Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a36cd89780
moto/tests/test_cognitoidp/test_cognitoidp.py

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

4505 lines
157 KiB
Python
Raw Normal View History

CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
import base64
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
import datetime
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
import boto3
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
import json
import os
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
import random
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 13:08:17 +00:00
import re
Techdebt: replace mock with unittest.mock (#5775)
2022-12-15 12:17:50 +00:00
from unittest import mock
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
import moto.cognitoidp.models
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
import requests
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
import hmac
import hashlib
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
import uuid
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
from botocore.exceptions import ClientError, ParamValidationError
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
from jose import jws, jwt
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
from unittest import SkipTest
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
import pytest
Added extra test
2018-08-10 14:07:27 +00:00
Cognito - Dont run test in ServerMode
2020-06-20 11:48:10 +00:00
from moto import mock_cognitoidp, settings
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 13:08:17 +00:00
from moto.cognitoidp.utils import create_id
MultiAccount support (#5192)
2022-08-13 09:49:43 +00:00
from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_create_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
value = str(uuid.uuid4())
result = conn.create_user_pool(PoolName=name, LambdaConfig={"PreSignUp": value})
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert (
result["UserPool"]["Arn"]
== f"arn:aws:cognito-idp:us-west-2:{ACCOUNT_ID}:userpool/{result['UserPool']['Id']}"
add Arn to cognito user pool model and response
2020-02-17 21:08:09 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPool"]["Name"] == name
assert result["UserPool"]["LambdaConfig"]["PreSignUp"] == value
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
CognitoIDP - improve default UserPool response (#5074)
2022-04-29 10:50:33 +00:00
@mock_cognitoidp
def test_create_user_pool__overwrite_template_messages():
client = boto3.client("cognito-idp", "us-east-2")
resp = client.create_user_pool(
PoolName="test",
VerificationMessageTemplate={
"DefaultEmailOption": "CONFIRM_WITH_LINK",
"EmailMessage": "foo {####} bar",
"EmailMessageByLink": "{##foobar##}",
"EmailSubject": "foobar {####}",
"EmailSubjectByLink": "foobar",
"SmsMessage": "{####} baz",
},
)
pool = resp["UserPool"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert pool["SmsVerificationMessage"] == "{####} baz"
assert pool["EmailVerificationSubject"] == "foobar {####}"
assert pool["EmailVerificationMessage"] == "foo {####} bar"
CognitoIDP - improve default UserPool response (#5074)
2022-04-29 10:50:33 +00:00
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
def test_create_user_pool_should_have_all_default_attributes_in_schema():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
result = conn.create_user_pool(PoolName=name)
result_schema = result["UserPool"]["SchemaAttributes"]
result_schema = {s["Name"]: s for s in result_schema}
described_schema = conn.describe_user_pool(UserPoolId=result["UserPool"]["Id"])[
"UserPool"
]["SchemaAttributes"]
described_schema = {s["Name"]: s for s in described_schema}
for schema in result_schema, described_schema:
for (
default_attr_name,
default_attr,
) in moto.cognitoidp.models.CognitoIdpUserPoolAttribute.STANDARD_SCHEMA.items():
attribute = schema[default_attr_name]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert attribute["Required"] == default_attr["Required"]
assert attribute["AttributeDataType"] == default_attr["AttributeDataType"]
assert attribute["Mutable"] == default_attr["Mutable"]
assert attribute.get("StringAttributeConstraints") == default_attr.get(
"StringAttributeConstraints"
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert attribute.get("NumberAttributeConstraints") == default_attr.get(
"NumberAttributeConstraints"
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert attribute["DeveloperOnlyAttribute"] is False
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
def test_create_user_pool_unknown_attribute_data_type():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
attribute_data_type = "Banana"
with pytest.raises(ClientError) as ex:
conn.create_user_pool(
PoolName=name,
Schema=[{"Name": "custom", "AttributeDataType": attribute_data_type}],
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== f"Validation error detected: Value '{attribute_data_type}' failed to satisfy constraint: Member must satisfy enum value set: [Boolean, Number, String, DateTime]"
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
def test_create_user_pool_custom_attribute_without_data_type():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(PoolName=str(uuid.uuid4()), Schema=[{"Name": "custom"}])
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== "Invalid AttributeDataType input, consider using the provided AttributeDataType enum."
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
def test_create_user_pool_custom_attribute_defaults():
conn = boto3.client("cognito-idp", "us-west-2")
res = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{"Name": "string", "AttributeDataType": "String"},
{"Name": "number", "AttributeDataType": "Number"},
],
)
string_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:string"
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert string_attribute["DeveloperOnlyAttribute"] is False
assert string_attribute["Mutable"] is True
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
number_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:number"
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert number_attribute["DeveloperOnlyAttribute"] is False
assert number_attribute["Mutable"] is True
assert "NumberAttributeConstraints" not in number_attribute
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
def test_create_user_pool_custom_attribute_developer_only():
conn = boto3.client("cognito-idp", "us-west-2")
res = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "banana",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": True,
},
],
)
# Note that this time we are looking for 'dev:xyz' attribute
attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "dev:custom:banana"
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert attribute["DeveloperOnlyAttribute"] is True
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
def test_create_user_pool_custom_attribute_required():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{"Name": "banana", "AttributeDataType": "String", "Required": True},
],
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== "Required custom attributes are not supported currently."
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
@pytest.mark.parametrize(
"attribute",
[
{"Name": "email", "AttributeDataType": "Number"},
{"Name": "email", "DeveloperOnlyAttribute": True},
],
ids=["standard_attribute", "developer_only"],
)
def test_create_user_pool_standard_attribute_with_changed_data_type_or_developer_only(
attribute,
):
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(PoolName=str(uuid.uuid4()), Schema=[attribute])
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== f"You can not change AttributeDataType or set developerOnlyAttribute for standard schema attribute {attribute['Name']}"
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
def test_create_user_pool_attribute_with_schema():
conn = boto3.client("cognito-idp", "us-west-2")
res = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "string",
"AttributeDataType": "String",
"NumberAttributeConstraints": {"MinValue": "10", "MaxValue": "20"},
"StringAttributeConstraints": {"MinLength": "10", "MaxLength": "20"},
},
{
"Name": "number",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MinValue": "10", "MaxValue": "20"},
"StringAttributeConstraints": {"MinLength": "10", "MaxLength": "20"},
},
{
"Name": "boolean",
"AttributeDataType": "Boolean",
"NumberAttributeConstraints": {"MinValue": "10", "MaxValue": "20"},
"StringAttributeConstraints": {"MinLength": "10", "MaxLength": "20"},
},
],
)
string_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:string"
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert string_attribute["StringAttributeConstraints"] == {
"MinLength": "10",
"MaxLength": "20",
}
assert "NumberAttributeConstraints" not in string_attribute
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
number_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:number"
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert number_attribute["NumberAttributeConstraints"] == {
"MinValue": "10",
"MaxValue": "20",
}
assert "StringAttributeConstraints" not in number_attribute
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
boolean_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:boolean"
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert "NumberAttributeConstraints" not in boolean_attribute
assert "StringAttributeConstraints" not in boolean_attribute
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
def test_create_user_pool_attribute_partial_schema():
conn = boto3.client("cognito-idp", "us-west-2")
res = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "string_no_min",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MaxLength": "10"},
},
{
"Name": "string_no_max",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MinLength": "10"},
},
{
"Name": "number_no_min",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MaxValue": "10"},
},
{
"Name": "number_no_max",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MinValue": "10"},
},
],
)
string_no_min = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:string_no_min"
)
string_no_max = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:string_no_max"
)
number_no_min = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:number_no_min"
)
number_no_max = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:number_no_max"
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert string_no_min["StringAttributeConstraints"]["MaxLength"] == "10"
assert "MinLength" not in string_no_min["StringAttributeConstraints"]
assert string_no_max["StringAttributeConstraints"]["MinLength"] == "10"
assert "MaxLength" not in string_no_max["StringAttributeConstraints"]
assert number_no_min["NumberAttributeConstraints"]["MaxValue"] == "10"
assert "MinValue" not in number_no_min["NumberAttributeConstraints"]
assert number_no_max["NumberAttributeConstraints"]["MinValue"] == "10"
assert "MaxValue" not in number_no_max["NumberAttributeConstraints"]
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
@pytest.mark.parametrize(
("constraint_type", "attribute"),
[
(
"StringAttributeConstraints",
{
"Name": "email",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MinLength": "invalid_value"},
},
),
(
"StringAttributeConstraints",
{
"Name": "email",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MaxLength": "invalid_value"},
},
),
(
"NumberAttributeConstraints",
{
"Name": "updated_at",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MaxValue": "invalid_value"},
},
),
(
"NumberAttributeConstraints",
{
"Name": "updated_at",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MinValue": "invalid_value"},
},
),
],
ids=[
"invalid_min_length",
"invalid_max_length",
"invalid_max_value",
"invalid_min_value",
],
)
def test_create_user_pool_invalid_schema_values(constraint_type, attribute):
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(PoolName=str(uuid.uuid4()), Schema=[attribute])
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== f"Invalid {constraint_type} for schema attribute {attribute['Name']}"
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
@pytest.mark.parametrize(
"attribute",
[
{
"Name": "email",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MinLength": "2049"},
},
{
"Name": "email",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MaxLength": "2049"},
},
],
ids=["invalid_min_length", "invalid_max_length"],
)
def test_create_user_pool_string_schema_max_length_over_2048(attribute):
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(PoolName=str(uuid.uuid4()), Schema=[attribute])
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== f"user.{attribute['Name']}: String attributes cannot have a length of more than 2048"
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
def test_create_user_pool_string_schema_min_bigger_than_max():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "email",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MinLength": "2", "MaxLength": "1"},
}
],
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== "user.email: Max length cannot be less than min length."
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
@mock_cognitoidp
def test_create_user_pool_number_schema_min_bigger_than_max():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "updated_at",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MinValue": "2", "MaxValue": "1"},
}
],
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== "user.updated_at: Max value cannot be less than min value."
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 11:25:52 +00:00
Add add_custom_attributes implementation (#4498)
2021-10-30 09:58:29 +00:00
@mock_cognitoidp
def test_add_custom_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
custom_attribute = {"Name": "banana", "AttributeDataType": "String"}
res = conn.add_custom_attributes(
UserPoolId=pool_id, CustomAttributes=[custom_attribute]
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert res["ResponseMetadata"]["HTTPStatusCode"] == 200
Add add_custom_attributes implementation (#4498)
2021-10-30 09:58:29 +00:00
res = conn.describe_user_pool(UserPoolId=pool_id)
described_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:banana"
)
# Skip verification - already covered by create_user_pool with custom attributes
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert described_attribute is not None
Add add_custom_attributes implementation (#4498)
2021-10-30 09:58:29 +00:00
@mock_cognitoidp
def test_add_custom_attributes_existing_attribute():
conn = boto3.client("cognito-idp", "us-west-2")
custom_attribute = {
"Name": "banana",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": True,
}
pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), Schema=[custom_attribute]
)["UserPool"]["Id"]
with pytest.raises(ClientError) as ex:
conn.add_custom_attributes(
UserPoolId=pool_id, CustomAttributes=[custom_attribute]
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== "custom:banana: Existing attribute already has name dev:custom:banana."
Add add_custom_attributes implementation (#4498)
2021-10-30 09:58:29 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
Add add_custom_attributes implementation (#4498)
2021-10-30 09:58:29 +00:00
Stable cognito user pool (#5194)
2022-06-13 10:14:22 +00:00
@mock_cognitoidp
def test_create_user_pool_default_id_strategy():
conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(PoolName=str("default-pool"))
second_pool = conn.create_user_pool(PoolName=str("default-pool"))
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert first_pool["UserPool"]["Id"] != second_pool["UserPool"]["Id"]
Stable cognito user pool (#5194)
2022-06-13 10:14:22 +00:00
@mock_cognitoidp
@mock.patch.dict(os.environ, {"MOTO_COGNITO_IDP_USER_POOL_ID_STRATEGY": "HASH"})
def test_create_user_pool_hash_id_strategy_with_equal_pool_name():
if settings.TEST_SERVER_MODE:
raise SkipTest("Cannot set environemnt variables in ServerMode")
conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(PoolName=str("default-pool"))
second_pool = conn.create_user_pool(PoolName=str("default-pool"))
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert first_pool["UserPool"]["Id"] == second_pool["UserPool"]["Id"]
Stable cognito user pool (#5194)
2022-06-13 10:14:22 +00:00
@mock_cognitoidp
@mock.patch.dict(os.environ, {"MOTO_COGNITO_IDP_USER_POOL_ID_STRATEGY": "HASH"})
def test_create_user_pool_hash_id_strategy_with_different_pool_name():
if settings.TEST_SERVER_MODE:
raise SkipTest("Cannot set environemnt variables in ServerMode")
conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(PoolName=str("first-pool"))
second_pool = conn.create_user_pool(PoolName=str("second-pool"))
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert first_pool["UserPool"]["Id"] != second_pool["UserPool"]["Id"]
Stable cognito user pool (#5194)
2022-06-13 10:14:22 +00:00
@mock_cognitoidp
@mock.patch.dict(os.environ, {"MOTO_COGNITO_IDP_USER_POOL_ID_STRATEGY": "HASH"})
def test_create_user_pool_hash_id_strategy_with_different_attributes():
if settings.TEST_SERVER_MODE:
raise SkipTest("Cannot set environemnt variables in ServerMode")
conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(
PoolName=str("default-pool"),
Schema=[
{
"Name": "first",
"AttributeDataType": "String",
}
],
)
second_pool = conn.create_user_pool(
PoolName=str("default-pool"),
Schema=[
{
"Name": "second",
"AttributeDataType": "String",
}
],
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert first_pool["UserPool"]["Id"] != second_pool["UserPool"]["Id"]
Stable cognito user pool (#5194)
2022-06-13 10:14:22 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_list_user_pools():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
conn.create_user_pool(PoolName=name)
result = conn.list_user_pools(MaxResults=10)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["UserPools"]) == 1
assert result["UserPools"][0]["Name"] == name
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
@mock_cognitoidp
def test_set_user_pool_mfa_config():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=name)["UserPool"]["Id"]
# Test error for when neither token nor sms configuration is provided
with pytest.raises(ClientError) as ex:
conn.set_user_pool_mfa_config(UserPoolId=user_pool_id, MfaConfiguration="ON")
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.operation_name == "SetUserPoolMfaConfig"
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== "At least one of [SmsMfaConfiguration] or [SoftwareTokenMfaConfiguration] must be provided."
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
# Test error for when sms config is missing `SmsConfiguration`
with pytest.raises(ClientError) as ex:
conn.set_user_pool_mfa_config(
UserPoolId=user_pool_id, SmsMfaConfiguration={}, MfaConfiguration="ON"
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== "[SmsConfiguration] is a required member of [SoftwareTokenMfaConfiguration]."
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
# Test error for when `SmsConfiguration` is missing `SnsCaller`
# This is asserted by boto3
with pytest.raises(ParamValidationError) as ex:
conn.set_user_pool_mfa_config(
UserPoolId=user_pool_id,
SmsMfaConfiguration={"SmsConfiguration": {}},
MfaConfiguration="ON",
)
# Test error for when `MfaConfiguration` is not one of the expected values
with pytest.raises(ClientError) as ex:
conn.set_user_pool_mfa_config(
UserPoolId=user_pool_id,
SoftwareTokenMfaConfiguration={"Enabled": True},
MfaConfiguration="Invalid",
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== "[MfaConfiguration] must be one of 'ON', 'OFF', or 'OPTIONAL'."
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
# Enable software token MFA
mfa_config = conn.set_user_pool_mfa_config(
UserPoolId=user_pool_id,
SoftwareTokenMfaConfiguration={"Enabled": True},
MfaConfiguration="ON",
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert "SmsMfaConfiguration" not in mfa_config
assert mfa_config["MfaConfiguration"] == "ON"
assert mfa_config["SoftwareTokenMfaConfiguration"] == {"Enabled": True}
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
# Response from describe should match
pool = conn.describe_user_pool(UserPoolId=user_pool_id)["UserPool"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert pool["MfaConfiguration"] == "ON"
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
# Disable MFA
mfa_config = conn.set_user_pool_mfa_config(
UserPoolId=user_pool_id, MfaConfiguration="OFF"
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert "SmsMfaConfiguration" not in mfa_config
assert "SoftwareTokenMfaConfiguration" not in mfa_config
assert mfa_config["MfaConfiguration"] == "OFF"
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
# Response from describe should match
pool = conn.describe_user_pool(UserPoolId=user_pool_id)["UserPool"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert pool["MfaConfiguration"] == "OFF"
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
# `SnsCallerArn` needs to be at least 20 long
sms_config = {"SmsConfiguration": {"SnsCallerArn": "01234567890123456789"}}
# Enable SMS MFA
mfa_config = conn.set_user_pool_mfa_config(
UserPoolId=user_pool_id, SmsMfaConfiguration=sms_config, MfaConfiguration="ON"
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert "SoftwareTokenMfaConfiguration" not in mfa_config
assert mfa_config["SmsMfaConfiguration"] == sms_config
assert mfa_config["MfaConfiguration"] == "ON"
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 16:59:04 +00:00
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_user_pools_returns_max_items():
conn = boto3.client("cognito-idp", "us-west-2")
# Given 10 user pools
pool_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(pool_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
conn.create_user_pool(PoolName=str(uuid.uuid4()))
max_results = 5
result = conn.list_user_pools(MaxResults=max_results)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["UserPools"]) == max_results
assert "NextToken" in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_user_pools_returns_next_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
# Given 10 user pool clients
pool_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(pool_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
conn.create_user_pool(PoolName=str(uuid.uuid4()))
max_results = 5
result = conn.list_user_pools(MaxResults=max_results)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["UserPools"]) == max_results
assert "NextToken" in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
next_token = result["NextToken"]
result_2 = conn.list_user_pools(MaxResults=max_results, NextToken=next_token)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result_2["UserPools"]) == max_results
assert "NextToken" not in result_2
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_user_pools_when_max_items_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
# Given 10 user pool clients
pool_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(pool_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
conn.create_user_pool(PoolName=str(uuid.uuid4()))
max_results = pool_count + 5
result = conn.list_user_pools(MaxResults=max_results)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["UserPools"]) == pool_count
assert "NextToken" not in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_describe_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
value = str(uuid.uuid4())
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
recovery_mechanisms = [{"Name": "verified_email", "Priority": 1}]
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
user_pool_details = conn.create_user_pool(
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 14:26:57 +00:00
PoolName=name,
LambdaConfig={"PreSignUp": value},
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
AccountRecoverySetting={"RecoveryMechanisms": recovery_mechanisms},
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result = conn.describe_user_pool(UserPoolId=user_pool_details["UserPool"]["Id"])
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPool"]["Name"] == name
assert result["UserPool"]["LambdaConfig"]["PreSignUp"] == value
assert (
result["UserPool"]["AccountRecoverySetting"]["RecoveryMechanisms"]
== recovery_mechanisms
)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
CognitoIDP github.com/spulec/moto/issues/4452 - missing EstimatedNumberOfUsers (#4470)
2021-10-24 13:29:16 +00:00
@mock_cognitoidp
def test_describe_user_pool_estimated_number_of_users():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.describe_user_pool(UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPool"]["EstimatedNumberOfUsers"] == 0
CognitoIDP github.com/spulec/moto/issues/4452 - missing EstimatedNumberOfUsers (#4470)
2021-10-24 13:29:16 +00:00
users_count = random.randint(2, 6)
for _ in range(users_count):
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
result = conn.describe_user_pool(UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPool"]["EstimatedNumberOfUsers"] == users_count
CognitoIDP github.com/spulec/moto/issues/4452 - missing EstimatedNumberOfUsers (#4470)
2021-10-24 13:29:16 +00:00
cognito-idp – Correct exception message when user pool not found (#4434) (#4436)
2021-10-19 13:05:31 +00:00
@mock_cognitoidp
def test_describe_user_pool_resource_not_found():
conn = boto3.client("cognito-idp", "us-east-1")
user_pool_id = "us-east-1_FooBar123"
with pytest.raises(ClientError) as exc:
conn.describe_user_pool(UserPoolId=user_pool_id)
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "ResourceNotFoundException"
assert err["Message"] == f"User pool {user_pool_id} does not exist."
cognito-idp – Correct exception message when user pool not found (#4434) (#4436)
2021-10-19 13:05:31 +00:00
cognito-idp – Implemented update_user_pool (#4433) (#4435)
2021-10-19 09:18:52 +00:00
@mock_cognitoidp
def test_update_user_pool():
conn = boto3.client("cognito-idp", "us-east-1")
name = str(uuid.uuid4())
user_pool_details = conn.create_user_pool(
PoolName=name,
Policies={
"PasswordPolicy": {
"MinimumLength": 12,
"RequireUppercase": False,
"RequireLowercase": False,
"RequireNumbers": False,
"RequireSymbols": False,
}
},
)
new_policies = {
"PasswordPolicy": {
"MinimumLength": 16,
"RequireUppercase": True,
"RequireLowercase": True,
"RequireNumbers": True,
"RequireSymbols": True,
}
}
conn.update_user_pool(
UserPoolId=user_pool_details["UserPool"]["Id"], Policies=new_policies
)
updated_user_pool_details = conn.describe_user_pool(
UserPoolId=user_pool_details["UserPool"]["Id"]
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert updated_user_pool_details["UserPool"]["Policies"] == new_policies
cognito-idp – Implemented update_user_pool (#4433) (#4435)
2021-10-19 09:18:52 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_delete_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(conn.list_user_pools(MaxResults=10)["UserPools"]) == 1
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
conn.delete_user_pool(UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(conn.list_user_pools(MaxResults=10)["UserPools"]) == 0
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_create_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ResponseMetadata"]["HTTPStatusCode"] == 200
assert result["CloudFrontDomain"] is not None
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 03:09:13 +00:00
@mock_cognitoidp
def test_create_user_pool_domain_custom_domain_config():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
custom_domain_config = {
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 22:41:08 +00:00
"CertificateArn": f"arn:aws:acm:us-east-1:{ACCOUNT_ID}:certificate/123456789012"
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 03:09:13 +00:00
}
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_domain(
UserPoolId=user_pool_id, Domain=domain, CustomDomainConfig=custom_domain_config
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ResponseMetadata"]["HTTPStatusCode"] == 200
assert result["CloudFrontDomain"] == "e2c343b3293ee505.cloudfront.net"
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 03:09:13 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_describe_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result = conn.describe_user_pool_domain(Domain=domain)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["DomainDescription"]["Domain"] == domain
assert result["DomainDescription"]["UserPoolId"] == user_pool_id
assert result["DomainDescription"]["AWSAccountId"] is not None
Add Domain to DescribeUserPool response (#5286)
2022-07-03 02:52:05 +00:00
result = conn.describe_user_pool(UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPool"]["Domain"] == domain
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_delete_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result = conn.delete_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ResponseMetadata"]["HTTPStatusCode"] == 200
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
result = conn.describe_user_pool_domain(Domain=domain)
# This is a surprising behavior of the real service: describing a missing domain comes
# back with status 200 and a DomainDescription of {}
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ResponseMetadata"]["HTTPStatusCode"] == 200
assert len(result["DomainDescription"].keys()) == 0
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 03:09:13 +00:00
@mock_cognitoidp
def test_update_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
custom_domain_config = {
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 22:41:08 +00:00
"CertificateArn": f"arn:aws:acm:us-east-1:{ACCOUNT_ID}:certificate/123456789012"
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 03:09:13 +00:00
}
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result = conn.update_user_pool_domain(
UserPoolId=user_pool_id, Domain=domain, CustomDomainConfig=custom_domain_config
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ResponseMetadata"]["HTTPStatusCode"] == 200
assert result["CloudFrontDomain"] == "e2c343b3293ee505.cloudfront.net"
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 03:09:13 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_create_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=client_name, CallbackURLs=[value]
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPoolClient"]["UserPoolId"] == user_pool_id
assert bool(re.match(r"^[0-9a-z]{26}$", result["UserPoolClient"]["ClientId"]))
assert result["UserPoolClient"]["ClientName"] == client_name
assert "ClientSecret" not in result["UserPoolClient"]
assert len(result["UserPoolClient"]["CallbackURLs"]) == 1
assert result["UserPoolClient"]["CallbackURLs"][0] == value
fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work (#3135) * fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work * add test for update_user_pool_client
2020-07-16 08:13:12 +00:00
@mock_cognitoidp
def test_create_user_pool_client_returns_secret():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=client_name,
GenerateSecret=True,
CallbackURLs=[value],
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPoolClient"]["UserPoolId"] == user_pool_id
assert bool(re.match(r"^[0-9a-z]{26}$", result["UserPoolClient"]["ClientId"]))
assert result["UserPoolClient"]["ClientName"] == client_name
assert result["UserPoolClient"]["ClientSecret"] is not None
assert len(result["UserPoolClient"]["CallbackURLs"]) == 1
assert result["UserPoolClient"]["CallbackURLs"][0] == value
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_list_user_pool_clients():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
result = conn.list_user_pool_clients(UserPoolId=user_pool_id, MaxResults=10)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["UserPoolClients"]) == 1
assert result["UserPoolClients"][0]["ClientName"] == client_name
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_user_pool_clients_returns_max_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 user pool clients
client_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(client_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
client_name = str(uuid.uuid4())
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
max_results = 5
result = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["UserPoolClients"]) == max_results
assert "NextToken" in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_user_pool_clients_returns_next_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 user pool clients
client_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(client_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
client_name = str(uuid.uuid4())
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
max_results = 5
result = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["UserPoolClients"]) == max_results
assert "NextToken" in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
next_token = result["NextToken"]
result_2 = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results, NextToken=next_token
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result_2["UserPoolClients"]) == max_results
assert "NextToken" not in result_2
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_user_pool_clients_when_max_items_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 user pool clients
client_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(client_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
client_name = str(uuid.uuid4())
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
max_results = client_count + 5
result = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["UserPoolClients"]) == client_count
assert "NextToken" not in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_describe_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=client_name, CallbackURLs=[value]
)
result = conn.describe_user_pool_client(
UserPoolId=user_pool_id, ClientId=client_details["UserPoolClient"]["ClientId"]
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPoolClient"]["ClientName"] == client_name
assert len(result["UserPoolClient"]["CallbackURLs"]) == 1
assert result["UserPoolClient"]["CallbackURLs"][0] == value
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_update_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
old_client_name = str(uuid.uuid4())
new_client_name = str(uuid.uuid4())
old_value = str(uuid.uuid4())
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=old_client_name, CallbackURLs=[old_value]
)
result = conn.update_user_pool_client(
UserPoolId=user_pool_id,
ClientId=client_details["UserPoolClient"]["ClientId"],
ClientName=new_client_name,
CallbackURLs=[new_value],
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPoolClient"]["ClientName"] == new_client_name
assert "ClientSecret" not in result["UserPoolClient"]
assert len(result["UserPoolClient"]["CallbackURLs"]) == 1
assert result["UserPoolClient"]["CallbackURLs"][0] == new_value
fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work (#3135) * fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work * add test for update_user_pool_client
2020-07-16 08:13:12 +00:00
@mock_cognitoidp
def test_update_user_pool_client_returns_secret():
conn = boto3.client("cognito-idp", "us-west-2")
old_client_name = str(uuid.uuid4())
new_client_name = str(uuid.uuid4())
old_value = str(uuid.uuid4())
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=old_client_name,
GenerateSecret=True,
CallbackURLs=[old_value],
)
client_secret = client_details["UserPoolClient"]["ClientSecret"]
result = conn.update_user_pool_client(
UserPoolId=user_pool_id,
ClientId=client_details["UserPoolClient"]["ClientId"],
ClientName=new_client_name,
CallbackURLs=[new_value],
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPoolClient"]["ClientName"] == new_client_name
assert result["UserPoolClient"]["ClientSecret"] == client_secret
assert len(result["UserPoolClient"]["CallbackURLs"]) == 1
assert result["UserPoolClient"]["CallbackURLs"][0] == new_value
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_delete_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)
conn.delete_user_pool_client(
UserPoolId=user_pool_id, ClientId=client_details["UserPoolClient"]["ClientId"]
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
conn.describe_user_pool_client(
UserPoolId=user_pool_id,
ClientId=client_details["UserPoolClient"]["ClientId"],
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "ResourceNotFoundException"
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_create_identity_provider():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={"thing": value},
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["IdentityProvider"]["UserPoolId"] == user_pool_id
assert result["IdentityProvider"]["ProviderName"] == provider_name
assert result["IdentityProvider"]["ProviderType"] == provider_type
assert result["IdentityProvider"]["ProviderDetails"]["thing"] == value
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_list_identity_providers():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
result = conn.list_identity_providers(UserPoolId=user_pool_id, MaxResults=10)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Providers"]) == 1
assert result["Providers"][0]["ProviderName"] == provider_name
assert result["Providers"][0]["ProviderType"] == provider_type
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_identity_providers_returns_max_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 identity providers linked to a user pool
identity_provider_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(identity_provider_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
max_results = 5
result = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Providers"]) == max_results
assert "NextToken" in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_identity_providers_returns_next_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 identity providers linked to a user pool
identity_provider_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(identity_provider_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
max_results = 5
result = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Providers"]) == max_results
assert "NextToken" in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
next_token = result["NextToken"]
result_2 = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results, NextToken=next_token
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result_2["Providers"]) == max_results
assert "NextToken" not in result_2
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_identity_providers_when_max_items_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 identity providers linked to a user pool
identity_provider_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(identity_provider_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
max_results = identity_provider_count + 5
result = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Providers"]) == identity_provider_count
assert "NextToken" not in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_describe_identity_providers():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={"thing": value},
)
result = conn.describe_identity_provider(
UserPoolId=user_pool_id, ProviderName=provider_name
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["IdentityProvider"]["UserPoolId"] == user_pool_id
assert result["IdentityProvider"]["ProviderName"] == provider_name
assert result["IdentityProvider"]["ProviderType"] == provider_type
assert result["IdentityProvider"]["ProviderDetails"]["thing"] == value
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
[cognitoidp] feat: add update_identity_provider
2019-01-25 01:39:55 +00:00
@mock_cognitoidp
def test_update_identity_provider():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={"thing": value},
)
result = conn.update_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderDetails={"thing": new_value},
CognitoIDP - improve default UserPool response (#5074)
2022-04-29 10:50:33 +00:00
AttributeMapping={"email": "email", "username": "sub"},
)["IdentityProvider"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserPoolId"] == user_pool_id
assert result["ProviderName"] == provider_name
assert result["ProviderType"] == provider_type
assert result["ProviderDetails"]["thing"] == new_value
assert result["AttributeMapping"] == {"email": "email", "username": "sub"}
[cognitoidp] feat: add update_identity_provider
2019-01-25 01:39:55 +00:00
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
@mock_cognitoidp
def test_update_identity_provider_no_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
new_value = str(uuid.uuid4())
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
with pytest.raises(conn.exceptions.ResourceNotFoundException) as cm:
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
conn.update_identity_provider(
UserPoolId="foo", ProviderName="bar", ProviderDetails={"thing": new_value}
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert cm.value.operation_name == "UpdateIdentityProvider"
assert cm.value.response["Error"]["Code"] == "ResourceNotFoundException"
assert cm.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
@mock_cognitoidp
def test_update_identity_provider_no_identity_provider():
conn = boto3.client("cognito-idp", "us-west-2")
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
with pytest.raises(conn.exceptions.ResourceNotFoundException) as cm:
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
conn.update_identity_provider(
UserPoolId=user_pool_id,
ProviderName="foo",
ProviderDetails={"thing": new_value},
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert cm.value.operation_name == "UpdateIdentityProvider"
assert cm.value.response["Error"]["Code"] == "ResourceNotFoundException"
assert cm.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 21:52:34 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_delete_identity_providers():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={"thing": value},
)
conn.delete_identity_provider(UserPoolId=user_pool_id, ProviderName=provider_name)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
conn.describe_identity_provider(
UserPoolId=user_pool_id, ProviderName=provider_name
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "ResourceNotFoundException"
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
@mock_cognitoidp
def test_create_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
description = str(uuid.uuid4())
role_arn = "arn:aws:iam:::role/my-iam-role"
precedence = random.randint(0, 100000)
result = conn.create_group(
GroupName=group_name,
UserPoolId=user_pool_id,
Description=description,
RoleArn=role_arn,
Precedence=precedence,
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["Group"]["GroupName"] == group_name
assert result["Group"]["UserPoolId"] == user_pool_id
assert result["Group"]["Description"] == description
assert result["Group"]["RoleArn"] == role_arn
assert result["Group"]["Precedence"] == precedence
assert isinstance(result["Group"]["LastModifiedDate"], datetime.datetime)
assert isinstance(result["Group"]["CreationDate"], datetime.datetime)
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
@mock_cognitoidp
def test_update_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
description = str(uuid.uuid4())
description2 = str(uuid.uuid4())
role_arn = "arn:aws:iam:::role/my-iam-role"
role_arn2 = "arn:aws:iam:::role/my-iam-role2"
precedence = random.randint(0, 100000)
precedence2 = random.randint(0, 100000)
conn.create_group(
GroupName=group_name,
UserPoolId=user_pool_id,
Description=description,
RoleArn=role_arn,
Precedence=precedence,
)
result = conn.update_group(
GroupName=group_name,
UserPoolId=user_pool_id,
Description=description2,
RoleArn=role_arn2,
Precedence=precedence2,
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["Group"]["GroupName"] == group_name
assert result["Group"]["UserPoolId"] == user_pool_id
assert result["Group"]["Description"] == description2
assert result["Group"]["RoleArn"] == role_arn2
assert result["Group"]["Precedence"] == precedence2
assert isinstance(result["Group"]["LastModifiedDate"], datetime.datetime)
assert isinstance(result["Group"]["CreationDate"], datetime.datetime)
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
Adding functionality for cognito:groups in access_token (#4592)
2021-11-18 11:03:35 +00:00
@mock_cognitoidp
def test_group_in_access_token():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
temporary_password = "P2$Sword"
Adding functionality for cognito:groups in access_token (#4592)
2021-11-18 11:03:35 +00:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
group_name = str(uuid.uuid4())
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
ReadAttributes=[user_attribute_name],
)["UserPoolClient"]["ClientId"]
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
UserAttributes=[{"Name": user_attribute_name, "Value": user_attribute_value}],
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
result = conn.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
# A newly created user is forced to set a new password
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ChallengeName"] == "NEW_PASSWORD_REQUIRED"
assert result["Session"] is not None
Adding functionality for cognito:groups in access_token (#4592)
2021-11-18 11:03:35 +00:00
# This sets a new password and logs the user in (creates tokens)
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
new_password = "P2$Sword"
Adding functionality for cognito:groups in access_token (#4592)
2021-11-18 11:03:35 +00:00
result = conn.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": new_password},
)
claims = jwt.get_unverified_claims(result["AuthenticationResult"]["AccessToken"])
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert claims["cognito:groups"] == [group_name]
Adding functionality for cognito:groups in access_token (#4592)
2021-11-18 11:03:35 +00:00
Cognito: add groups to idToken (#5977)
2023-02-24 22:14:08 +00:00
@mock_cognitoidp
def test_group_in_id_token():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
temporary_password = "P2$Sword"
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
group_name = str(uuid.uuid4())
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
ReadAttributes=[user_attribute_name],
)["UserPoolClient"]["ClientId"]
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
UserAttributes=[{"Name": user_attribute_name, "Value": user_attribute_value}],
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
result = conn.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
# A newly created user is forced to set a new password
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ChallengeName"] == "NEW_PASSWORD_REQUIRED"
assert result["Session"] is not None
Cognito: add groups to idToken (#5977)
2023-02-24 22:14:08 +00:00
# This sets a new password and logs the user in (creates tokens)
new_password = "P2$Sword"
result = conn.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": new_password},
)
claims = jwt.get_unverified_claims(result["AuthenticationResult"]["IdToken"])
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert claims["cognito:groups"] == [group_name]
Cognito: add groups to idToken (#5977)
2023-02-24 22:14:08 +00:00
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
@mock_cognitoidp
def test_create_group_with_duplicate_name_raises_error():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
with pytest.raises(ClientError) as cm:
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert cm.value.operation_name == "CreateGroup"
assert cm.value.response["Error"]["Code"] == "GroupExistsException"
assert cm.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
@mock_cognitoidp
def test_get_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
result = conn.get_group(GroupName=group_name, UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["Group"]["GroupName"] == group_name
assert result["Group"]["UserPoolId"] == user_pool_id
assert isinstance(result["Group"]["LastModifiedDate"], datetime.datetime)
assert isinstance(result["Group"]["CreationDate"], datetime.datetime)
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
@mock_cognitoidp
def test_list_groups():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
result = conn.list_groups(UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Groups"]) == 1
assert result["Groups"][0]["GroupName"] == group_name
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
cognito-idp - pagination for `list_groups` and `list_users_in_group`. (#5292)
2022-07-25 23:54:50 +00:00
@mock_cognitoidp
def test_list_groups_returns_pagination_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 groups
group_count = 10
for _ in range(group_count):
conn.create_group(UserPoolId=user_pool_id, GroupName=str(uuid.uuid4()))
max_results = 5
result = conn.list_groups(UserPoolId=user_pool_id, Limit=max_results)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Groups"]) == max_results
assert "NextToken" in result
cognito-idp - pagination for `list_groups` and `list_users_in_group`. (#5292)
2022-07-25 23:54:50 +00:00
next_token = result["NextToken"]
result_2 = conn.list_groups(
UserPoolId=user_pool_id, Limit=max_results, NextToken=next_token
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result_2["Groups"]) == max_results
assert "NextToken" not in result_2
cognito-idp - pagination for `list_groups` and `list_users_in_group`. (#5292)
2022-07-25 23:54:50 +00:00
@mock_cognitoidp
def test_list_groups_when_limit_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
group_count = 10
for _ in range(group_count):
conn.create_group(UserPoolId=user_pool_id, GroupName=str(uuid.uuid4()))
max_results = group_count + 5
result = conn.list_groups(UserPoolId=user_pool_id, Limit=max_results)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Groups"]) == group_count
assert "NextToken" not in result
cognito-idp - pagination for `list_groups` and `list_users_in_group`. (#5292)
2022-07-25 23:54:50 +00:00
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
@mock_cognitoidp
def test_delete_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
result = conn.delete_group(GroupName=group_name, UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert list(result.keys()) == ["ResponseMetadata"] # No response expected
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
with pytest.raises(ClientError) as cm:
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
conn.get_group(GroupName=group_name, UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert cm.value.response["Error"]["Code"] == "ResourceNotFoundException"
Implement group management for cognito-idp
2018-07-23 06:26:54 +00:00
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
@mock_cognitoidp
def test_admin_add_user_to_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert list(result.keys()) == ["ResponseMetadata"] # No response expected
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_add_user_to_group_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = "test@example.com"
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert list(result.keys()) == ["ResponseMetadata"] # No response expected
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
@mock_cognitoidp
def test_admin_add_user_to_group_again_is_noop():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
@mock_cognitoidp
def test_list_users_in_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
result = conn.list_users_in_group(UserPoolId=user_pool_id, GroupName=group_name)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0]["Username"] == username
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
@mock_cognitoidp
def test_list_users_in_group_ignores_deleted_user():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
username2 = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username2)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username2, GroupName=group_name
)
conn.admin_delete_user(UserPoolId=user_pool_id, Username=username)
result = conn.list_users_in_group(UserPoolId=user_pool_id, GroupName=group_name)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0]["Username"] == username2
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
cognito-idp - pagination for `list_groups` and `list_users_in_group`. (#5292)
2022-07-25 23:54:50 +00:00
@mock_cognitoidp
def test_list_users_in_group_returns_pagination_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
# Given 10 users
usernames = [str(uuid.uuid4()) for _ in range(10)]
for username in usernames:
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
max_results = 5
result = conn.list_users_in_group(
UserPoolId=user_pool_id, GroupName=group_name, Limit=max_results
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == max_results
assert "NextToken" in result
cognito-idp - pagination for `list_groups` and `list_users_in_group`. (#5292)
2022-07-25 23:54:50 +00:00
next_token = result["NextToken"]
result_2 = conn.list_users_in_group(
UserPoolId=user_pool_id,
GroupName=group_name,
Limit=max_results,
NextToken=next_token,
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result_2["Users"]) == max_results
assert "NextToken" not in result_2
cognito-idp - pagination for `list_groups` and `list_users_in_group`. (#5292)
2022-07-25 23:54:50 +00:00
@mock_cognitoidp
def test_list_users_in_group_when_limit_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
# Given 10 users
usernames = [str(uuid.uuid4()) for _ in range(10)]
for username in usernames:
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
max_results = len(usernames) + 5
result = conn.list_users_in_group(
UserPoolId=user_pool_id, GroupName=group_name, Limit=max_results
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == len(usernames)
assert "NextToken" not in result
cognito-idp - pagination for `list_groups` and `list_users_in_group`. (#5292)
2022-07-25 23:54:50 +00:00
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
@mock_cognitoidp
def test_admin_list_groups_for_user():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
result = conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Groups"]) == 1
assert result["Groups"][0]["GroupName"] == group_name
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_list_groups_for_user_with_username_attribute():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = "test@example.com"
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
result = conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Groups"]) == 1
assert result["Groups"][0]["GroupName"] == group_name
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
@mock_cognitoidp
def test_admin_list_groups_for_user_ignores_deleted_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
group_name2 = str(uuid.uuid4())
conn.create_group(GroupName=group_name2, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name2
)
conn.delete_group(GroupName=group_name, UserPoolId=user_pool_id)
result = conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Groups"]) == 1
assert result["Groups"][0]["GroupName"] == group_name2
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
@mock_cognitoidp
def test_admin_remove_user_from_group():
conn = boto3.client("cognito-idp", "us-west-2")
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
group_name = str(uuid.uuid4())
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
conn.create_group(GroupName=group_name, UserPoolId=pool_id)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
uname = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=pool_id, Username=uname)
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
conn.admin_add_user_to_group(
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
UserPoolId=pool_id, Username=uname, GroupName=group_name
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
)
result = conn.admin_remove_user_from_group(
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
UserPoolId=pool_id, Username=uname, GroupName=group_name
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert list(result.keys()) == ["ResponseMetadata"] # No response expected
resp = conn.list_users_in_group(UserPoolId=pool_id, GroupName=group_name)
assert resp["Users"] == []
resp = conn.admin_list_groups_for_user(Username=uname, UserPoolId=pool_id)
assert resp["Groups"] == []
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_remove_user_from_group_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
pool_id = conn.create_user_pool(
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
group_name = str(uuid.uuid4())
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
conn.create_group(GroupName=group_name, UserPoolId=pool_id)
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
uname = "test@example.com"
conn.admin_create_user(UserPoolId=pool_id, Username=uname)
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
conn.admin_add_user_to_group(
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
UserPoolId=pool_id, Username=uname, GroupName=group_name
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
)
result = conn.admin_remove_user_from_group(
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
UserPoolId=pool_id, Username=uname, GroupName=group_name
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert list(result.keys()) == ["ResponseMetadata"] # No response expected
resp = conn.list_users_in_group(UserPoolId=pool_id, GroupName=group_name)
assert resp["Users"] == []
resp = conn.admin_list_groups_for_user(Username=uname, UserPoolId=pool_id)
assert resp["Groups"] == []
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Implement user-group relationships for cognito-idp
2018-07-23 10:54:51 +00:00
@mock_cognitoidp
def test_admin_remove_user_from_group_again_is_noop():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_admin_create_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["User"]["Username"] == username
assert result["User"]["UserStatus"] == "FORCE_CHANGE_PASSWORD"
assert len(result["User"]["Attributes"]) == 2
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
def _verify_attribute(name, v):
attr = [a for a in result["User"]["Attributes"] if a["Name"] == name]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(attr) == 1
assert attr[0]["Value"] == v
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
_verify_attribute("thing", value)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["User"]["Enabled"] is True
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_create_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
result = conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["User"]["Username"] != username
assert result["User"]["UserStatus"] == "FORCE_CHANGE_PASSWORD"
assert len(result["User"]["Attributes"]) == 3
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
def _verify_attribute(name, v):
attr = [a for a in result["User"]["Attributes"] if a["Name"] == name]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(attr) == 1
assert attr[0]["Value"] == v
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
_verify_attribute("thing", value)
_verify_attribute("email", username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["User"]["Enabled"] is True
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_create_user_with_incorrect_username_attribute_type_fails():
conn = boto3.client("cognito-idp", "us-west-2")
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
with pytest.raises(ClientError) as ex:
username = str(uuid.uuid4())
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
assert err["Message"] == "Username should be either an email or a phone number."
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_create_user_with_existing_username_attribute_fails():
conn = boto3.client("cognito-idp", "us-west-2")
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
username = "test@example.com"
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
with pytest.raises(ClientError) as ex:
username = "test@example.com"
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UsernameExistsException"
assert err["Message"] == "test@example.com"
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 16:51:00 +00:00
@mock_cognitoidp
def test_admin_create_existing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 16:51:00 +00:00
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UsernameExistsException"
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 16:51:00 +00:00
cognito-idp – Implemented admin_confirm_sign_up (#4462) (#4463)
2021-10-23 11:32:56 +00:00
@mock_cognitoidp
def test_admin_confirm_sign_up():
conn = boto3.client("cognito-idp", "us-east-1")
username = str(uuid.uuid4())
password = "Passw0rd!"
user_pool_id = conn.create_user_pool(
PoolName="us-east-1_aaaaaaaa", AutoVerifiedAttributes=["email"]
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=False
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert user["UserStatus"] == "UNCONFIRMED"
cognito-idp – Implemented admin_confirm_sign_up (#4462) (#4463)
2021-10-23 11:32:56 +00:00
conn.admin_confirm_sign_up(UserPoolId=user_pool_id, Username=username)
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert user["UserStatus"] == "CONFIRMED"
cognito-idp – Implemented admin_confirm_sign_up (#4462) (#4463)
2021-10-23 11:32:56 +00:00
@mock_cognitoidp
def test_admin_confirm_sign_up_non_existing_user():
conn = boto3.client("cognito-idp", "us-east-1")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName="us-east-1_aaaaaaaa", AutoVerifiedAttributes=["email"]
)["UserPool"]["Id"]
with pytest.raises(ClientError) as exc:
conn.admin_confirm_sign_up(UserPoolId=user_pool_id, Username=username)
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotFoundException"
assert err["Message"] == "User does not exist."
cognito-idp – Implemented admin_confirm_sign_up (#4462) (#4463)
2021-10-23 11:32:56 +00:00
@mock_cognitoidp
def test_admin_confirm_sign_up_non_existing_pool():
conn = boto3.client("cognito-idp", "us-east-1")
user_pool_id = "us-east-1_aaaaaaaa"
with pytest.raises(ClientError) as exc:
conn.admin_confirm_sign_up(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "ResourceNotFoundException"
assert err["Message"] == f"User pool {user_pool_id} does not exist."
cognito-idp – Implemented admin_confirm_sign_up (#4462) (#4463)
2021-10-23 11:32:56 +00:00
MessageAction for cognito admin_create_user is now handled If an invitation is attempted to be reset to a pool we validate that the user is indeed already in the pool else we raise a UserNotFoundException to match AWS behaviour
2020-02-10 17:09:15 +00:00
@mock_cognitoidp
def test_admin_resend_invitation_existing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
# Resending this should not throw an error
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
MessageAction="RESEND",
)
MessageAction for cognito admin_create_user is now handled If an invitation is attempted to be reset to a pool we validate that the user is indeed already in the pool else we raise a UserNotFoundException to match AWS behaviour
2020-02-10 17:09:15 +00:00
@mock_cognitoidp
def test_admin_resend_invitation_missing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 10:43:37 +00:00
with pytest.raises(ClientError) as exc:
MessageAction for cognito admin_create_user is now handled If an invitation is attempted to be reset to a pool we validate that the user is indeed already in the pool else we raise a UserNotFoundException to match AWS behaviour
2020-02-10 17:09:15 +00:00
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
MessageAction="RESEND",
)
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 10:43:37 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotFoundException"
assert err["Message"] == "User does not exist."
MessageAction for cognito admin_create_user is now handled If an invitation is attempted to be reset to a pool we validate that the user is indeed already in the pool else we raise a UserNotFoundException to match AWS behaviour
2020-02-10 17:09:15 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_admin_get_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["Username"] == username
assert len(result["UserAttributes"]) == 2
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_get_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email", "phone_number"]
)["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
{"Name": "thing", "Value": value},
{"Name": "phone_number", "Value": "+123456789"},
],
)
# verify user can be queried by email
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["Username"] != username
assert len(result["UserAttributes"]) == 4
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
def _verify_attribute(name, v):
attr = [a for a in result["UserAttributes"] if a["Name"] == name]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(attr) == 1
assert attr[0]["Value"] == v
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
_verify_attribute("phone_number", "+123456789")
_verify_attribute("email", "test@example.com")
# verify user can be queried by phone number
result = conn.admin_get_user(UserPoolId=user_pool_id, Username="+123456789")
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["Username"] != username
assert len(result["UserAttributes"]) == 4
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
_verify_attribute("phone_number", "+123456789")
_verify_attribute("email", "test@example.com")
# verify that the generate user sub is a valid UUID v4
[user_sub] = [
attr["Value"] for attr in result["UserAttributes"] if attr["Name"] == "sub"
]
uuid.UUID(user_sub)
# verify user should be queried by user sub
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=user_sub)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["Username"] != username
assert len(result["UserAttributes"]) == 4
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
_verify_attribute("phone_number", "+123456789")
_verify_attribute("email", "test@example.com")
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Missing users now raise a UserNotFoundException A missing user in a cognito user pool has raises a UserNotFoundException, not a ResourceNotFoundException. This commit corrects the behaviour so that the correct exception is raised
2018-10-17 17:39:52 +00:00
@mock_cognitoidp
def test_admin_get_missing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 10:43:37 +00:00
with pytest.raises(ClientError) as exc:
Missing users now raise a UserNotFoundException A missing user in a cognito user pool has raises a UserNotFoundException, not a ResourceNotFoundException. This commit corrects the behaviour so that the correct exception is raised
2018-10-17 17:39:52 +00:00
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 10:43:37 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotFoundException"
assert err["Message"] == "User does not exist."
Missing users now raise a UserNotFoundException A missing user in a cognito user pool has raises a UserNotFoundException, not a ResourceNotFoundException. This commit corrects the behaviour so that the correct exception is raised
2018-10-17 17:39:52 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_get_missing_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 10:43:37 +00:00
with pytest.raises(ClientError) as exc:
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 10:43:37 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotFoundException"
assert err["Message"] == "User does not exist."
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
@mock_cognitoidp
def test_get_user():
conn = boto3.client("cognito-idp", "us-west-2")
outputs = authentication_flow(conn, "ADMIN_NO_SRP_AUTH")
result = conn.get_user(AccessToken=outputs["access_token"])
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["Username"] == outputs["username"]
assert len(result["UserAttributes"]) == 2
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
def _verify_attribute(name, v):
attr = [a for a in result["UserAttributes"] if a["Name"] == name]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(attr) == 1
assert attr[0]["Value"] == v
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
fix: cognito-idp: admin_create_user remove default attributes (#4070) * 4069: fix: cognito-idp: admin_create_user remove default attributes
2021-07-14 14:35:09 +00:00
for key, value in outputs["additional_fields"].items():
_verify_attribute(key, value)
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
@mock_cognitoidp
def test_get_user_unknown_accesstoken():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.get_user(AccessToken="n/a")
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
assert err["Message"] == "Invalid token"
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_list_users():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.list_users(UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0]["Username"] == username
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Add test
2020-02-05 11:03:33 +00:00
username_bis = str(uuid.uuid4())
conn.admin_create_user(
Change from black linter
2020-02-05 13:19:08 +00:00
UserPoolId=user_pool_id,
Username=username_bis,
UserAttributes=[{"Name": "phone_number", "Value": "+33666666666"}],
)
result = conn.list_users(
cognito-idp – Added format validation and implemented prefix operator for Filter param of list_users (#4388)
2021-10-11 22:31:40 +00:00
UserPoolId=user_pool_id, Filter='phone_number="+33666666666"'
Add test
2020-02-05 11:03:33 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0]["Username"] == username_bis
[fix] cognito-idp list_users Filter arg now support spaces (#3317)
2020-09-19 10:26:01 +00:00
# checking Filter with space
result = conn.list_users(
cognito-idp – Added format validation and implemented prefix operator for Filter param of list_users (#4388)
2021-10-11 22:31:40 +00:00
UserPoolId=user_pool_id, Filter='phone_number = "+33666666666"'
[fix] cognito-idp list_users Filter arg now support spaces (#3317)
2020-09-19 10:26:01 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0]["Username"] == username_bis
Add test
2020-02-05 11:03:33 +00:00
cognito-idp – Added format validation and implemented prefix operator for Filter param of list_users (#4388)
2021-10-11 22:31:40 +00:00
user0_username = "user0@example.com"
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=user0_username,
UserAttributes=[{"Name": "phone_number", "Value": "+48555555555"}],
)
# checking Filter with prefix operator
result = conn.list_users(UserPoolId=user_pool_id, Filter='phone_number ^= "+48"')
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0]["Username"] == user0_username
cognito-idp – Added format validation and implemented prefix operator for Filter param of list_users (#4388)
2021-10-11 22:31:40 +00:00
# empty value Filter should also be supported
result = conn.list_users(UserPoolId=user_pool_id, Filter='family_name=""')
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 0
cognito-idp – Added format validation and implemented prefix operator for Filter param of list_users (#4388)
2021-10-11 22:31:40 +00:00
@mock_cognitoidp
def test_list_users_incorrect_filter():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
with pytest.raises(conn.exceptions.InvalidParameterException) as exc:
conn.list_users(UserPoolId=user_pool_id, Filter="username = foo")
_assert_filter_parsing_error(exc)
with pytest.raises(conn.exceptions.InvalidParameterException) as exc:
conn.list_users(UserPoolId=user_pool_id, Filter="username=")
_assert_filter_parsing_error(exc)
def _assert_filter_parsing_error(exc):
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
assert err["Message"] == "Error while parsing filter"
cognito-idp – Added format validation and implemented prefix operator for Filter param of list_users (#4388)
2021-10-11 22:31:40 +00:00
fix for 'status' filter, inherent_attributes test (#4129) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 15:34:07 +00:00
cognito-idp – Do not allow custom attributes in list_users() Filter param (#4389) (#4407)
2021-10-13 09:55:58 +00:00
@mock_cognitoidp
def test_list_users_invalid_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
with pytest.raises(conn.exceptions.InvalidParameterException) as exc:
conn.list_users(UserPoolId=user_pool_id, Filter='custom:foo = "bar"')
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
assert err["Message"] == "Invalid search attribute: custom:foo"
cognito-idp – Do not allow custom attributes in list_users() Filter param (#4389) (#4407)
2021-10-13 09:55:58 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_list_users_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.list_users(UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0]["Username"] != username
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
def _verify_attribute(name, v):
attr = [a for a in result["Users"][0]["Attributes"] if a["Name"] == name]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(attr) == 1
assert attr[0]["Value"] == v
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
_verify_attribute("email", username)
username_bis = "test2@uexample.com"
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username_bis,
UserAttributes=[{"Name": "phone_number", "Value": "+33666666666"}],
)
result = conn.list_users(
UserPoolId=user_pool_id, Filter='phone_number="+33666666666"'
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0]["Username"] != username_bis
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
uuid.UUID(result["Users"][0]["Username"])
_verify_attribute("email", username_bis)
# checking Filter with space
result = conn.list_users(
UserPoolId=user_pool_id, Filter='phone_number = "+33666666666"'
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0]["Username"] != username_bis
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
_verify_attribute("email", username_bis)
fix for 'status' filter, inherent_attributes test (#4129) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 15:34:07 +00:00
@mock_cognitoidp
def test_list_users_inherent_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.list_users(UserPoolId=user_pool_id)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0]["Username"] == username
fix for 'status' filter, inherent_attributes test (#4129) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 15:34:07 +00:00
# create a confirmed disabled user
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
disabled_user_username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=disabled_user_username)
conn.confirm_sign_up(
ClientId=client_id, Username=disabled_user_username, ConfirmationCode="123456"
)
conn.admin_disable_user(UserPoolId=user_pool_id, Username=disabled_user_username)
# filter, filter value, response field, response field expected value - all target confirmed disabled user
filters = [
("username", disabled_user_username, "Username", disabled_user_username),
("status", "Disabled", "Enabled", False),
("cognito:user_status", "CONFIRMED", "UserStatus", "CONFIRMED"),
]
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for name, filter_value, response_field, response_field_expected_value in filters:
fix for 'status' filter, inherent_attributes test (#4129) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 15:34:07 +00:00
result = conn.list_users(
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 22:41:08 +00:00
UserPoolId=user_pool_id, Filter=f'{name}="{filter_value}"'
fix for 'status' filter, inherent_attributes test (#4129) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 15:34:07 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == 1
assert result["Users"][0][response_field] == response_field_expected_value
cognito:user_status filter in list users (#4120) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 06:56:41 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
@mock_cognitoidp
def test_get_user_unconfirmed():
if settings.TEST_SERVER_MODE:
raise SkipTest("Cant patch attributes in server mode.")
conn = boto3.client("cognito-idp", "us-west-2")
outputs = authentication_flow(conn, "ADMIN_NO_SRP_AUTH")
MultiAccount support (#5192)
2022-08-13 09:49:43 +00:00
backend = moto.cognitoidp.models.cognitoidp_backends[ACCOUNT_ID]["us-west-2"]
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
user_pool = backend.user_pools[outputs["user_pool_id"]]
user_pool.users[outputs["username"]].status = "UNCONFIRMED"
with pytest.raises(ClientError) as ex:
conn.get_user(AccessToken=outputs["access_token"])
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
assert err["Message"] == "username"
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 14:48:31 +00:00
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_users_returns_limit_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
user_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(user_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
max_results = 5
result = conn.list_users(UserPoolId=user_pool_id, Limit=max_results)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == max_results
assert "PaginationToken" in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_users_returns_pagination_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
user_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(user_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
max_results = 5
result = conn.list_users(UserPoolId=user_pool_id, Limit=max_results)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == max_results
assert "PaginationToken" in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
next_token = result["PaginationToken"]
result_2 = conn.list_users(
UserPoolId=user_pool_id, Limit=max_results, PaginationToken=next_token
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result_2["Users"]) == max_results
assert "PaginationToken" not in result_2
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
@mock_cognitoidp
def test_list_users_when_limit_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
user_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(user_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
max_results = user_count + 5
result = conn.list_users(UserPoolId=user_pool_id, Limit=max_results)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["Users"]) == user_count
assert "PaginationToken" not in result
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 14:10:28 +00:00
CognitoIDP:list_users() - Implement AttributesToGet-parameter (#4539)
2021-11-07 16:02:48 +00:00
@mock_cognitoidp
def test_list_users_with_attributes_to_get():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
for _ in range(5):
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=str(uuid.uuid4()),
UserAttributes=[
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "Jane"},
{"Name": "custom:foo", "Value": "bar"},
],
)
result = conn.list_users(
UserPoolId=user_pool_id, AttributesToGet=["given_name", "custom:foo", "unknown"]
)
users = result["Users"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(users) == 5
CognitoIDP:list_users() - Implement AttributesToGet-parameter (#4539)
2021-11-07 16:02:48 +00:00
for user in users:
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(user["Attributes"]) == 2
assert {"Name": "given_name", "Value": "Jane"} in user["Attributes"]
assert {"Name": "custom:foo", "Value": "bar"} in user["Attributes"]
CognitoIDP:list_users() - Implement AttributesToGet-parameter (#4539)
2021-11-07 16:02:48 +00:00
Be able to change `enabled` status for cognito-idp users
2018-07-27 06:10:26 +00:00
@mock_cognitoidp
def test_admin_disable_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_disable_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert list(result.keys()) == ["ResponseMetadata"] # No response expected
Be able to change `enabled` status for cognito-idp users
2018-07-27 06:10:26 +00:00
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert (
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)["Enabled"]
is False
)
Be able to change `enabled` status for cognito-idp users
2018-07-27 06:10:26 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_disable_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_disable_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert list(result.keys()) == ["ResponseMetadata"] # No response expected
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert (
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)["Enabled"]
is False
)
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Be able to change `enabled` status for cognito-idp users
2018-07-27 06:10:26 +00:00
@mock_cognitoidp
def test_admin_enable_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_disable_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_enable_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert list(result.keys()) == ["ResponseMetadata"] # No response expected
Be able to change `enabled` status for cognito-idp users
2018-07-27 06:10:26 +00:00
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert conn.admin_get_user(UserPoolId=user_pool_id, Username=username)["Enabled"]
Be able to change `enabled` status for cognito-idp users
2018-07-27 06:10:26 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_enable_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_disable_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_enable_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert list(result.keys()) == ["ResponseMetadata"] # No response expected
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert conn.admin_get_user(UserPoolId=user_pool_id, Username=username)["Enabled"]
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_admin_delete_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_delete_user(UserPoolId=user_pool_id, Username=username)
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 10:43:37 +00:00
with pytest.raises(ClientError) as exc:
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 10:43:37 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotFoundException"
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_admin_delete_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_delete_user(UserPoolId=user_pool_id, Username=username)
with pytest.raises(ClientError) as ex:
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotFoundException"
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
def authentication_flow(conn, auth_flow):
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
temporary_password = "P2$Sword"
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
Testing new feature
2018-08-07 11:55:32 +00:00
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
Testing new feature
2018-08-07 11:55:32 +00:00
ReadAttributes=[user_attribute_name],
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)["UserPoolClient"]["ClientId"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
Testing new feature
2018-08-07 11:55:32 +00:00
UserAttributes=[{"Name": user_attribute_name, "Value": user_attribute_value}],
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
)
result = conn.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
AuthFlow=auth_flow,
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
# A newly created user is forced to set a new password
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ChallengeName"] == "NEW_PASSWORD_REQUIRED"
assert result["Session"] is not None
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
# This sets a new password and logs the user in (creates tokens)
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
new_password = "P2$Sword"
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
result = conn.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": new_password},
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["AuthenticationResult"]["IdToken"] is not None
assert result["AuthenticationResult"]["AccessToken"] is not None
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
return {
"user_pool_id": user_pool_id,
"client_id": client_id,
"id_token": result["AuthenticationResult"]["IdToken"],
"access_token": result["AuthenticationResult"]["AccessToken"],
"username": username,
"password": new_password,
Testing new feature
2018-08-07 11:55:32 +00:00
"additional_fields": {user_attribute_name: user_attribute_value},
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
}
@mock_cognitoidp
def test_authentication_flow():
conn = boto3.client("cognito-idp", "us-west-2")
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
authentication_flow(conn, auth_flow)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Restrict initiate_auth and admin_initiate_auth AuthFlow (#4836)
2022-02-07 23:55:51 +00:00
@mock_cognitoidp
def test_authentication_flow_invalid_flow():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
authentication_flow(conn, "NO_SUCH_FLOW")
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
assert (
err["Message"]
== "1 validation error detected: Value 'NO_SUCH_FLOW' at 'authFlow' failed to satisfy constraint: Member must satisfy enum value set: ['ADMIN_NO_SRP_AUTH', 'ADMIN_USER_PASSWORD_AUTH', 'USER_SRP_AUTH', 'REFRESH_TOKEN_AUTH', 'REFRESH_TOKEN', 'CUSTOM_AUTH', 'USER_PASSWORD_AUTH']"
Restrict initiate_auth and admin_initiate_auth AuthFlow (#4836)
2022-02-07 23:55:51 +00:00
)
@mock_cognitoidp
def test_authentication_flow_invalid_user_flow():
"""Pass a user authFlow to admin_initiate_auth"""
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
authentication_flow(conn, "USER_PASSWORD_AUTH")
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
assert err["Message"] == "Initiate Auth method not supported"
Restrict initiate_auth and admin_initiate_auth AuthFlow (#4836)
2022-02-07 23:55:51 +00:00
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
def user_authentication_flow(conn):
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
ReadAttributes=[user_attribute_name],
GenerateSecret=True,
)["UserPoolClient"]["ClientId"]
Linting
2020-11-11 15:55:37 +00:00
conn.sign_up(ClientId=client_id, Username=username, Password=password)
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
client_secret = conn.describe_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientId=client_id
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientSecret"]
conn.confirm_sign_up(
Linting
2020-11-11 15:55:37 +00:00
ClientId=client_id, Username=username, ConfirmationCode="123456"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
# generating secret hash
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
fix SALT and SRP_B params
2020-12-03 10:05:59 +00:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
"SECRET_HASH": secret_hash,
},
)
result = conn.respond_to_auth_challenge(
ClientId=client_id,
ChallengeName=result["ChallengeName"],
ChallengeResponses={
"PASSWORD_CLAIM_SIGNATURE": str(uuid.uuid4()),
"PASSWORD_CLAIM_SECRET_BLOCK": result["Session"],
"TIMESTAMP": str(uuid.uuid4()),
"USERNAME": username,
},
)
refresh_token = result["AuthenticationResult"]["RefreshToken"]
# add mfa token
conn.associate_software_token(
AccessToken=result["AuthenticationResult"]["AccessToken"]
)
conn.verify_software_token(
Linting
2020-11-11 15:55:37 +00:00
AccessToken=result["AuthenticationResult"]["AccessToken"], UserCode="123456"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
conn.set_user_mfa_preference(
AccessToken=result["AuthenticationResult"]["AccessToken"],
Linting
2020-11-11 15:55:37 +00:00
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True},
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="REFRESH_TOKEN",
Linting
2020-11-11 15:55:37 +00:00
AuthParameters={"SECRET_HASH": secret_hash, "REFRESH_TOKEN": refresh_token},
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["AuthenticationResult"]["IdToken"] is not None
assert result["AuthenticationResult"]["AccessToken"] is not None
assert result["AuthenticationResult"]["TokenType"] == "Bearer"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
# authenticate user once again this time with mfa token
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
fix SALT and SRP_B params
2020-12-03 10:05:59 +00:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
"SECRET_HASH": secret_hash,
},
)
result = conn.respond_to_auth_challenge(
ClientId=client_id,
ChallengeName=result["ChallengeName"],
ChallengeResponses={
"PASSWORD_CLAIM_SIGNATURE": str(uuid.uuid4()),
"PASSWORD_CLAIM_SECRET_BLOCK": result["Session"],
"TIMESTAMP": str(uuid.uuid4()),
"USERNAME": username,
},
)
result = conn.respond_to_auth_challenge(
ClientId=client_id,
Session=result["Session"],
ChallengeName=result["ChallengeName"],
ChallengeResponses={
"SOFTWARE_TOKEN_MFA_CODE": "123456",
"USERNAME": username,
"SECRET_HASH": secret_hash,
},
)
return {
"user_pool_id": user_pool_id,
"client_id": client_id,
"client_secret": client_secret,
"secret_hash": secret_hash,
"id_token": result["AuthenticationResult"]["IdToken"],
"access_token": result["AuthenticationResult"]["AccessToken"],
"refresh_token": refresh_token,
"username": username,
"password": password,
"additional_fields": {user_attribute_name: user_attribute_value},
}
@mock_cognitoidp
def test_user_authentication_flow():
conn = boto3.client("cognito-idp", "us-west-2")
user_authentication_flow(conn)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_token_legitimacy():
conn = boto3.client("cognito-idp", "us-west-2")
path = "../../moto/cognitoidp/resources/jwks-public.json"
with open(os.path.join(os.path.dirname(__file__), path)) as f:
json_web_key = json.loads(f.read())["keys"][0]
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
outputs = authentication_flow(conn, auth_flow)
id_token = outputs["id_token"]
access_token = outputs["access_token"]
client_id = outputs["client_id"]
CognitoIDP: Replace email with username in cogntio JWT tokens (#5652)
2022-11-10 17:08:56 +00:00
username = outputs["username"]
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 22:41:08 +00:00
issuer = (
f"https://cognito-idp.us-west-2.amazonaws.com/{outputs['user_pool_id']}"
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
)
id_claims = json.loads(jws.verify(id_token, json_web_key, "RS256"))
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert id_claims["iss"] == issuer
assert id_claims["aud"] == client_id
assert id_claims["token_use"] == "id"
assert id_claims["cognito:username"] == username
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for k, v in outputs["additional_fields"].items():
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert id_claims[k] == v
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
access_claims = json.loads(jws.verify(access_token, json_web_key, "RS256"))
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert access_claims["iss"] == issuer
assert access_claims["client_id"] == client_id
assert access_claims["token_use"] == "access"
assert access_claims["username"] == username
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
moto/issues/2672 | Formatted using black
2020-01-06 05:29:23 +00:00
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_change_password():
conn = boto3.client("cognito-idp", "us-west-2")
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
outputs = authentication_flow(conn, auth_flow)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
# Take this opportunity to test change_password, which requires an access token.
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
newer_password = "P2$Sword2"
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
conn.change_password(
AccessToken=outputs["access_token"],
PreviousPassword=outputs["password"],
ProposedPassword=newer_password,
)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
# Log in again, which should succeed without a challenge because the user is no
# longer in the force-new-password state.
result = conn.admin_initiate_auth(
UserPoolId=outputs["user_pool_id"],
ClientId=outputs["client_id"],
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={
"USERNAME": outputs["username"],
"PASSWORD": newer_password,
},
)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["AuthenticationResult"] is not None
Append region-info to UserAgent-header, if it already exists
2020-06-30 14:00:08 +00:00
@mock_cognitoidp
def test_change_password__using_custom_user_agent_header():
Admin: Update Docs to point to getmoto (#5826)
2023-01-07 11:35:14 +00:00
# https://github.com/getmoto/moto/issues/3098
Append region-info to UserAgent-header, if it already exists
2020-06-30 14:00:08 +00:00
# As the admin_initiate_auth-method is unauthenticated, we use the user-agent header to pass in the region
# This test verifies this works, even if we pass in our own user-agent header
from botocore.config import Config
my_config = Config(user_agent_extra="more/info", signature_version="v4")
conn = boto3.client("cognito-idp", "us-west-2", config=my_config)
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
outputs = authentication_flow(conn, auth_flow)
Append region-info to UserAgent-header, if it already exists
2020-06-30 14:00:08 +00:00
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
# Take this opportunity to test change_password, which requires an access token.
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
newer_password = "P2$Sword2"
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
conn.change_password(
AccessToken=outputs["access_token"],
PreviousPassword=outputs["password"],
ProposedPassword=newer_password,
)
Append region-info to UserAgent-header, if it already exists
2020-06-30 14:00:08 +00:00
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
# Log in again, which should succeed without a challenge because the user is no
# longer in the force-new-password state.
result = conn.admin_initiate_auth(
UserPoolId=outputs["user_pool_id"],
ClientId=outputs["client_id"],
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={
"USERNAME": outputs["username"],
"PASSWORD": newer_password,
},
)
Append region-info to UserAgent-header, if it already exists
2020-06-30 14:00:08 +00:00
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["AuthenticationResult"] is not None
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
def test_forgot_password():
conn = boto3.client("cognito-idp", "us-west-2")
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 14:26:57 +00:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
result = conn.forgot_password(ClientId=client_id, Username=str(uuid.uuid4()))
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["CodeDeliveryDetails"]["Destination"] is not None
assert result["CodeDeliveryDetails"]["DeliveryMedium"] == "SMS"
assert result["CodeDeliveryDetails"]["AttributeName"] == "phone_number"
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 14:26:57 +00:00
@mock_cognitoidp
def test_forgot_password_nonexistent_client_id():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.forgot_password(ClientId=create_id(), Username=str(uuid.uuid4()))
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "ResourceNotFoundException"
assert err["Message"] == "Username/client id combination not found."
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 14:26:57 +00:00
@mock_cognitoidp
def test_forgot_password_admin_only_recovery():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "admin_only", "Priority": 1}]
},
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
with pytest.raises(ClientError) as ex:
conn.forgot_password(ClientId=client_id, Username=str(uuid.uuid4()))
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
assert err["Message"] == "Contact administrator to reset password."
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 14:26:57 +00:00
@mock_cognitoidp
def test_forgot_password_user_with_all_recovery_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "verified_email", "Priority": 1}]
},
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
{"Name": "email", "Value": "test@moto.com"},
{"Name": "phone_number", "Value": "555555555"},
],
)
result = conn.forgot_password(ClientId=client_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["CodeDeliveryDetails"]["Destination"] == "test@moto.com"
assert result["CodeDeliveryDetails"]["DeliveryMedium"] == "EMAIL"
assert result["CodeDeliveryDetails"]["AttributeName"] == "email"
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 14:26:57 +00:00
conn.update_user_pool(
UserPoolId=user_pool_id,
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "verified_phone_number", "Priority": 1}]
},
)
result = conn.forgot_password(ClientId=client_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["CodeDeliveryDetails"]["Destination"] == "555555555"
assert result["CodeDeliveryDetails"]["DeliveryMedium"] == "SMS"
assert result["CodeDeliveryDetails"]["AttributeName"] == "phone_number"
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 14:26:57 +00:00
@mock_cognitoidp
def test_forgot_password_nonexistent_user_or_user_without_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "verified_email", "Priority": 1}]
},
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
user_without_attributes = str(uuid.uuid4())
nonexistent_user = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=user_without_attributes)
for user in user_without_attributes, nonexistent_user:
result = conn.forgot_password(ClientId=client_id, Username=user)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["CodeDeliveryDetails"]["Destination"] == user + "@h***.com"
assert result["CodeDeliveryDetails"]["DeliveryMedium"] == "EMAIL"
assert result["CodeDeliveryDetails"]["AttributeName"] == "email"
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 14:26:57 +00:00
conn.update_user_pool(
UserPoolId=user_pool_id,
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "verified_phone_number", "Priority": 1}]
},
)
for user in user_without_attributes, nonexistent_user:
result = conn.forgot_password(ClientId=client_id, Username=user)
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["CodeDeliveryDetails"]["Destination"] == "+*******9934"
assert result["CodeDeliveryDetails"]["DeliveryMedium"] == "SMS"
assert result["CodeDeliveryDetails"]["AttributeName"] == "phone_number"
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
@mock_cognitoidp
Return OTP from forgot password (#4478)
2021-10-27 18:29:29 +00:00
def test_confirm_forgot_password_legacy():
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
conn.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
Return OTP from forgot password (#4478)
2021-10-27 18:29:29 +00:00
# Random confirmation code - opt out of verification
conn.forgot_password(ClientId=client_id, Username=username)
res = conn.confirm_forgot_password(
Implement some of cognito-idp
2018-05-02 21:13:12 +00:00
ClientId=client_id,
Username=username,
ConfirmationCode=str(uuid.uuid4()),
Password=str(uuid.uuid4()),
)
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 22:58:10 +00:00
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert res["ResponseMetadata"]["HTTPStatusCode"] == 200
Return OTP from forgot password (#4478)
2021-10-27 18:29:29 +00:00
@mock_cognitoidp
def test_confirm_forgot_password_opt_in_verification():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
conn.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
res = conn.forgot_password(ClientId=client_id, Username=username)
confirmation_code = res["ResponseMetadata"]["HTTPHeaders"][
"x-moto-forgot-password-confirmation-code"
]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert "moto-confirmation-code" in confirmation_code
Return OTP from forgot password (#4478)
2021-10-27 18:29:29 +00:00
res = conn.confirm_forgot_password(
ClientId=client_id,
Username=username,
ConfirmationCode=confirmation_code,
Password=str(uuid.uuid4()),
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert res["ResponseMetadata"]["HTTPStatusCode"] == 200
Return OTP from forgot password (#4478)
2021-10-27 18:29:29 +00:00
@mock_cognitoidp
def test_confirm_forgot_password_opt_in_verification_invalid_confirmation_code():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
conn.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
with pytest.raises(ClientError) as ex:
conn.confirm_forgot_password(
ClientId=client_id,
Username=username,
ConfirmationCode="moto-confirmation-code:123invalid",
Password=str(uuid.uuid4()),
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "ExpiredCodeException"
assert err["Message"] == "Invalid code provided, please request a code again."
Return OTP from forgot password (#4478)
2021-10-27 18:29:29 +00:00
Run black on moto & test directories.
2019-10-31 15:44:26 +00:00
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 17:49:19 +00:00
@mock_cognitoidp
def test_admin_user_global_sign_out():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
conn.admin_user_global_sign_out(
UserPoolId=result["user_pool_id"], Username=result["username"]
)
admin_user_global_sign_out works only once (#4717)
2021-12-27 20:18:02 +00:00
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="REFRESH_TOKEN",
AuthParameters={
"REFRESH_TOKEN": result["refresh_token"],
"SECRET_HASH": result["secret_hash"],
},
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
assert err["Message"] == "Refresh Token has been revoked"
admin_user_global_sign_out works only once (#4717)
2021-12-27 20:18:02 +00:00
@mock_cognitoidp
def test_admin_user_global_sign_out_twice():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
conn.admin_user_global_sign_out(
UserPoolId=result["user_pool_id"], Username=result["username"]
)
conn.admin_user_global_sign_out(
UserPoolId=result["user_pool_id"], Username=result["username"]
)
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 17:49:19 +00:00
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="REFRESH_TOKEN",
AuthParameters={
"REFRESH_TOKEN": result["refresh_token"],
"SECRET_HASH": result["secret_hash"],
},
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
assert err["Message"] == "Refresh Token has been revoked"
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 17:49:19 +00:00
@mock_cognitoidp
def test_admin_user_global_sign_out_unknown_userpool():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
conn.admin_user_global_sign_out(UserPoolId="n/a", Username=result["username"])
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "ResourceNotFoundException"
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 17:49:19 +00:00
@mock_cognitoidp
def test_admin_user_global_sign_out_unknown_user():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
conn.admin_user_global_sign_out(
UserPoolId=result["user_pool_id"], Username="n/a"
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotFoundException"
assert err["Message"] == "User does not exist."
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 17:49:19 +00:00
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
@mock_cognitoidp
def test_global_sign_out():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
conn.global_sign_out(AccessToken=result["access_token"])
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="REFRESH_TOKEN",
AuthParameters={
"REFRESH_TOKEN": result["refresh_token"],
"SECRET_HASH": result["secret_hash"],
},
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
assert err["Message"] == "Refresh Token has been revoked"
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
CognitoIDP: sign_out() should invalidate AccessToken (#5794)
2022-12-20 22:09:02 +00:00
with pytest.raises(ClientError) as ex:
conn.get_user(AccessToken=result["access_token"])
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
CognitoIDP: sign_out() should invalidate AccessToken (#5794)
2022-12-20 22:09:02 +00:00
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
@mock_cognitoidp
def test_global_sign_out_unknown_accesstoken():
conn = boto3.client("cognito-idp", "us-east-2")
with pytest.raises(ClientError) as ex:
conn.global_sign_out(AccessToken="n/a")
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 22:58:10 +00:00
@mock_cognitoidp
def test_admin_update_user_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "John"},
],
)
conn.admin_update_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "Jane"},
],
)
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
attributes = user["UserAttributes"]
for attr in attributes:
val = attr["Value"]
if attr["Name"] == "family_name":
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert val == "Doe"
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 22:58:10 +00:00
elif attr["Name"] == "given_name":
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert val == "Jane"
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
cognito-idp – Implemented admin_delete_user_attributes (#4487)
2021-10-28 21:21:22 +00:00
@mock_cognitoidp
def test_admin_delete_user_attributes():
conn = boto3.client("cognito-idp", "us-east-1")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "foo",
"AttributeDataType": "String",
"Mutable": True,
"Required": False,
}
],
)["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "John"},
{"Name": "nickname", "Value": "Joe"},
{"Name": "custom:foo", "Value": "bar"},
],
)
conn.admin_delete_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributeNames=["nickname", "custom:foo"],
)
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(user["UserAttributes"]) == 3 # family_name, given_name and sub
assert {"Name": "family_name", "Value": "Doe"} in user["UserAttributes"]
assert {"Name": "given_name", "Value": "John"} in user["UserAttributes"]
assert {"Name": "nickname", "Value": "Joe"} not in user["UserAttributes"]
assert {"Name": "custom:foo", "Value": "bar"} not in user["UserAttributes"]
cognito-idp – Implemented admin_delete_user_attributes (#4487)
2021-10-28 21:21:22 +00:00
@mock_cognitoidp
def test_admin_delete_user_attributes_non_existing_attribute():
conn = boto3.client("cognito-idp", "us-east-1")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "John"},
{"Name": "nickname", "Value": "Joe"},
],
)
with pytest.raises(ClientError) as exc:
conn.admin_delete_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributeNames=["nickname", "custom:foo"],
)
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
assert (
err["Message"]
== "Invalid user attributes: user.custom:foo: Attribute does not exist in the schema.\n"
cognito-idp – Implemented admin_delete_user_attributes (#4487)
2021-10-28 21:21:22 +00:00
)
Core - Use json module for error_json exception type rendering instead of jinja2 (#4587)
2021-11-17 16:19:03 +00:00
with pytest.raises(ClientError) as exc:
conn.admin_delete_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributeNames=["nickname", "custom:foo", "custom:bar"],
)
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
assert (
err["Message"]
== "Invalid user attributes: user.custom:foo: Attribute does not exist in the schema.\nuser.custom:bar: Attribute does not exist in the schema.\n"
Core - Use json module for error_json exception type rendering instead of jinja2 (#4587)
2021-11-17 16:19:03 +00:00
)
cognito-idp – Implemented admin_delete_user_attributes (#4487)
2021-10-28 21:21:22 +00:00
@mock_cognitoidp
def test_admin_delete_user_attributes_non_existing_user():
conn = boto3.client("cognito-idp", "us-east-1")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
with pytest.raises(ClientError) as exc:
conn.admin_delete_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributeNames=["nickname", "custom:foo"],
)
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotFoundException"
assert err["Message"] == "User does not exist."
cognito-idp – Implemented admin_delete_user_attributes (#4487)
2021-10-28 21:21:22 +00:00
@mock_cognitoidp
def test_admin_delete_user_attributes_non_existing_pool():
conn = boto3.client("cognito-idp", "us-east-1")
user_pool_id = "us-east-1_aaaaaaaa"
with pytest.raises(ClientError) as exc:
conn.admin_delete_user_attributes(
UserPoolId=user_pool_id,
Username=str(uuid.uuid4()),
UserAttributeNames=["nickname"],
)
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "ResourceNotFoundException"
assert err["Message"] == f"User pool {user_pool_id} does not exist."
cognito-idp – Implemented admin_delete_user_attributes (#4487)
2021-10-28 21:21:22 +00:00
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
@mock_cognitoidp
def test_update_user_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
result = authentication_flow(conn, auth_flow="ADMIN_USER_PASSWORD_AUTH")
access_token = result["access_token"]
username = result["username"]
user_pool_id = result["user_pool_id"]
conn.update_user_attributes(
AccessToken=access_token,
UserAttributes=[
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "Jane"},
],
)
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
attributes = user["UserAttributes"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert {"Name": "family_name", "Value": "Doe"} in attributes
assert {"Name": "given_name", "Value": "Jane"} in attributes
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
@mock_cognitoidp
def test_update_user_attributes_unknown_accesstoken():
conn = boto3.client("cognito-idp", "us-east-2")
with pytest.raises(ClientError) as ex:
conn.update_user_attributes(
AccessToken="n/a", UserAttributes=[{"Name": "a", "Value": "b"}]
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 11:31:30 +00:00
@mock_cognitoidp
def test_resource_server():
client = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
res = client.create_user_pool(PoolName=name)
user_pool_id = res["UserPool"]["Id"]
identifier = "http://localhost.localdomain"
name = "local server"
scopes = [
{"ScopeName": "app:write", "ScopeDescription": "write scope"},
{"ScopeName": "app:read", "ScopeDescription": "read scope"},
]
res = client.create_resource_server(
UserPoolId=user_pool_id, Identifier=identifier, Name=name, Scopes=scopes
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert res["ResourceServer"]["UserPoolId"] == user_pool_id
assert res["ResourceServer"]["Identifier"] == identifier
assert res["ResourceServer"]["Name"] == name
assert res["ResourceServer"]["Scopes"] == scopes
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 11:31:30 +00:00
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 05:54:49 +00:00
with pytest.raises(ClientError) as ex:
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 11:31:30 +00:00
client.create_resource_server(
UserPoolId=user_pool_id, Identifier=identifier, Name=name, Scopes=scopes
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.operation_name == "CreateResourceServer"
assert ex.value.response["Error"]["Code"] == "InvalidParameterException"
assert (
ex.value.response["Error"]["Message"]
== f"{identifier} already exists in user pool {user_pool_id}."
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 11:31:30 +00:00
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 11:31:30 +00:00
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
@mock_cognitoidp
def test_sign_up():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
result = conn.sign_up(ClientId=client_id, Username=username, Password=password)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserConfirmed"] is False
assert result["UserSub"] is not None
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
@mock_cognitoidp
@pytest.mark.parametrize("password", ["p2$$word", "P2$s"])
def test_sign_up_with_invalid_password(password):
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
with pytest.raises(ClientError) as exc:
conn.sign_up(ClientId=client_id, Username=username, Password=password)
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidPasswordException"
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_sign_up_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email", "phone_number"]
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
with pytest.raises(ClientError) as err:
# Attempt to add user again
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
conn.sign_up(ClientId=client_id, Username=username, Password=password)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err.value.response["Error"]["Code"] == "InvalidParameterException"
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
username = "test@example.com"
result = conn.sign_up(ClientId=client_id, Username=username, Password=password)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserConfirmed"] is False
assert result["UserSub"] is not None
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
username = "+123456789"
result = conn.sign_up(ClientId=client_id, Username=username, Password=password)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserConfirmed"] is False
assert result["UserSub"] is not None
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
Cognito IdP: Raise UsernameExistsException from sign_up when user exists (#3765) * Raise UsernameExistsException from sign_up when user exists * Run formatter * Use pytest.raises * Fix test
2021-03-16 22:22:53 +00:00
@mock_cognitoidp
def test_sign_up_existing_user():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
Cognito IdP: Raise UsernameExistsException from sign_up when user exists (#3765) * Raise UsernameExistsException from sign_up when user exists * Run formatter * Use pytest.raises * Fix test
2021-03-16 22:22:53 +00:00
# Add initial user
conn.sign_up(ClientId=client_id, Username=username, Password=password)
with pytest.raises(ClientError) as err:
# Attempt to add user again
conn.sign_up(ClientId=client_id, Username=username, Password=password)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err.value.response["Error"]["Code"] == "UsernameExistsException"
Cognito IdP: Raise UsernameExistsException from sign_up when user exists (#3765) * Raise UsernameExistsException from sign_up when user exists * Run formatter * Use pytest.raises * Fix test
2021-03-16 22:22:53 +00:00
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
@mock_cognitoidp
def test_confirm_sign_up():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
conn.confirm_sign_up(
Linting
2020-11-11 15:55:37 +00:00
ClientId=client_id, Username=username, ConfirmationCode="123456"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserStatus"] == "CONFIRMED"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_confirm_sign_up_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
conn.confirm_sign_up(
ClientId=client_id, Username=username, ConfirmationCode="123456"
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserStatus"] == "CONFIRMED"
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
@mock_cognitoidp
def test_initiate_auth_USER_SRP_AUTH():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
client_secret = conn.describe_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientId=client_id
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientSecret"]
conn.confirm_sign_up(
Linting
2020-11-11 15:55:37 +00:00
ClientId=client_id, Username=username, ConfirmationCode="123456"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
fix SALT and SRP_B params
2020-12-03 10:05:59 +00:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
"SECRET_HASH": secret_hash,
},
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ChallengeName"] == "PASSWORD_VERIFIER"
assert result["ChallengeParameters"]["USERNAME"] == username
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
@mock_cognitoidp
def test_initiate_auth_USER_SRP_AUTH_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
client_secret = conn.describe_user_pool_client(
UserPoolId=user_pool_id, ClientId=client_id
)["UserPoolClient"]["ClientSecret"]
conn.confirm_sign_up(
ClientId=client_id, Username=username, ConfirmationCode="123456"
)
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
"SRP_A": uuid.uuid4().hex,
"SECRET_HASH": secret_hash,
},
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ChallengeName"] == "PASSWORD_VERIFIER"
Userpool UsernameAttributes (#4262)
2021-10-20 11:56:45 +00:00
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
@mock_cognitoidp
def test_initiate_auth_REFRESH_TOKEN():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
result = conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="REFRESH_TOKEN",
AuthParameters={
"REFRESH_TOKEN": result["refresh_token"],
"SECRET_HASH": result["secret_hash"],
},
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["AuthenticationResult"]["AccessToken"] is not None
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 08:19:54 +00:00
@mock_cognitoidp
def test_initiate_auth_USER_PASSWORD_AUTH():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
result = conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={"USERNAME": result["username"], "PASSWORD": result["password"]},
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["AuthenticationResult"]["AccessToken"] is not None
assert result["AuthenticationResult"]["IdToken"] is not None
assert result["AuthenticationResult"]["RefreshToken"] is not None
assert result["AuthenticationResult"]["TokenType"] == "Bearer"
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 08:19:54 +00:00
Restrict initiate_auth and admin_initiate_auth AuthFlow (#4836)
2022-02-07 23:55:51 +00:00
@mock_cognitoidp
def test_initiate_auth_invalid_auth_flow():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
user_authentication_flow(conn)
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="NO_SUCH_FLOW",
AuthParameters={
"USERNAME": result["username"],
"PASSWORD": result["password"],
},
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
assert (
err["Message"]
== "1 validation error detected: Value 'NO_SUCH_FLOW' at 'authFlow' failed to satisfy constraint: Member must satisfy enum value set: ['ADMIN_NO_SRP_AUTH', 'ADMIN_USER_PASSWORD_AUTH', 'USER_SRP_AUTH', 'REFRESH_TOKEN_AUTH', 'REFRESH_TOKEN', 'CUSTOM_AUTH', 'USER_PASSWORD_AUTH']"
Restrict initiate_auth and admin_initiate_auth AuthFlow (#4836)
2022-02-07 23:55:51 +00:00
)
@mock_cognitoidp
def test_initiate_auth_invalid_admin_auth_flow():
"""Pass an admin auth_flow to the regular initiate_auth"""
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
user_authentication_flow(conn)
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="ADMIN_USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": result["username"],
"PASSWORD": result["password"],
},
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
assert err["Message"] == "Initiate Auth method not supported"
Restrict initiate_auth and admin_initiate_auth AuthFlow (#4836)
2022-02-07 23:55:51 +00:00
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 20:34:05 +00:00
@mock_cognitoidp
def test_initiate_auth_USER_PASSWORD_AUTH_with_FORCE_CHANGE_PASSWORD_status():
# Test flow:
# 1. Create user with FORCE_CHANGE_PASSWORD status
# 2. Login with temporary password
# 3. Check that the right challenge is received
# 4. Respond to challenge with new password
# 5. Check that the access tokens are received
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
# Create pool and client
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = client.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
)["UserPoolClient"]["ClientId"]
# Create user in status FORCE_CHANGE_PASSWORD
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
temporary_password = "P2$Sword"
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 20:34:05 +00:00
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=temporary_password
)
result = client.initiate_auth(
ClientId=client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["ChallengeName"] == "NEW_PASSWORD_REQUIRED"
assert result["ChallengeParameters"]["USERNAME"] == username
assert result["Session"] != ""
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 20:34:05 +00:00
assert result.get("AuthenticationResult") is None
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
new_password = "P2$Sword2"
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 20:34:05 +00:00
result = client.respond_to_auth_challenge(
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
Session=result["Session"],
ChallengeResponses={
"NEW_PASSWORD": new_password,
"USERNAME": result["ChallengeParameters"]["USERNAME"],
},
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["AuthenticationResult"]["IdToken"] != ""
assert result["AuthenticationResult"]["AccessToken"] != ""
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 20:34:05 +00:00
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 08:19:54 +00:00
@mock_cognitoidp
def test_initiate_auth_USER_PASSWORD_AUTH_user_not_found():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={"USERNAME": "INVALIDUSER", "PASSWORD": result["password"]},
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotFoundException"
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 08:19:54 +00:00
@mock_cognitoidp
def test_initiate_auth_USER_PASSWORD_AUTH_user_incorrect_password():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": result["username"],
"PASSWORD": "NotAuthorizedException",
},
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 08:19:54 +00:00
@mock_cognitoidp
def test_initiate_auth_USER_PASSWORD_AUTH_unconfirmed_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 08:19:54 +00:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": password},
)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotConfirmedException"
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 08:19:54 +00:00
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
@mock_cognitoidp
def test_initiate_auth_for_unconfirmed_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
client_secret = conn.describe_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientId=client_id
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientSecret"]
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
conn.initiate_auth(
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
fix SALT and SRP_B params
2020-12-03 10:05:59 +00:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
"SECRET_HASH": secret_hash,
},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "UserNotConfirmedException"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
@mock_cognitoidp
def test_initiate_auth_with_invalid_secret_hash():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Linting
2020-11-11 15:55:37 +00:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
conn.describe_user_pool_client(UserPoolId=user_pool_id, ClientId=client_id)
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
conn.confirm_sign_up(
Linting
2020-11-11 15:55:37 +00:00
ClientId=client_id, Username=username, ConfirmationCode="123456"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
)
invalid_secret_hash = str(uuid.uuid4())
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
conn.initiate_auth(
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
fix SALT and SRP_B params
2020-12-03 10:05:59 +00:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
"SECRET_HASH": invalid_secret_hash,
},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
@mock_cognitoidp
def test_setting_mfa():
conn = boto3.client("cognito-idp", "us-west-2")
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
result = authentication_flow(conn, auth_flow)
conn.associate_software_token(AccessToken=result["access_token"])
conn.verify_software_token(
AccessToken=result["access_token"], UserCode="123456"
)
conn.set_user_mfa_preference(
AccessToken=result["access_token"],
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True},
)
result = conn.admin_get_user(
UserPoolId=result["user_pool_id"], Username=result["username"]
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["UserMFASettingList"]) == 1
assert result["PreferredMfaSetting"] == "SOFTWARE_TOKEN_MFA"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
@mock_cognitoidp
def test_setting_mfa_when_token_not_verified():
conn = boto3.client("cognito-idp", "us-west-2")
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
result = authentication_flow(conn, auth_flow)
conn.associate_software_token(AccessToken=result["access_token"])
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
conn.set_user_mfa_preference(
AccessToken=result["access_token"],
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
Add implementation for cognitoidp admin_set_user_mfa_preference (#4884)
2022-02-24 23:52:45 +00:00
@mock_cognitoidp
def test_admin_setting_mfa():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
username = "test@example.com"
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_set_user_mfa_preference(
Username=username,
UserPoolId=user_pool_id,
SMSMfaSettings={"Enabled": True, "PreferredMfa": True},
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(result["UserMFASettingList"]) == 1
assert result["PreferredMfaSetting"] == "SMS_MFA"
Add implementation for cognitoidp admin_set_user_mfa_preference (#4884)
2022-02-24 23:52:45 +00:00
@mock_cognitoidp
def test_admin_setting_mfa_when_token_not_verified():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
username = "test@example.com"
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
with pytest.raises(conn.exceptions.InvalidParameterException):
conn.admin_set_user_mfa_preference(
Username=username,
UserPoolId=user_pool_id,
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True},
)
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
@mock_cognitoidp
def test_respond_to_auth_challenge_with_invalid_secret_hash():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
valid_secret_hash = result["secret_hash"]
invalid_secret_hash = str(uuid.uuid4())
challenge = conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": result["username"],
fix SALT and SRP_B params
2020-12-03 10:05:59 +00:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
"SECRET_HASH": valid_secret_hash,
},
)
challenge = conn.respond_to_auth_challenge(
ClientId=result["client_id"],
ChallengeName=challenge["ChallengeName"],
ChallengeResponses={
"PASSWORD_CLAIM_SIGNATURE": str(uuid.uuid4()),
"PASSWORD_CLAIM_SECRET_BLOCK": challenge["Session"],
"TIMESTAMP": str(uuid.uuid4()),
"USERNAME": result["username"],
},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
conn.respond_to_auth_challenge(
ClientId=result["client_id"],
Session=challenge["Session"],
ChallengeName=challenge["ChallengeName"],
ChallengeResponses={
"SOFTWARE_TOKEN_MFA_CODE": "123456",
"USERNAME": result["username"],
"SECRET_HASH": invalid_secret_hash,
},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 08:20:31 +00:00
added cognito idp function admin_set_user_password to the code (#3328) * added cognito idp function to the code * fixed linting issues
2020-09-21 17:40:07 +00:00
@mock_cognitoidp
def test_admin_set_user_password():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
password = "P2$$word"
added cognito idp function admin_set_user_password to the code (#3328) * added cognito idp function to the code * fixed linting issues
2020-09-21 17:40:07 +00:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
conn.admin_set_user_password(
UserPoolId=user_pool_id, Username=username, Password=password, Permanent=True
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["Username"] == username
assert len(result["UserAttributes"]) == 2
fix: cognito-idp: admin_create_user remove default attributes (#4070) * 4069: fix: cognito-idp: admin_create_user remove default attributes
2021-07-14 14:35:09 +00:00
def _verify_attribute(name, v):
attr = [a for a in result["UserAttributes"] if a["Name"] == name]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert len(attr) == 1
assert attr[0]["Value"] == v
fix: cognito-idp: admin_create_user remove default attributes (#4070) * 4069: fix: cognito-idp: admin_create_user remove default attributes
2021-07-14 14:35:09 +00:00
_verify_attribute("thing", value)
added cognito idp function admin_set_user_password to the code (#3328) * added cognito idp function to the code * fixed linting issues
2020-09-21 17:40:07 +00:00
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
@mock_cognitoidp
@pytest.mark.parametrize("password", ["pa$$word", "Password", "p2ssword", "P2$S"])
def test_admin_set_invalid_user_password(password):
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
with pytest.raises(ClientError) as exc:
conn.admin_set_user_password(
UserPoolId=user_pool_id,
Username=username,
Password=password,
Permanent=True,
)
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidPasswordException"
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
@mock_cognitoidp
@pytest.mark.parametrize("password", ["password", "P2$$word"])
def test_admin_set_invalid_user_password__custom_policy_provided(password):
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Policies={
"PasswordPolicy": {
"MinimumLength": 12,
"RequireUppercase": False,
"RequireLowercase": False,
"RequireNumbers": False,
"RequireSymbols": False,
}
},
)["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
with pytest.raises(ClientError) as exc:
conn.admin_set_user_password(
UserPoolId=user_pool_id,
Username=username,
Password=password,
Permanent=True,
)
err = exc.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidPasswordException"
CognitoIDP - Validate password using policy (#5768)
2022-12-14 09:39:50 +00:00
# We can set a plain password, as long as it's 12 characters long
conn.admin_set_user_password(
UserPoolId=user_pool_id,
Username=username,
Password="longpassword",
Permanent=True,
)
Fix: Python 2/3 Incompatibility (#3488) Previous code would raise `TypeError: 'dict_keys' object is not subscriptable` when run under Python 3. * Re-write code in Python 2/3 compatible way. * Add clarifying comment. * Add test coverage. Supersedes #3227
2020-11-21 13:36:33 +00:00
@mock_cognitoidp
def test_change_password_with_invalid_token_raises_error():
client = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
client.change_password(
AccessToken=str(uuid.uuid4()),
PreviousPassword="previous_password",
ProposedPassword="newer_password",
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "NotAuthorizedException"
Fix: Python 2/3 Incompatibility (#3488) Previous code would raise `TypeError: 'dict_keys' object is not subscriptable` when run under Python 3. * Re-write code in Python 2/3 compatible way. * Add clarifying comment. * Add test coverage. Supersedes #3227
2020-11-21 13:36:33 +00:00
@mock_cognitoidp
def test_confirm_forgot_password_with_non_existent_client_id_raises_error():
client = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
client.confirm_forgot_password(
ClientId="non-existent-client-id",
Username="not-existent-username",
ConfirmationCode=str(uuid.uuid4()),
Password=str(uuid.uuid4()),
)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert ex.value.response["Error"]["Code"] == "ResourceNotFoundException"
Fix: Python 2/3 Incompatibility (#3488) Previous code would raise `TypeError: 'dict_keys' object is not subscriptable` when run under Python 3. * Re-write code in Python 2/3 compatible way. * Add clarifying comment. * Add test coverage. Supersedes #3227
2020-11-21 13:36:33 +00:00
Added admin_reset_user_password implementation (#4412)
2021-10-14 10:12:08 +00:00
@mock_cognitoidp
def test_admin_reset_password_and_change_password():
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
temporary_pass = str(uuid.uuid4())
# Create pool and client
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = client.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
)["UserPoolClient"]["ClientId"]
# Create CONFIRMED user with verified email
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=temporary_pass
)
client.confirm_sign_up(
ClientId=client_id, Username=username, ConfirmationCode="123456"
)
client.admin_update_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "email_verified", "Value": "true"}],
)
# User should be in RESET_REQUIRED state after reset
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
result = client.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserStatus"] == "RESET_REQUIRED"
Added admin_reset_user_password implementation (#4412)
2021-10-14 10:12:08 +00:00
# Return to CONFIRMED status after NEW_PASSWORD_REQUIRED auth challenge
auth_result = client.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_pass},
)
password = "Admin123!"
auth_result = client.respond_to_auth_challenge(
Session=auth_result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": password},
)
result = client.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserStatus"] == "CONFIRMED"
Added admin_reset_user_password implementation (#4412)
2021-10-14 10:12:08 +00:00
# Return to CONFIRMED after user-initated password change
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
client.change_password(
AccessToken=auth_result["AuthenticationResult"]["AccessToken"],
PreviousPassword=password,
ProposedPassword="Admin1234!",
)
result = client.admin_get_user(UserPoolId=user_pool_id, Username=username)
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert result["UserStatus"] == "CONFIRMED"
Added admin_reset_user_password implementation (#4412)
2021-10-14 10:12:08 +00:00
AdminInitiateAuth - return correct AccessToken for Refresh-scenario (#5109)
2022-05-09 08:41:29 +00:00
@mock_cognitoidp
def test_admin_initiate_auth__use_access_token():
client = boto3.client("cognito-idp", "us-west-2")
un = str(uuid.uuid4())
pw = str(uuid.uuid4())
# Create pool and client
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = client.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
)["UserPoolClient"]["ClientId"]
client.admin_create_user(UserPoolId=user_pool_id, Username=un, TemporaryPassword=pw)
client.confirm_sign_up(ClientId=client_id, Username=un, ConfirmationCode="123456")
# Initiate once, to get a refresh token
auth_result = client.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": un, "PASSWORD": pw},
)
refresh_token = auth_result["AuthenticationResult"]["RefreshToken"]
# Initiate Auth using a Refresh Token
auth_result = client.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="REFRESH_TOKEN",
AuthParameters={"REFRESH_TOKEN": refresh_token},
)
access_token = auth_result["AuthenticationResult"]["AccessToken"]
# Verify the AccessToken of this authentication works
client.global_sign_out(AccessToken=access_token)
Added admin_reset_user_password implementation (#4412)
2021-10-14 10:12:08 +00:00
@mock_cognitoidp
def test_admin_reset_password_disabled_user():
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
# Create pool
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Create disabled user
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
client.admin_disable_user(UserPoolId=user_pool_id, Username=username)
with pytest.raises(ClientError) as ex:
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
assert err["Message"] == "User is disabled"
Added admin_reset_user_password implementation (#4412)
2021-10-14 10:12:08 +00:00
@mock_cognitoidp
def test_admin_reset_password_unconfirmed_user():
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
# Create pool
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Create user in status FORCE_CHANGE_PASSWORD
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
with pytest.raises(ClientError) as ex:
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "NotAuthorizedException"
assert err["Message"] == "User password cannot be reset in the current state."
Added admin_reset_user_password implementation (#4412)
2021-10-14 10:12:08 +00:00
@mock_cognitoidp
def test_admin_reset_password_no_verified_notification_channel():
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
# Create pool and client
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = client.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
)["UserPoolClient"]["ClientId"]
# Create CONFIRMED user without verified email or phone
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
client.confirm_sign_up(
ClientId=client_id, Username=username, ConfirmationCode="123456"
)
with pytest.raises(ClientError) as ex:
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
err = ex.value.response["Error"]
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
assert err["Code"] == "InvalidParameterException"
assert (
err["Message"]
== "Cannot reset password for the user as there is no registered/verified email or phone_number"
Added admin_reset_user_password implementation (#4412)
2021-10-14 10:12:08 +00:00
)
@mock_cognitoidp
def test_admin_reset_password_multiple_invocations():
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
# Create pool and client
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = client.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
)["UserPoolClient"]["ClientId"]
# Create CONFIRMED user with verified email
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
client.confirm_sign_up(
ClientId=client_id, Username=username, ConfirmationCode="123456"
)
client.admin_update_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "email_verified", "Value": "true"}],
)
for _ in range(3):
Techdebt: Replace sure with regular asserts in Cognito (#6496)
2023-07-08 20:37:50 +00:00
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
user = client.admin_get_user(UserPoolId=user_pool_id, Username=username)
assert user["UserStatus"] == "RESET_REQUIRED"
Added admin_reset_user_password implementation (#4412)
2021-10-14 10:12:08 +00:00
CognitoIDP: Deny login if user account is disabled (#6553)
2023-07-22 17:18:08 +00:00
@mock_cognitoidp
def test_login_denied_if_account_disabled():
"""Make sure a disabled account is denied login"""
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
temporary_password = "P2$Sword"
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
ReadAttributes=[user_attribute_name],
)["UserPoolClient"]["ClientId"]
# Create a user and disable the account
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
UserAttributes=[{"Name": user_attribute_name, "Value": user_attribute_value}],
)
conn.admin_disable_user(
UserPoolId=user_pool_id,
Username=username,
)
# User should not be able to login into a disabled account
with pytest.raises(conn.exceptions.NotAuthorizedException) as ex:
conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
assert ex.value.response["Error"]["Code"] == "NotAuthorizedException"
assert ex.value.response["Error"]["Message"] == "User is disabled."
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
# Using admin login should yield the same result
with pytest.raises(conn.exceptions.NotAuthorizedException) as ex:
conn.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
assert ex.value.response["Error"]["Code"] == "NotAuthorizedException"
assert ex.value.response["Error"]["Message"] == "User is disabled."
assert ex.value.response["ResponseMetadata"]["HTTPStatusCode"] == 400
Cognito - Dont run test in ServerMode
2020-06-20 11:48:10 +00:00
# Test will retrieve public key from cognito.amazonaws.com/.well-known/jwks.json,
# which isnt mocked in ServerMode
if not settings.TEST_SERVER_MODE:
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
Cognito - Dont run test in ServerMode
2020-06-20 11:48:10 +00:00
@mock_cognitoidp
def test_idtoken_contains_kid_header():
Admin: Update Docs to point to getmoto (#5826)
2023-01-07 11:35:14 +00:00
# https://github.com/getmoto/moto/issues/3078
Cognito - Dont run test in ServerMode
2020-06-20 11:48:10 +00:00
# Setup
cognito = boto3.client("cognito-idp", "us-west-2")
user_pool_id = cognito.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"][
"Id"
]
client = cognito.create_user_pool_client(
UserPoolId=user_pool_id,
ExplicitAuthFlows=[
"ALLOW_ADMIN_USER_PASSWORD_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH",
"ALLOW_ADMIN_NO_SRP_AUTH",
],
AllowedOAuthFlows=["code", "implicit"],
ClientName=str(uuid.uuid4()),
CallbackURLs=["https://example.com"],
)
client_id = client["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
temporary_password = "1TemporaryP@ssword"
cognito.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
)
result = cognito.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
# A newly created user is forced to set a new password
# This sets a new password and logs the user in (creates tokens)
password = "1F@kePassword"
result = cognito.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": password},
)
#
id_token = result["AuthenticationResult"]["IdToken"]
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
Cognito - Dont run test in ServerMode
2020-06-20 11:48:10 +00:00
# Verify the KID header is present in the token, and corresponds to the KID supplied by the public JWT
verify_kid_header(id_token)
CognitoIDP - Return KID in headers of ID token
2020-06-20 09:43:02 +00:00
def verify_kid_header(token):
"""Verifies the kid-header is corresponds with the public key"""
headers = jwt.get_unverified_headers(token)
kid = headers["kid"]
key_index = -1
keys = fetch_public_keys()
for i in range(len(keys)):
if kid == keys[i]["kid"]:
key_index = i
break
if key_index == -1:
raise Exception("Public key (kid) not found in jwks.json")
def fetch_public_keys():
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 22:41:08 +00:00
keys_url = "https://cognito-idp.us-west-2.amazonaws.com/someuserpoolid/.well-known/jwks.json"
Simplify Cognito test - auto decode JSON
2020-06-20 10:05:06 +00:00
response = requests.get(keys_url).json()
return response["keys"]
Reference in New Issue Copy Permalink