolName=name, LambdaConfig={"PreSignUp": value}
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result = conn.describe_user_pool(UserPoolId=user_pool_details["UserPool"]["Id"])
result["UserPool"]["Name"].should.equal(name)
result["UserPool"]["LambdaConfig"]["PreSignUp"].should.equal(value)
@mock_cognitoidp
def test_delete_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.list_user_pools(MaxResults=10)["UserPools"].should.have.length_of(1)
conn.delete_user_pool(UserPoolId=user_pool_id)
conn.list_user_pools(MaxResults=10)["UserPools"].should.have.length_of(0)
@mock_cognitoidp
def test_create_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 03:09:13 +00:00
@mock_cognitoidp
def test_create_user_pool_domain_custom_domain_config():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
custom_domain_config = {
black linting
2019-12-17 02:25:20 +00:00
"CertificateArn": "arn:aws:acm:us-east-1:{}:certificate/123456789012".format(
ACCOUNT_ID
)
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 03:09:13 +00:00
}
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_domain(
UserPoolId=user_pool_id, Domain=domain, CustomDomainConfig=custom_domain_config
)
result["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
result["CloudFrontDomain"].should.equal("e2c343b3293ee505.cloudfront.net")
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_describe_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result = conn.describe_user_pool_domain(Domain=domain)
result["DomainDescription"]["Domain"].should.equal(domain)
result["DomainDescription"]["UserPoolId"].should.equal(user_pool_id)
result["DomainDescription"]["AWSAccountId"].should_not.be.none
@mock_cognitoidp
def test_delete_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result = conn.delete_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
result = conn.describe_user_pool_domain(Domain=domain)
# This is a surprising behavior of the real service: describing a missing domain comes
# back with status 200 and a DomainDescription of {}
result["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
result["DomainDescription"].keys().should.have.length_of(0)
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 03:09:13 +00:00
@mock_cognitoidp
def test_update_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
custom_domain_config = {
black linting
2019-12-17 02:25:20 +00:00
"CertificateArn": "arn:aws:acm:us-east-1:{}:certificate/123456789012".format(
ACCOUNT_ID
)
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 03:09:13 +00:00
}
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result = conn.update_user_pool_domain(
UserPoolId=user_pool_id, Domain=domain, CustomDomainConfig=custom_domain_config
)
result["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
result["CloudFrontDomain"].should.equal("e2c343b3293ee505.cloudfront.net")
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_create_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_client(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId=user_pool_id, ClientName=client_name, CallbackURLs=[value]
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result["UserPoolClient"]["UserPoolId"].should.equal(user_pool_id)
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 13:08:17 +00:00
bool(re.match(r"^[0-9a-z]{26}$", result["UserPoolClient"]["ClientId"])).should.be.ok
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
result["UserPoolClient"]["ClientName"].should.equal(client_name)
fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work (#3135) * fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work * add test for update_user_pool_client
2020-07-16 08:13:12 +00:00
result["UserPoolClient"].should_not.have.key("ClientSecret")
result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
result["UserPoolClient"]["CallbackURLs"][0].should.equal(value)
@mock_cognitoidp
def test_create_user_pool_client_returns_secret():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=client_name,
GenerateSecret=True,
CallbackURLs=[value],
)
result["UserPoolClient"]["UserPoolId"].should.equal(user_pool_id)
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 13:08:17 +00:00
bool(re.match(r"^[0-9a-z]{26}$", result["UserPoolClient"]["ClientId"])).should.be.ok
fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work (#3135) * fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work * add test for update_user_pool_client
2020-07-16 08:13:12 +00:00
result["UserPoolClient"]["ClientName"].should.equal(client_name)
result["UserPoolClient"]["ClientSecret"].should_not.be.none
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
result["UserPoolClient"]["CallbackURLs"][0].should.equal(value)
@mock_cognitoidp
def test_list_user_pool_clients():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
result = conn.list_user_pool_clients(UserPoolId=user_pool_id, MaxResults=10)
result["UserPoolClients"].should.have.length_of(1)
result["UserPoolClients"][0]["ClientName"].should.equal(client_name)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_user_pool_clients_returns_max_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 user pool clients
client_count = 10
for i in range(client_count):
client_name = str(uuid.uuid4())
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
max_results = 5
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
result["UserPoolClients"].should.have.length_of(max_results)
result.should.have.key("NextToken")
@mock_cognitoidp
def test_list_user_pool_clients_returns_next_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 user pool clients
client_count = 10
for i in range(client_count):
client_name = str(uuid.uuid4())
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
max_results = 5
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
result["UserPoolClients"].should.have.length_of(max_results)
result.should.have.key("NextToken")
next_token = result["NextToken"]
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result_2 = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results, NextToken=next_token
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
result_2["UserPoolClients"].should.have.length_of(max_results)
result_2.shouldnt.have.key("NextToken")
@mock_cognitoidp
def test_list_user_pool_clients_when_max_items_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 user pool clients
client_count = 10
for i in range(client_count):
client_name = str(uuid.uuid4())
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
max_results = client_count + 5
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
result["UserPoolClients"].should.have.length_of(client_count)
result.shouldnt.have.key("NextToken")
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_describe_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId=user_pool_id, ClientName=client_name, CallbackURLs=[value]
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result = conn.describe_user_pool_client(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId=user_pool_id, ClientId=client_details["UserPoolClient"]["ClientId"]
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result["UserPoolClient"]["ClientName"].should.equal(client_name)
result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
result["UserPoolClient"]["CallbackURLs"][0].should.equal(value)
@mock_cognitoidp
def test_update_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
old_client_name = str(uuid.uuid4())
new_client_name = str(uuid.uuid4())
old_value = str(uuid.uuid4())
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId=user_pool_id, ClientName=old_client_name, CallbackURLs=[old_value]
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result = conn.update_user_pool_client(
UserPoolId=user_pool_id,
ClientId=client_details["UserPoolClient"]["ClientId"],
ClientName=new_client_name,
CallbackURLs=[new_value],
)
result["UserPoolClient"]["ClientName"].should.equal(new_client_name)
fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work (#3135) * fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work * add test for update_user_pool_client
2020-07-16 08:13:12 +00:00
result["UserPoolClient"].should_not.have.key("ClientSecret")
result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
result["UserPoolClient"]["CallbackURLs"][0].should.equal(new_value)
@mock_cognitoidp
def test_update_user_pool_client_returns_secret():
conn = boto3.client("cognito-idp", "us-west-2")
old_client_name = str(uuid.uuid4())
new_client_name = str(uuid.uuid4())
old_value = str(uuid.uuid4())
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=old_client_name,
GenerateSecret=True,
CallbackURLs=[old_value],
)
client_secret = client_details["UserPoolClient"]["ClientSecret"]
result = conn.update_user_pool_client(
UserPoolId=user_pool_id,
ClientId=client_details["UserPoolClient"]["ClientId"],
ClientName=new_client_name,
CallbackURLs=[new_value],
)
result["UserPoolClient"]["ClientName"].should.equal(new_client_name)
result["UserPoolClient"]["ClientSecret"].should.equal(client_secret)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
result["UserPoolClient"]["CallbackURLs"][0].should.equal(new_value)
@mock_cognitoidp
def test_delete_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
conn.delete_user_pool_client(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId=user_pool_id, ClientId=client_details["UserPoolClient"]["ClientId"]
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
caught = False
try:
conn.describe_user_pool_client(
UserPoolId=user_pool_id,
ClientId=client_details["UserPoolClient"]["ClientId"],
)
except conn.exceptions.ResourceNotFoundException:
caught = True
caught.should.be.true
@mock_cognitoidp
def test_create_identity_provider():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
ProviderDetails={"thing": value},
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result["IdentityProvider"]["UserPoolId"].should.equal(user_pool_id)
result["IdentityProvider"]["ProviderName"].should.equal(provider_name)
result["IdentityProvider"]["ProviderType"].should.equal(provider_type)
result["IdentityProvider"]["ProviderDetails"]["thing"].should.equal(value)
@mock_cognitoidp
def test_list_identity_providers():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result = conn.list_identity_providers(UserPoolId=user_pool_id, MaxResults=10)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
result["Providers"].should.have.length_of(1)
result["Providers"][0]["ProviderName"].should.equal(provider_name)
result["Providers"][0]["ProviderType"].should.equal(provider_type)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_identity_providers_returns_max_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 identity providers linked to a user pool
identity_provider_count = 10
for i in range(identity_provider_count):
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
max_results = 5
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
result["Providers"].should.have.length_of(max_results)
result.should.have.key("NextToken")
@mock_cognitoidp
def test_list_identity_providers_returns_next_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 identity providers linked to a user pool
identity_provider_count = 10
for i in range(identity_provider_count):
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
max_results = 5
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
result["Providers"].should.have.length_of(max_results)
result.should.have.key("NextToken")
next_token = result["NextToken"]
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result_2 = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results, NextToken=next_token
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
result_2["Providers"].should.have.length_of(max_results)
result_2.shouldnt.have.key("NextToken")
@mock_cognitoidp
def test_list_identity_providers_when_max_items_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 identity providers linked to a user pool
identity_provider_count = 10
for i in range(identity_provider_count):
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
max_results = identity_provider_count + 5
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
result["Providers"].should.have.length_of(identity_provider_count)
result.shouldnt.have.key("NextToken")
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_describe_identity_providers():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
ProviderDetails={"thing": value},
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result = conn.describe_identity_provider(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId=user_pool_id, ProviderName=provider_name
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result["IdentityProvider"]["UserPoolId"].should.equal(user_pool_id)
result["IdentityProvider"]["ProviderName"].should.equal(provider_name)
result["IdentityProvider"]["ProviderType"].should.equal(provider_type)
result["IdentityProvider"]["ProviderDetails"]["thing"].should.equal(value)
[cognitoidp] feat: add update_identity_provider
2019-01-25 01:39:55 +00:00
@mock_cognitoidp
def test_update_identity_provider():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
ProviderDetails={"thing": value},
[cognitoidp] feat: add update_identity_provider
2019-01-25 01:39:55 +00:00
)
result = conn.update_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
ProviderDetails={"thing": new_value},
[cognitoidp] feat: add update_identity_provider
2019-01-25 01:39:55 +00:00
)
result["IdentityProvider"]["UserPoolId"].should.equal(user_pool_id)
result["IdentityProvider"]["ProviderName"].should.equal(provider_name)
result["IdentityProvider"]["ProviderType"].should.equal(provider_type)
result["IdentityProvider"]["ProviderDetails"]["thing"].should.equal(new_value)
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
@mock_cognitoidp
def test_update_identity_provider_no_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
new_value = str(uuid.uuid4())
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
with pytest.raises(conn.exceptions.ResourceNotFoundException) as cm:
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
conn.update_identity_provider(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId="foo", ProviderName="bar", ProviderDetails={"thing": new_value}
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
)
Finish porting from nose to pytest.
2020-10-06 06:04:09 +00:00
cm.value.operation_name.should.equal("UpdateIdentityProvider")
cm.value.response["Error"]["Code"].should.equal("ResourceNotFoundException")
cm.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
@mock_cognitoidp
def test_update_identity_provider_no_identity_provider():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
with pytest.raises(conn.exceptions.ResourceNotFoundException) as cm:
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
conn.update_identity_provider(
UserPoolId=user_pool_id,
ProviderName="foo",
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
ProviderDetails={"thing": new_value},
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
)
Finish porting from nose to pytest.
2020-10-06 06:04:09 +00:00
cm.value.operation_name.should.equal("UpdateIdentityProvider")
cm.value.response["Error"]["Code"].should.equal("ResourceNotFoundException")
cm.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_delete_identity_providers():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
ProviderDetails={"thing": value},
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
conn.delete_identity_provider(UserPoolId=user_pool_id, ProviderName=provider_name)
caught = False
try:
conn.describe_identity_provider(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId=user_pool_id, ProviderName=provider_name
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
except conn.exceptions.ResourceNotFoundException:
caught = True
caught.should.be.true
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
@mock_cognitoidp
def test_create_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
description = str(uuid.uuid4())
role_arn = "arn:aws:iam:::role/my-iam-role"
precedence = random.randint(0, 100000)
result = conn.create_group(
GroupName=group_name,
UserPoolId=user_pool_id,
Description=description,
RoleArn=role_arn,
Precedence=precedence,
)
result["Group"]["GroupName"].should.equal(group_name)
result["Group"]["UserPoolId"].should.equal(user_pool_id)
result["Group"]["Description"].should.equal(description)
result["Group"]["RoleArn"].should.equal(role_arn)
result["Group"]["Precedence"].should.equal(precedence)
result["Group"]["LastModifiedDate"].should.be.a("datetime.datetime")
result["Group"]["CreationDate"].should.be.a("datetime.datetime")
@mock_cognitoidp
def test_create_group_with_duplicate_name_raises_error():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
with pytest.raises(ClientError) as cm:
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
Finish porting from nose to pytest.
2020-10-06 06:04:09 +00:00
cm.value.operation_name.should.equal("CreateGroup")
cm.value.response["Error"]["Code"].should.equal("GroupExistsException")
cm.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
@mock_cognitoidp
def test_get_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
result = conn.get_group(GroupName=group_name, UserPoolId=user_pool_id)
result["Group"]["GroupName"].should.equal(group_name)
result["Group"]["UserPoolId"].should.equal(user_pool_id)
result["Group"]["LastModifiedDate"].should.be.a("datetime.datetime")
result["Group"]["CreationDate"].should.be.a("datetime.datetime")
@mock_cognitoidp
def test_list_groups():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
result = conn.list_groups(UserPoolId=user_pool_id)
result["Groups"].should.have.length_of(1)
result["Groups"][0]["GroupName"].should.equal(group_name)
@mock_cognitoidp
def test_delete_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
result = conn.delete_group(GroupName=group_name, UserPoolId=user_pool_id)
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
with pytest.raises(ClientError) as cm:
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
conn.get_group(GroupName=group_name, UserPoolId=user_pool_id)
Finish porting from nose to pytest.
2020-10-06 06:04:09 +00:00
cm.value.response["Error"]["Code"].should.equal("ResourceNotFoundException")
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
@mock_cognitoidp
def test_admin_add_user_to_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result = conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
@mock_cognitoidp
def test_admin_add_user_to_group_again_is_noop():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
@mock_cognitoidp
def test_list_users_in_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
result = conn.list_users_in_group(UserPoolId=user_pool_id, GroupName=group_name)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(username)
@mock_cognitoidp
def test_list_users_in_group_ignores_deleted_user():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
username2 = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username2)
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username2, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
conn.admin_delete_user(UserPoolId=user_pool_id, Username=username)
result = conn.list_users_in_group(UserPoolId=user_pool_id, GroupName=group_name)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(username2)
@mock_cognitoidp
def test_admin_list_groups_for_user():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
result = conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)
result["Groups"].should.have.length_of(1)
result["Groups"][0]["GroupName"].should.equal(group_name)
@mock_cognitoidp
def test_admin_list_groups_for_user_ignores_deleted_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
group_name2 = str(uuid.uuid4())
conn.create_group(GroupName=group_name2, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name2
)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
conn.delete_group(GroupName=group_name, UserPoolId=user_pool_id)
result = conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)
result["Groups"].should.have.length_of(1)
result["Groups"][0]["GroupName"].should.equal(group_name2)
@mock_cognitoidp
def test_admin_remove_user_from_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result = conn.admin_remove_user_from_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.list_users_in_group(UserPoolId=user_pool_id, GroupName=group_name)[
"Users"
].should.have.length_of(0)
conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)[
"Groups"
].should.have.length_of(0)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
@mock_cognitoidp
def test_admin_remove_user_from_group_again_is_noop():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_admin_create_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserAttributes=[{"Name": "thing", "Value": value}],
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result["User"]["Username"].should.equal(username)
result["User"]["UserStatus"].should.equal("FORCE_CHANGE_PASSWORD")
result["User"]["Attributes"].should.have.length_of(1)
result["User"]["Attributes"][0]["Name"].should.equal("thing")
result["User"]["Attributes"][0]["Value"].should.equal(value)
Be able to change `enabled` status for cognito-idp users
2018-07-27 06:10:26 +00:00
result["User"]["Enabled"].should.equal(True)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 16:51:00 +00:00
@mock_cognitoidp
def test_admin_create_existing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserAttributes=[{"Name": "thing", "Value": value}],
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 16:51:00 +00:00
)
caught = False
try:
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserAttributes=[{"Name": "thing", "Value": value}],
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 16:51:00 +00:00
)
except conn.exceptions.UsernameExistsException:
caught = True
caught.should.be.true
MessageAction for cognito admin_create_user is now handled If an invitation is attempted to be reset to a pool we validate that the user is indeed already in the pool else we raise a UserNotFoundException to match AWS behaviour
2020-02-10 17:09:15 +00:00
@mock_cognitoidp
def test_admin_resend_invitation_existing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
caught = False
try:
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
MessageAction="RESEND",
)
except conn.exceptions.UsernameExistsException:
caught = True
caught.should.be.false
@mock_cognitoidp
def test_admin_resend_invitation_missing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
caught = False
try:
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
MessageAction="RESEND",
)
except conn.exceptions.UserNotFoundException:
caught = True
caught.should.be.true
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_admin_get_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserAttributes=[{"Name": "thing", "Value": value}],
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["Username"].should.equal(username)
result["UserAttributes"].should.have.length_of(1)
result["UserAttributes"][0]["Name"].should.equal("thing")
result["UserAttributes"][0]["Value"].should.equal(value)
Missing users now raise a UserNotFoundException A missing user in a cognito user pool has raises a UserNotFoundException, not a ResourceNotFoundException. This commit corrects the behaviour so that the correct exception is raised
2018-10-17 17:39:52 +00:00
@mock_cognitoidp
def test_admin_get_missing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
caught = False
try:
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
except conn.exceptions.UserNotFoundException:
caught = True
caught.should.be.true
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_list_users():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.list_users(UserPoolId=user_pool_id)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(username)
Add test
2020-02-05 11:03:33 +00:00
username_bis = str(uuid.uuid4())
conn.admin_create_user(
Change from black linter
2020-02-05 13:19:08 +00:00
UserPoolId=user_pool_id,
Username=username_bis,
UserAttributes=[{"Name": "phone_number", "Value": "+33666666666"}],
)
result = conn.list_users(
UserPoolId=user_pool_id, Filter='phone_number="+33666666666'
Add test
2020-02-05 11:03:33 +00:00
)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(username_bis)
[fix] cognito-idp list_users Filter arg now support spaces (#3317)
2020-09-19 10:26:01 +00:00
# checking Filter with space
result = conn.list_users(
UserPoolId=user_pool_id, Filter='phone_number = "+33666666666'
)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(username_bis)
Add test
2020-02-05 11:03:33 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_users_returns_limit_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
user_count = 10
for i in range(user_count):
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
max_results = 5
result = conn.list_users(UserPoolId=user_pool_id, Limit=max_results)
result["Users"].should.have.length_of(max_results)
result.should.have.key("PaginationToken")
@mock_cognitoidp
def test_list_users_returns_pagination_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
user_count = 10
for i in range(user_count):
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
max_results = 5
result = conn.list_users(UserPoolId=user_pool_id, Limit=max_results)
result["Users"].should.have.length_of(max_results)
result.should.have.key("PaginationToken")
next_token = result["PaginationToken"]
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
result_2 = conn.list_users(
UserPoolId=user_pool_id, Limit=max_results, PaginationToken=next_token
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
result_2["Users"].should.have.length_of(max_results)
result_2.shouldnt.have.key("PaginationToken")
@mock_cognitoidp
def test_list_users_when_limit_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
user_count = 10
for i in range(user_count):
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
max_results = user_count + 5
result = conn.list_users(UserPoolId=user_pool_id, Limit=max_results)
result["Users"].should.have.length_of(user_count)
result.shouldnt.have.key("PaginationToken")
Be able to change `enabled` status for cognito-idp users
2018-07-27 06:10:26 +00:00
@mock_cognitoidp
def test_admin_disable_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_disable_user(UserPoolId=user_pool_id, Username=username)
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)[
"Enabled"
].should.equal(False)
Be able to change `enabled` status for cognito-idp users
2018-07-27 06:10:26 +00:00
@mock_cognitoidp
def test_admin_enable_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_disable_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_enable_user(UserPoolId=user_pool_id, Username=username)
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)[
"Enabled"
].should.equal(True)
Be able to change `enabled` status for cognito-idp users
2018-07-27 06:10:26 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_admin_delete_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_delete_user(UserPoolId=user_pool_id, Username=username)
caught = False
try:
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
Missing users now raise a UserNotFoundException A missing user in a cognito user pool has raises a UserNotFoundException, not a ResourceNotFoundException. This commit corrects the behaviour so that the correct exception is raised
2018-10-17 17:39:52 +00:00
except conn.exceptions.UserNotFoundException:
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
caught = True
caught.should.be.true
def authentication_flow(conn):
username = str(uuid.uuid4())
temporary_password = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
Testing new feature
2018-08-07 11:55:32 +00:00
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
ReadAttributes=[user_attribute_name],
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)["UserPoolClient"]["ClientId"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserAttributes=[{"Name": user_attribute_name, "Value": user_attribute_value}],
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result = conn.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
# A newly created user is forced to set a new password
result["ChallengeName"].should.equal("NEW_PASSWORD_REQUIRED")
result["Session"].should_not.be.none
# This sets a new password and logs the user in (creates tokens)
new_password = str(uuid.uuid4())
result = conn.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": new_password},
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result["AuthenticationResult"]["IdToken"].should_not.be.none
result["AuthenticationResult"]["AccessToken"].should_not.be.none
return {
"user_pool_id": user_pool_id,
"client_id": client_id,
"id_token": result["AuthenticationResult"]["IdToken"],
"access_token": result["AuthenticationResult"]["AccessToken"],
"username": username,
"password": new_password,
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
"additional_fields": {user_attribute_name: user_attribute_value},
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
}
@mock_cognitoidp
def test_authentication_flow():
conn = boto3.client("cognito-idp", "us-west-2")
authentication_flow(conn)
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
def user_authentication_flow(conn):
username = str(uuid.uuid4())
password = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
ReadAttributes=[user_attribute_name],
GenerateSecret=True,
)["UserPoolClient"]["ClientId"]
conn.sign_up(
Linting
2020-11-11 15:55:37 +00:00
ClientId=client_id, Username=username, Password=password,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
client_secret = conn.describe_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientId=client_id,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientSecret"]
conn.confirm_sign_up(
Linting
2020-11-11 15:55:37 +00:00
ClientId=client_id, Username=username, ConfirmationCode="123456",
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
# generating secret hash
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
"SRP_A": str(uuid.uuid4()),
"SECRET_HASH": secret_hash,
},
)
result = conn.respond_to_auth_challenge(
ClientId=client_id,
ChallengeName=result["ChallengeName"],
ChallengeResponses={
"PASSWORD_CLAIM_SIGNATURE": str(uuid.uuid4()),
"PASSWORD_CLAIM_SECRET_BLOCK": result["Session"],
"TIMESTAMP": str(uuid.uuid4()),
"USERNAME": username,
},
)
refresh_token = result["AuthenticationResult"]["RefreshToken"]
# add mfa token
conn.associate_software_token(
AccessToken=result["AuthenticationResult"]["AccessToken"],
)
conn.verify_software_token(
Linting
2020-11-11 15:55:37 +00:00
AccessToken=result["AuthenticationResult"]["AccessToken"], UserCode="123456",
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
conn.set_user_mfa_preference(
AccessToken=result["AuthenticationResult"]["AccessToken"],
Linting
2020-11-11 15:55:37 +00:00
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True,},
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="REFRESH_TOKEN",
Linting
2020-11-11 15:55:37 +00:00
AuthParameters={"SECRET_HASH": secret_hash, "REFRESH_TOKEN": refresh_token,},
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
result["AuthenticationResult"]["IdToken"].should_not.be.none
result["AuthenticationResult"]["AccessToken"].should_not.be.none
# authenticate user once again this time with mfa token
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
"SRP_A": str(uuid.uuid4()),
"SECRET_HASH": secret_hash,
},
)
result = conn.respond_to_auth_challenge(
ClientId=client_id,
ChallengeName=result["ChallengeName"],
ChallengeResponses={
"PASSWORD_CLAIM_SIGNATURE": str(uuid.uuid4()),
"PASSWORD_CLAIM_SECRET_BLOCK": result["Session"],
"TIMESTAMP": str(uuid.uuid4()),
"USERNAME": username,
},
)
result = conn.respond_to_auth_challenge(
ClientId=client_id,
Session=result["Session"],
ChallengeName=result["ChallengeName"],
ChallengeResponses={
"SOFTWARE_TOKEN_MFA_CODE": "123456",
"USERNAME": username,
"SECRET_HASH": secret_hash,
},
)
return {
"user_pool_id": user_pool_id,
"client_id": client_id,
"client_secret": client_secret,
"secret_hash": secret_hash,
"id_token": result["AuthenticationResult"]["IdToken"],
"access_token": result["AuthenticationResult"]["AccessToken"],
"refresh_token": refresh_token,
"username": username,
"password": password,
"additional_fields": {user_attribute_name: user_attribute_value},
}
@mock_cognitoidp
def test_user_authentication_flow():
conn = boto3.client("cognito-idp", "us-west-2")
user_authentication_flow(conn)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_token_legitimacy():
conn = boto3.client("cognito-idp", "us-west-2")
path = "../../moto/cognitoidp/resources/jwks-public.json"
with open(os.path.join(os.path.dirname(__file__), path)) as f:
json_web_key = json.loads(f.read())["keys"][0]
outputs = authentication_flow(conn)
id_token = outputs["id_token"]
access_token = outputs["access_token"]
client_id = outputs["client_id"]
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
issuer = "https://cognito-idp.us-west-2.amazonaws.com/{}".format(
outputs["user_pool_id"]
)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
id_claims = json.loads(jws.verify(id_token, json_web_key, "RS256"))
id_claims["iss"].should.equal(issuer)
id_claims["aud"].should.equal(client_id)
moto/issues/2672 | Modified 'token_use' to return 'id' for an id token, and 'access' for an access token
2020-01-05 15:55:04 +00:00
id_claims["token_use"].should.equal("id")
moto/issues/2670 | Moved population of user attributes from accessToken to idToken
2020-01-05 15:13:36 +00:00
for k, v in outputs["additional_fields"].items():
id_claims[k].should.equal(v)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
access_claims = json.loads(jws.verify(access_token, json_web_key, "RS256"))
access_claims["iss"].should.equal(issuer)
access_claims["aud"].should.equal(client_id)
moto/issues/2672 | Modified 'token_use' to return 'id' for an id token, and 'access' for an access token
2020-01-05 15:55:04 +00:00
access_claims["token_use"].should.equal("access")
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
moto/issues/2672 | Formatted using black
2020-01-06 05:29:23 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_change_password():
conn = boto3.client("cognito-idp", "us-west-2")
outputs = authentication_flow(conn)
# Take this opportunity to test change_password, which requires an access token.
newer_password = str(uuid.uuid4())
conn.change_password(
AccessToken=outputs["access_token"],
PreviousPassword=outputs["password"],
ProposedPassword=newer_password,
)
# Log in again, which should succeed without a challenge because the user is no
# longer in the force-new-password state.
result = conn.admin_initiate_auth(
UserPoolId=outputs["user_pool_id"],
ClientId=outputs["client_id"],
AuthFlow="ADMIN_NO_SRP_AUTH",
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
AuthParameters={"USERNAME": outputs["username"], "PASSWORD": newer_password},
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result["AuthenticationResult"].should_not.be.none
Append region-info to UserAgent-header, if it already exists
2020-06-30 14:00:08 +00:00
@mock_cognitoidp
def test_change_password__using_custom_user_agent_header():
# https://github.com/spulec/moto/issues/3098
# As the admin_initiate_auth-method is unauthenticated, we use the user-agent header to pass in the region
# This test verifies this works, even if we pass in our own user-agent header
from botocore.config import Config
my_config = Config(user_agent_extra="more/info", signature_version="v4")
conn = boto3.client("cognito-idp", "us-west-2", config=my_config)
outputs = authentication_flow(conn)
# Take this opportunity to test change_password, which requires an access token.
newer_password = str(uuid.uuid4())
conn.change_password(
AccessToken=outputs["access_token"],
PreviousPassword=outputs["password"],
ProposedPassword=newer_password,
)
# Log in again, which should succeed without a challenge because the user is no
# longer in the force-new-password state.
result = conn.admin_initiate_auth(
UserPoolId=outputs["user_pool_id"],
ClientId=outputs["client_id"],
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": outputs["username"], "PASSWORD": newer_password},
)
result["AuthenticationResult"].should_not.be.none
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_forgot_password():
conn = boto3.client("cognito-idp", "us-west-2")
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 13:08:17 +00:00
result = conn.forgot_password(ClientId=create_id(), Username=str(uuid.uuid4()))
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
result["CodeDeliveryDetails"].should_not.be.none
@mock_cognitoidp
def test_confirm_forgot_password():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)["UserPoolClient"]["ClientId"]
conn.admin_create_user(
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
conn.confirm_forgot_password(
ClientId=client_id,
Username=username,
ConfirmationCode=str(uuid.uuid4()),
Password=str(uuid.uuid4()),
)
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 22:58:10 +00:00
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 22:58:10 +00:00
@mock_cognitoidp
def test_admin_update_user_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "John"},
],
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 22:58:10 +00:00
)
conn.admin_update_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "Jane"},
],
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 22:58:10 +00:00
)
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
attributes = user["UserAttributes"]
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 22:58:10 +00:00
attributes.should.be.a(list)
for attr in attributes:
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
val = attr["Value"]
if attr["Name"] == "family_name":
val.should.equal("Doe")
elif attr["Name"] == "given_name":
val.should.equal("Jane")
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 11:31:30 +00:00
@mock_cognitoidp
def test_resource_server():
client = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
value = str(uuid.uuid4())
res = client.create_user_pool(PoolName=name)
user_pool_id = res["UserPool"]["Id"]
identifier = "http://localhost.localdomain"
name = "local server"
scopes = [
{"ScopeName": "app:write", "ScopeDescription": "write scope"},
{"ScopeName": "app:read", "ScopeDescription": "read scope"},
]
res = client.create_resource_server(
UserPoolId=user_pool_id, Identifier=identifier, Name=name, Scopes=scopes
)
res["ResourceServer"]["UserPoolId"].should.equal(user_pool_id)
res["ResourceServer"]["Identifier"].should.equal(identifier)
res["ResourceServer"]["Name"].should.equal(name)
res["ResourceServer"]["Scopes"].should.equal(scopes)
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
with pytest.raises(ClientError) as ex:
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 11:31:30 +00:00
client.create_resource_server(
UserPoolId=user_pool_id, Identifier=identifier, Name=name, Scopes=scopes
)
Finish porting from nose to pytest.
2020-10-06 06:04:09 +00:00
ex.value.operation_name.should.equal("CreateResourceServer")
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 11:31:30 +00:00
"%s already exists in user pool %s." % (identifier, user_pool_id)
)
Finish porting from nose to pytest.
2020-10-06 06:04:09 +00:00
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 11:31:30 +00:00
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
@mock_cognitoidp
def test_sign_up():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()),
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
password = str(uuid.uuid4())
result = conn.sign_up(ClientId=client_id, Username=username, Password=password)
result["UserConfirmed"].should.be.false
result["UserSub"].should_not.be.none
@mock_cognitoidp
def test_confirm_sign_up():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
password = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
conn.confirm_sign_up(
Linting
2020-11-11 15:55:37 +00:00
ClientId=client_id, Username=username, ConfirmationCode="123456",
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["UserStatus"].should.equal("CONFIRMED")
@mock_cognitoidp
def test_initiate_auth_USER_SRP_AUTH():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
password = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
client_secret = conn.describe_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientId=client_id,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientSecret"]
conn.confirm_sign_up(
Linting
2020-11-11 15:55:37 +00:00
ClientId=client_id, Username=username, ConfirmationCode="123456",
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
"SRP_A": str(uuid.uuid4()),
"SECRET_HASH": secret_hash,
},
)
result["ChallengeName"].should.equal("PASSWORD_VERIFIER")
@mock_cognitoidp
def test_initiate_auth_REFRESH_TOKEN():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
result = conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="REFRESH_TOKEN",
AuthParameters={
"REFRESH_TOKEN": result["refresh_token"],
"SECRET_HASH": result["secret_hash"],
},
)
result["AuthenticationResult"]["AccessToken"].should_not.be.none
@mock_cognitoidp
def test_initiate_auth_for_unconfirmed_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
password = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
client_secret = conn.describe_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientId=client_id,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientSecret"]
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
caught = False
try:
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
"SRP_A": str(uuid.uuid4()),
"SECRET_HASH": secret_hash,
},
)
except conn.exceptions.UserNotConfirmedException:
caught = True
caught.should.be.true
@mock_cognitoidp
def test_initiate_auth_with_invalid_secret_hash():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
password = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
client_secret = conn.describe_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientId=client_id,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientSecret"]
conn.confirm_sign_up(
Linting
2020-11-11 15:55:37 +00:00
ClientId=client_id, Username=username, ConfirmationCode="123456",
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
invalid_secret_hash = str(uuid.uuid4())
caught = False
try:
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
"SRP_A": str(uuid.uuid4()),
"SECRET_HASH": invalid_secret_hash,
},
)
except conn.exceptions.NotAuthorizedException:
caught = True
caught.should.be.true
@mock_cognitoidp
def test_setting_mfa():
conn = boto3.client("cognito-idp", "us-west-2")
result = authentication_flow(conn)
conn.associate_software_token(AccessToken=result["access_token"])
conn.verify_software_token(AccessToken=result["access_token"], UserCode="123456")
conn.set_user_mfa_preference(
AccessToken=result["access_token"],
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True},
)
result = conn.admin_get_user(
UserPoolId=result["user_pool_id"], Username=result["username"]
)
result["UserMFASettingList"].should.have.length_of(1)
@mock_cognitoidp
def test_setting_mfa_when_token_not_verified():
conn = boto3.client("cognito-idp", "us-west-2")
result = authentication_flow(conn)
conn.associate_software_token(AccessToken=result["access_token"])
caught = False
try:
conn.set_user_mfa_preference(
AccessToken=result["access_token"],
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True},
)
except conn.exceptions.InvalidParameterException:
caught = True
caught.should.be.true
@mock_cognitoidp
def test_respond_to_auth_challenge_with_invalid_secret_hash():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
valid_secret_hash = result["secret_hash"]
invalid_secret_hash = str(uuid.uuid4())
challenge = conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": result["username"],
"SRP_A": str(uuid.uuid4()),
"SECRET_HASH": valid_secret_hash,
},
)
challenge = conn.respond_to_auth_challenge(
ClientId=result["client_id"],
ChallengeName=challenge["ChallengeName"],
ChallengeResponses={
"PASSWORD_CLAIM_SIGNATURE": str(uuid.uuid4()),
"PASSWORD_CLAIM_SECRET_BLOCK": challenge["Session"],
"TIMESTAMP": str(uuid.uuid4()),
"USERNAME": result["username"],
},
)
caught = False
try:
conn.respond_to_auth_challenge(
ClientId=result["client_id"],
Session=challenge["Session"],
ChallengeName=challenge["ChallengeName"],
ChallengeResponses={
"SOFTWARE_TOKEN_MFA_CODE": "123456",
"USERNAME": result["username"],
"SECRET_HASH": invalid_secret_hash,
},
)
except conn.exceptions.NotAuthorizedException:
caught = True
caught.should.be.true
added cognito idp function admin_set_user_password to the code (#3328) * added cognito idp function to the code * fixed linting issues
2020-09-21 17:40:07 +00:00
@mock_cognitoidp
def test_admin_set_user_password():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
password = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
conn.admin_set_user_password(
UserPoolId=user_pool_id, Username=username, Password=password, Permanent=True
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["Username"].should.equal(username)
result["UserAttributes"].should.have.length_of(1)
result["UserAttributes"][0]["Name"].should.equal("thing")
result["UserAttributes"][0]["Value"].should.equal(value)
result["UserStatus"].should.equal("CONFIRMED")
Cognito - Dont run test in ServerMode
2020-06-20 11:48:10 +00:00
# Test will retrieve public key from cognito.amazonaws.com/.well-known/jwks.json,
# which isnt mocked in ServerMode
if not settings.TEST_SERVER_MODE:
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
Cognito - Dont run test in ServerMode
2020-06-20 11:48:10 +00:00
@mock_cognitoidp
def test_idtoken_contains_kid_header():
# https://github.com/spulec/moto/issues/3078
# Setup
cognito = boto3.client("cognito-idp", "us-west-2")
user_pool_id = cognito.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"][
"Id"
]
client = cognito.create_user_pool_client(
UserPoolId=user_pool_id,
ExplicitAuthFlows=[
"ALLOW_ADMIN_USER_PASSWORD_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH",
"ALLOW_ADMIN_NO_SRP_AUTH",
],
AllowedOAuthFlows=["code", "implicit"],
ClientName=str(uuid.uuid4()),
CallbackURLs=["https://example.com"],
)
client_id = client["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
temporary_password = "1TemporaryP@ssword"
cognito.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
)
result = cognito.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
# A newly created user is forced to set a new password
# This sets a new password and logs the user in (creates tokens)
password = "1F@kePassword"
result = cognito.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": password},
)
#
id_token = result["AuthenticationResult"]["IdToken"]
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
Cognito - Dont run test in ServerMode
2020-06-20 11:48:10 +00:00
# Verify the KID header is present in the token, and corresponds to the KID supplied by the public JWT
verify_kid_header(id_token)
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
def verify_kid_header(token):
"""Verifies the kid-header is corresponds with the public key"""
headers = jwt.get_unverified_headers(token)
kid = headers["kid"]
key_index = -1
keys = fetch_public_keys()
for i in range(len(keys)):
if kid == keys[i]["kid"]:
key_index = i
break
if key_index == -1:
raise Exception("Public key (kid) not found in jwks.json")
def fetch_public_keys():
keys_url = "https://cognito-idp.{}.amazonaws.com/{}/.well-known/jwks.json".format(
"us-west-2", "someuserpoolid"
)
Simplify Cognito test - auto decode JSON
2020-06-20 10:05:06 +00:00
response = requests.get(keys_url).json()
return response["keys"]
Reference in New Issue Copy Permalink