Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
moto/tests/test_cognitoidp/test_cognitoidp.py

4451 lines
158 KiB
Python
Raw Normal View History

CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 15:48:31 +01:00
import base64
import boto3
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
import json
import os
Implement group management for cognito-idp
2018-07-23 16:26:54 +10:00
import random
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 22:08:17 +09:00
import re
Techdebt: replace mock with unittest.mock (#5775)
2022-12-15 20:17:50 +08:00
from unittest import mock
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 15:48:31 +01:00
import moto.cognitoidp.models
CognitoIDP - Return KID in headers of ID token
2020-06-20 10:43:02 +01:00
import requests
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 15:48:31 +01:00
import hmac
import hashlib
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
import uuid
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
Implement group management for cognito-idp
2018-07-23 16:26:54 +10:00
# noinspection PyUnresolvedReferences
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
import sure # noqa # pylint: disable=unused-import
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 12:59:04 -04:00
from botocore.exceptions import ClientError, ParamValidationError
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
from jose import jws, jwt
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 15:48:31 +01:00
from unittest import SkipTest
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 07:54:49 +02:00
import pytest
Added extra test
2018-08-10 16:07:27 +02:00
Cognito - Dont run test in ServerMode
2020-06-20 12:48:10 +01:00
from moto import mock_cognitoidp, settings
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 22:08:17 +09:00
from moto.cognitoidp.utils import create_id
MultiAccount support (#5192)
2022-08-13 09:49:43 +00:00
from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_create_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
value = str(uuid.uuid4())
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result = conn.create_user_pool(PoolName=name, LambdaConfig={"PreSignUp": value})
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result["UserPool"]["Id"].should.match(r"[\w-]+_[0-9a-zA-Z]+")
add Arn to cognito user pool model and response
2020-02-17 15:08:09 -06:00
result["UserPool"]["Arn"].should.equal(
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 21:41:08 -01:00
f"arn:aws:cognito-idp:us-west-2:{ACCOUNT_ID}:userpool/{result['UserPool']['Id']}"
add Arn to cognito user pool model and response
2020-02-17 15:08:09 -06:00
)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
result["UserPool"]["Name"].should.equal(name)
result["UserPool"]["LambdaConfig"]["PreSignUp"].should.equal(value)
CognitoIDP - improve default UserPool response (#5074)
2022-04-29 10:50:33 +00:00
@mock_cognitoidp
def test_create_user_pool__overwrite_template_messages():
client = boto3.client("cognito-idp", "us-east-2")
resp = client.create_user_pool(
PoolName="test",
VerificationMessageTemplate={
"DefaultEmailOption": "CONFIRM_WITH_LINK",
"EmailMessage": "foo {####} bar",
"EmailMessageByLink": "{##foobar##}",
"EmailSubject": "foobar {####}",
"EmailSubjectByLink": "foobar",
"SmsMessage": "{####} baz",
},
)
pool = resp["UserPool"]
pool.should.have.key("SmsVerificationMessage").equals("{####} baz")
pool.should.have.key("EmailVerificationSubject").equals("foobar {####}")
pool.should.have.key("EmailVerificationMessage").equals("foo {####} bar")
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
@mock_cognitoidp
def test_create_user_pool_should_have_all_default_attributes_in_schema():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
result = conn.create_user_pool(PoolName=name)
result_schema = result["UserPool"]["SchemaAttributes"]
result_schema = {s["Name"]: s for s in result_schema}
described_schema = conn.describe_user_pool(UserPoolId=result["UserPool"]["Id"])[
"UserPool"
]["SchemaAttributes"]
described_schema = {s["Name"]: s for s in described_schema}
for schema in result_schema, described_schema:
for (
default_attr_name,
default_attr,
) in moto.cognitoidp.models.CognitoIdpUserPoolAttribute.STANDARD_SCHEMA.items():
attribute = schema[default_attr_name]
attribute["Required"].should.equal(default_attr["Required"])
attribute["AttributeDataType"].should.equal(
default_attr["AttributeDataType"]
)
attribute["Mutable"].should.equal(default_attr["Mutable"])
attribute.get("StringAttributeConstraints", None).should.equal(
default_attr.get("StringAttributeConstraints", None)
)
attribute.get("NumberAttributeConstraints", None).should.equal(
default_attr.get("NumberAttributeConstraints", None)
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
attribute["DeveloperOnlyAttribute"].should.equal(False)
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
@mock_cognitoidp
def test_create_user_pool_unknown_attribute_data_type():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
attribute_data_type = "Banana"
with pytest.raises(ClientError) as ex:
conn.create_user_pool(
PoolName=name,
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
Schema=[{"Name": "custom", "AttributeDataType": attribute_data_type}],
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
)
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
f"Validation error detected: Value '{attribute_data_type}' failed to satisfy constraint: Member must satisfy enum value set: [Boolean, Number, String, DateTime]"
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
@mock_cognitoidp
def test_create_user_pool_custom_attribute_without_data_type():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
conn.create_user_pool(PoolName=str(uuid.uuid4()), Schema=[{"Name": "custom"}])
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
"Invalid AttributeDataType input, consider using the provided AttributeDataType enum."
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
@mock_cognitoidp
def test_create_user_pool_custom_attribute_defaults():
conn = boto3.client("cognito-idp", "us-west-2")
res = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
{"Name": "string", "AttributeDataType": "String"},
{"Name": "number", "AttributeDataType": "Number"},
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
],
)
string_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:string"
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
string_attribute["DeveloperOnlyAttribute"].should.equal(False)
string_attribute["Mutable"].should.equal(True)
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
number_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:number"
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
number_attribute["DeveloperOnlyAttribute"].should.equal(False)
number_attribute["Mutable"].should.equal(True)
number_attribute.shouldnt.have.key("NumberAttributeConstraints")
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
@mock_cognitoidp
def test_create_user_pool_custom_attribute_developer_only():
conn = boto3.client("cognito-idp", "us-west-2")
res = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "banana",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": True,
},
],
)
# Note that this time we are looking for 'dev:xyz' attribute
attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "dev:custom:banana"
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
attribute["DeveloperOnlyAttribute"].should.equal(True)
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
@mock_cognitoidp
def test_create_user_pool_custom_attribute_required():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{"Name": "banana", "AttributeDataType": "String", "Required": True},
],
)
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
"Required custom attributes are not supported currently."
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
@mock_cognitoidp
@pytest.mark.parametrize(
"attribute",
[
{"Name": "email", "AttributeDataType": "Number"},
{"Name": "email", "DeveloperOnlyAttribute": True},
],
ids=["standard_attribute", "developer_only"],
)
def test_create_user_pool_standard_attribute_with_changed_data_type_or_developer_only(
attribute,
):
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(PoolName=str(uuid.uuid4()), Schema=[attribute])
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
f"You can not change AttributeDataType or set developerOnlyAttribute for standard schema attribute {attribute['Name']}"
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
@mock_cognitoidp
def test_create_user_pool_attribute_with_schema():
conn = boto3.client("cognito-idp", "us-west-2")
res = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "string",
"AttributeDataType": "String",
"NumberAttributeConstraints": {"MinValue": "10", "MaxValue": "20"},
"StringAttributeConstraints": {"MinLength": "10", "MaxLength": "20"},
},
{
"Name": "number",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MinValue": "10", "MaxValue": "20"},
"StringAttributeConstraints": {"MinLength": "10", "MaxLength": "20"},
},
{
"Name": "boolean",
"AttributeDataType": "Boolean",
"NumberAttributeConstraints": {"MinValue": "10", "MaxValue": "20"},
"StringAttributeConstraints": {"MinLength": "10", "MaxLength": "20"},
},
],
)
string_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:string"
)
string_attribute["StringAttributeConstraints"].should.equal(
{"MinLength": "10", "MaxLength": "20"}
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
string_attribute.shouldnt.have.key("NumberAttributeConstraints")
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
number_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:number"
)
number_attribute["NumberAttributeConstraints"].should.equal(
{"MinValue": "10", "MaxValue": "20"}
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
number_attribute.shouldnt.have.key("StringAttributeConstraints")
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
boolean_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:boolean"
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
boolean_attribute.shouldnt.have.key("NumberAttributeConstraints")
boolean_attribute.shouldnt.have.key("StringAttributeConstraints")
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
@mock_cognitoidp
def test_create_user_pool_attribute_partial_schema():
conn = boto3.client("cognito-idp", "us-west-2")
res = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "string_no_min",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MaxLength": "10"},
},
{
"Name": "string_no_max",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MinLength": "10"},
},
{
"Name": "number_no_min",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MaxValue": "10"},
},
{
"Name": "number_no_max",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MinValue": "10"},
},
],
)
string_no_min = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:string_no_min"
)
string_no_max = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:string_no_max"
)
number_no_min = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:number_no_min"
)
number_no_max = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:number_no_max"
)
string_no_min["StringAttributeConstraints"]["MaxLength"].should.equal("10")
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
string_no_min["StringAttributeConstraints"].shouldnt.have.key("MinLength")
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
string_no_max["StringAttributeConstraints"]["MinLength"].should.equal("10")
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
string_no_max["StringAttributeConstraints"].shouldnt.have.key("MaxLength")
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
number_no_min["NumberAttributeConstraints"]["MaxValue"].should.equal("10")
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
number_no_min["NumberAttributeConstraints"].shouldnt.have.key("MinValue")
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
number_no_max["NumberAttributeConstraints"]["MinValue"].should.equal("10")
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
number_no_max["NumberAttributeConstraints"].shouldnt.have.key("MaxValue")
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
@mock_cognitoidp
@pytest.mark.parametrize(
("constraint_type", "attribute"),
[
(
"StringAttributeConstraints",
{
"Name": "email",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MinLength": "invalid_value"},
},
),
(
"StringAttributeConstraints",
{
"Name": "email",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MaxLength": "invalid_value"},
},
),
(
"NumberAttributeConstraints",
{
"Name": "updated_at",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MaxValue": "invalid_value"},
},
),
(
"NumberAttributeConstraints",
{
"Name": "updated_at",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MinValue": "invalid_value"},
},
),
],
ids=[
"invalid_min_length",
"invalid_max_length",
"invalid_max_value",
"invalid_min_value",
],
)
def test_create_user_pool_invalid_schema_values(constraint_type, attribute):
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(PoolName=str(uuid.uuid4()), Schema=[attribute])
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
f"Invalid {constraint_type} for schema attribute {attribute['Name']}"
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
@mock_cognitoidp
@pytest.mark.parametrize(
"attribute",
[
{
"Name": "email",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MinLength": "2049"},
},
{
"Name": "email",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MaxLength": "2049"},
},
],
ids=["invalid_min_length", "invalid_max_length"],
)
def test_create_user_pool_string_schema_max_length_over_2048(attribute):
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(PoolName=str(uuid.uuid4()), Schema=[attribute])
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
f"user.{attribute['Name']}: String attributes cannot have a length of more than 2048"
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
@mock_cognitoidp
def test_create_user_pool_string_schema_min_bigger_than_max():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "email",
"AttributeDataType": "String",
"StringAttributeConstraints": {"MinLength": "2", "MaxLength": "1"},
}
],
)
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
Upgrade flake8 to 4.x (#5066)
2022-04-27 11:58:59 +00:00
"user.email: Max length cannot be less than min length."
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
@mock_cognitoidp
def test_create_user_pool_number_schema_min_bigger_than_max():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "updated_at",
"AttributeDataType": "Number",
"NumberAttributeConstraints": {"MinValue": "2", "MaxValue": "1"},
}
],
)
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
Upgrade flake8 to 4.x (#5066)
2022-04-27 11:58:59 +00:00
"user.updated_at: Max value cannot be less than min value."
cognito-idp standard attributes and pool schema validation (#4493)
2021-10-29 13:25:52 +02:00
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
Add add_custom_attributes implementation (#4498)
2021-10-30 11:58:29 +02:00
@mock_cognitoidp
def test_add_custom_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
custom_attribute = {"Name": "banana", "AttributeDataType": "String"}
res = conn.add_custom_attributes(
UserPoolId=pool_id, CustomAttributes=[custom_attribute]
)
res["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
res = conn.describe_user_pool(UserPoolId=pool_id)
described_attribute = next(
attr
for attr in res["UserPool"]["SchemaAttributes"]
if attr["Name"] == "custom:banana"
)
# Skip verification - already covered by create_user_pool with custom attributes
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
described_attribute.should_not.equal(None)
Add add_custom_attributes implementation (#4498)
2021-10-30 11:58:29 +02:00
@mock_cognitoidp
def test_add_custom_attributes_existing_attribute():
conn = boto3.client("cognito-idp", "us-west-2")
custom_attribute = {
"Name": "banana",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": True,
}
pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), Schema=[custom_attribute]
)["UserPool"]["Id"]
with pytest.raises(ClientError) as ex:
conn.add_custom_attributes(
UserPoolId=pool_id, CustomAttributes=[custom_attribute]
)
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
Upgrade flake8 to 4.x (#5066)
2022-04-27 11:58:59 +00:00
"custom:banana: Existing attribute already has name dev:custom:banana."
Add add_custom_attributes implementation (#4498)
2021-10-30 11:58:29 +02:00
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
Stable cognito user pool (#5194)
2022-06-13 13:14:22 +03:00
@mock_cognitoidp
def test_create_user_pool_default_id_strategy():
conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(PoolName=str("default-pool"))
second_pool = conn.create_user_pool(PoolName=str("default-pool"))
first_pool["UserPool"]["Id"].should_not.equal(second_pool["UserPool"]["Id"])
@mock_cognitoidp
@mock.patch.dict(os.environ, {"MOTO_COGNITO_IDP_USER_POOL_ID_STRATEGY": "HASH"})
def test_create_user_pool_hash_id_strategy_with_equal_pool_name():
if settings.TEST_SERVER_MODE:
raise SkipTest("Cannot set environemnt variables in ServerMode")
conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(PoolName=str("default-pool"))
second_pool = conn.create_user_pool(PoolName=str("default-pool"))
first_pool["UserPool"]["Id"].should.equal(second_pool["UserPool"]["Id"])
@mock_cognitoidp
@mock.patch.dict(os.environ, {"MOTO_COGNITO_IDP_USER_POOL_ID_STRATEGY": "HASH"})
def test_create_user_pool_hash_id_strategy_with_different_pool_name():
if settings.TEST_SERVER_MODE:
raise SkipTest("Cannot set environemnt variables in ServerMode")
conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(PoolName=str("first-pool"))
second_pool = conn.create_user_pool(PoolName=str("second-pool"))
first_pool["UserPool"]["Id"].should_not.equal(second_pool["UserPool"]["Id"])
@mock_cognitoidp
@mock.patch.dict(os.environ, {"MOTO_COGNITO_IDP_USER_POOL_ID_STRATEGY": "HASH"})
def test_create_user_pool_hash_id_strategy_with_different_attributes():
if settings.TEST_SERVER_MODE:
raise SkipTest("Cannot set environemnt variables in ServerMode")
conn = boto3.client("cognito-idp", "us-west-2")
first_pool = conn.create_user_pool(
PoolName=str("default-pool"),
Schema=[
{
"Name": "first",
"AttributeDataType": "String",
}
],
)
second_pool = conn.create_user_pool(
PoolName=str("default-pool"),
Schema=[
{
"Name": "second",
"AttributeDataType": "String",
}
],
)
first_pool["UserPool"]["Id"].should_not.equal(second_pool["UserPool"]["Id"])
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_list_user_pools():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
conn.create_user_pool(PoolName=name)
result = conn.list_user_pools(MaxResults=10)
result["UserPools"].should.have.length_of(1)
result["UserPools"][0]["Name"].should.equal(name)
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 12:59:04 -04:00
@mock_cognitoidp
def test_set_user_pool_mfa_config():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=name)["UserPool"]["Id"]
# Test error for when neither token nor sms configuration is provided
with pytest.raises(ClientError) as ex:
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
conn.set_user_pool_mfa_config(UserPoolId=user_pool_id, MfaConfiguration="ON")
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 12:59:04 -04:00
ex.value.operation_name.should.equal("SetUserPoolMfaConfig")
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
"At least one of [SmsMfaConfiguration] or [SoftwareTokenMfaConfiguration] must be provided."
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
# Test error for when sms config is missing `SmsConfiguration`
with pytest.raises(ClientError) as ex:
conn.set_user_pool_mfa_config(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, SmsMfaConfiguration={}, MfaConfiguration="ON"
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 12:59:04 -04:00
)
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
"[SmsConfiguration] is a required member of [SoftwareTokenMfaConfiguration]."
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
# Test error for when `SmsConfiguration` is missing `SnsCaller`
# This is asserted by boto3
with pytest.raises(ParamValidationError) as ex:
conn.set_user_pool_mfa_config(
UserPoolId=user_pool_id,
SmsMfaConfiguration={"SmsConfiguration": {}},
MfaConfiguration="ON",
)
# Test error for when `MfaConfiguration` is not one of the expected values
with pytest.raises(ClientError) as ex:
conn.set_user_pool_mfa_config(
UserPoolId=user_pool_id,
SoftwareTokenMfaConfiguration={"Enabled": True},
MfaConfiguration="Invalid",
)
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
"[MfaConfiguration] must be one of 'ON', 'OFF', or 'OPTIONAL'."
)
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
# Enable software token MFA
mfa_config = conn.set_user_pool_mfa_config(
UserPoolId=user_pool_id,
SoftwareTokenMfaConfiguration={"Enabled": True},
MfaConfiguration="ON",
)
mfa_config.shouldnt.have.key("SmsMfaConfiguration")
mfa_config["MfaConfiguration"].should.equal("ON")
mfa_config["SoftwareTokenMfaConfiguration"].should.equal({"Enabled": True})
# Response from describe should match
pool = conn.describe_user_pool(UserPoolId=user_pool_id)["UserPool"]
pool["MfaConfiguration"].should.equal("ON")
# Disable MFA
mfa_config = conn.set_user_pool_mfa_config(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, MfaConfiguration="OFF"
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 12:59:04 -04:00
)
mfa_config.shouldnt.have.key("SmsMfaConfiguration")
mfa_config.shouldnt.have.key("SoftwareTokenMfaConfiguration")
mfa_config["MfaConfiguration"].should.equal("OFF")
# Response from describe should match
pool = conn.describe_user_pool(UserPoolId=user_pool_id)["UserPool"]
pool["MfaConfiguration"].should.equal("OFF")
# `SnsCallerArn` needs to be at least 20 long
sms_config = {"SmsConfiguration": {"SnsCallerArn": "01234567890123456789"}}
# Enable SMS MFA
mfa_config = conn.set_user_pool_mfa_config(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, SmsMfaConfiguration=sms_config, MfaConfiguration="ON"
Implement User Pool MFA Actions (#3903) * implement user pool mfa actions * Add messages to errors Add messages to errors Fix error message * Change exception type * fix validation & add more tests Co-authored-by: George Lewis <glewis@evertz.com>
2021-05-06 12:59:04 -04:00
)
mfa_config.shouldnt.have.key("SoftwareTokenMfaConfiguration")
mfa_config["SmsMfaConfiguration"].should.equal(sms_config)
mfa_config["MfaConfiguration"].should.equal("ON")
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
@mock_cognitoidp
def test_list_user_pools_returns_max_items():
conn = boto3.client("cognito-idp", "us-west-2")
# Given 10 user pools
pool_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(pool_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
conn.create_user_pool(PoolName=str(uuid.uuid4()))
max_results = 5
result = conn.list_user_pools(MaxResults=max_results)
result["UserPools"].should.have.length_of(max_results)
result.should.have.key("NextToken")
@mock_cognitoidp
def test_list_user_pools_returns_next_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
# Given 10 user pool clients
pool_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(pool_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
conn.create_user_pool(PoolName=str(uuid.uuid4()))
max_results = 5
result = conn.list_user_pools(MaxResults=max_results)
result["UserPools"].should.have.length_of(max_results)
result.should.have.key("NextToken")
next_token = result["NextToken"]
result_2 = conn.list_user_pools(MaxResults=max_results, NextToken=next_token)
result_2["UserPools"].should.have.length_of(max_results)
result_2.shouldnt.have.key("NextToken")
@mock_cognitoidp
def test_list_user_pools_when_max_items_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
# Given 10 user pool clients
pool_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(pool_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
conn.create_user_pool(PoolName=str(uuid.uuid4()))
max_results = pool_count + 5
result = conn.list_user_pools(MaxResults=max_results)
result["UserPools"].should.have.length_of(pool_count)
result.shouldnt.have.key("NextToken")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_describe_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_details = conn.create_user_pool(
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 16:26:57 +02:00
PoolName=name,
LambdaConfig={"PreSignUp": value},
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "verified_email", "Priority": 1}]
},
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result = conn.describe_user_pool(UserPoolId=user_pool_details["UserPool"]["Id"])
result["UserPool"]["Name"].should.equal(name)
result["UserPool"]["LambdaConfig"]["PreSignUp"].should.equal(value)
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 16:26:57 +02:00
result["UserPool"]["AccountRecoverySetting"]["RecoveryMechanisms"][0][
"Name"
].should.equal("verified_email")
result["UserPool"]["AccountRecoverySetting"]["RecoveryMechanisms"][0][
"Priority"
].should.equal(1)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
CognitoIDP github.com/spulec/moto/issues/4452 - missing EstimatedNumberOfUsers (#4470)
2021-10-24 15:29:16 +02:00
@mock_cognitoidp
def test_describe_user_pool_estimated_number_of_users():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.describe_user_pool(UserPoolId=user_pool_id)
result["UserPool"]["EstimatedNumberOfUsers"].should.equal(0)
users_count = random.randint(2, 6)
for _ in range(users_count):
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
result = conn.describe_user_pool(UserPoolId=user_pool_id)
result["UserPool"]["EstimatedNumberOfUsers"].should.equal(users_count)
cognito-idp – Correct exception message when user pool not found (#4434) (#4436)
2021-10-19 15:05:31 +02:00
@mock_cognitoidp
def test_describe_user_pool_resource_not_found():
conn = boto3.client("cognito-idp", "us-east-1")
user_pool_id = "us-east-1_FooBar123"
with pytest.raises(ClientError) as exc:
conn.describe_user_pool(UserPoolId=user_pool_id)
err = exc.value.response["Error"]
err["Code"].should.equal("ResourceNotFoundException")
err["Message"].should.equal(f"User pool {user_pool_id} does not exist.")
cognito-idp – Implemented update_user_pool (#4433) (#4435)
2021-10-19 11:18:52 +02:00
@mock_cognitoidp
def test_update_user_pool():
conn = boto3.client("cognito-idp", "us-east-1")
name = str(uuid.uuid4())
user_pool_details = conn.create_user_pool(
PoolName=name,
Policies={
"PasswordPolicy": {
"MinimumLength": 12,
"RequireUppercase": False,
"RequireLowercase": False,
"RequireNumbers": False,
"RequireSymbols": False,
}
},
)
new_policies = {
"PasswordPolicy": {
"MinimumLength": 16,
"RequireUppercase": True,
"RequireLowercase": True,
"RequireNumbers": True,
"RequireSymbols": True,
}
}
conn.update_user_pool(
UserPoolId=user_pool_details["UserPool"]["Id"], Policies=new_policies
)
updated_user_pool_details = conn.describe_user_pool(
UserPoolId=user_pool_details["UserPool"]["Id"]
)
updated_user_pool_details["UserPool"]["Policies"].should.equal(new_policies)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_delete_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.list_user_pools(MaxResults=10)["UserPools"].should.have.length_of(1)
conn.delete_user_pool(UserPoolId=user_pool_id)
conn.list_user_pools(MaxResults=10)["UserPools"].should.have.length_of(0)
@mock_cognitoidp
def test_create_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["CloudFrontDomain"].should_not.equal(None)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 13:09:13 +10:00
@mock_cognitoidp
def test_create_user_pool_domain_custom_domain_config():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
custom_domain_config = {
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 21:41:08 -01:00
"CertificateArn": f"arn:aws:acm:us-east-1:{ACCOUNT_ID}:certificate/123456789012"
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 13:09:13 +10:00
}
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_domain(
UserPoolId=user_pool_id, Domain=domain, CustomDomainConfig=custom_domain_config
)
result["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
result["CloudFrontDomain"].should.equal("e2c343b3293ee505.cloudfront.net")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_describe_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result = conn.describe_user_pool_domain(Domain=domain)
result["DomainDescription"]["Domain"].should.equal(domain)
result["DomainDescription"]["UserPoolId"].should.equal(user_pool_id)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["DomainDescription"]["AWSAccountId"].should_not.equal(None)
Add Domain to DescribeUserPool response (#5286)
2022-07-02 19:52:05 -07:00
result = conn.describe_user_pool(UserPoolId=user_pool_id)
result["UserPool"]["Domain"].should.equal(domain)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_delete_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result = conn.delete_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
result = conn.describe_user_pool_domain(Domain=domain)
# This is a surprising behavior of the real service: describing a missing domain comes
# back with status 200 and a DomainDescription of {}
result["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
result["DomainDescription"].keys().should.have.length_of(0)
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 13:09:13 +10:00
@mock_cognitoidp
def test_update_user_pool_domain():
conn = boto3.client("cognito-idp", "us-west-2")
domain = str(uuid.uuid4())
custom_domain_config = {
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 21:41:08 -01:00
"CertificateArn": f"arn:aws:acm:us-east-1:{ACCOUNT_ID}:certificate/123456789012"
Implement update_user_pool_domain Introduce the CognitoIDP's UpdateUserPoolDomain to update configuration options of the associated domain to a Cognito IDP (e.g. ACM certificate).
2019-07-16 13:09:13 +10:00
}
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_domain(UserPoolId=user_pool_id, Domain=domain)
result = conn.update_user_pool_domain(
UserPoolId=user_pool_id, Domain=domain, CustomDomainConfig=custom_domain_config
)
result["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
result["CloudFrontDomain"].should.equal("e2c343b3293ee505.cloudfront.net")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_create_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_client(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId=user_pool_id, ClientName=client_name, CallbackURLs=[value]
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result["UserPoolClient"]["UserPoolId"].should.equal(user_pool_id)
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 22:08:17 +09:00
bool(re.match(r"^[0-9a-z]{26}$", result["UserPoolClient"]["ClientId"])).should.be.ok
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
result["UserPoolClient"]["ClientName"].should.equal(client_name)
fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work (#3135) * fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work * add test for update_user_pool_client
2020-07-16 17:13:12 +09:00
result["UserPoolClient"].should_not.have.key("ClientSecret")
result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
result["UserPoolClient"]["CallbackURLs"][0].should.equal(value)
@mock_cognitoidp
def test_create_user_pool_client_returns_secret():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=client_name,
GenerateSecret=True,
CallbackURLs=[value],
)
result["UserPoolClient"]["UserPoolId"].should.equal(user_pool_id)
fix cognito-idp UserPool ClientId (#3165) * fix cognito-idp UserPool ClientId * add test * replace uuid4 to create_id
2020-07-22 22:08:17 +09:00
bool(re.match(r"^[0-9a-z]{26}$", result["UserPoolClient"]["ClientId"])).should.be.ok
fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work (#3135) * fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work * add test for update_user_pool_client
2020-07-16 17:13:12 +09:00
result["UserPoolClient"]["ClientName"].should.equal(client_name)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["UserPoolClient"]["ClientSecret"].should_not.equal(None)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
result["UserPoolClient"]["CallbackURLs"][0].should.equal(value)
@mock_cognitoidp
def test_list_user_pool_clients():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
result = conn.list_user_pool_clients(UserPoolId=user_pool_id, MaxResults=10)
result["UserPoolClients"].should.have.length_of(1)
result["UserPoolClients"][0]["ClientName"].should.equal(client_name)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
@mock_cognitoidp
def test_list_user_pool_clients_returns_max_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 user pool clients
client_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(client_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
client_name = str(uuid.uuid4())
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
max_results = 5
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
result["UserPoolClients"].should.have.length_of(max_results)
result.should.have.key("NextToken")
@mock_cognitoidp
def test_list_user_pool_clients_returns_next_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 user pool clients
client_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(client_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
client_name = str(uuid.uuid4())
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
max_results = 5
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
result["UserPoolClients"].should.have.length_of(max_results)
result.should.have.key("NextToken")
next_token = result["NextToken"]
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result_2 = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results, NextToken=next_token
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
result_2["UserPoolClients"].should.have.length_of(max_results)
result_2.shouldnt.have.key("NextToken")
@mock_cognitoidp
def test_list_user_pool_clients_when_max_items_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 user pool clients
client_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(client_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
client_name = str(uuid.uuid4())
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.create_user_pool_client(UserPoolId=user_pool_id, ClientName=client_name)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
max_results = client_count + 5
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result = conn.list_user_pool_clients(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
result["UserPoolClients"].should.have.length_of(client_count)
result.shouldnt.have.key("NextToken")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_describe_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
client_name = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId=user_pool_id, ClientName=client_name, CallbackURLs=[value]
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result = conn.describe_user_pool_client(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId=user_pool_id, ClientId=client_details["UserPoolClient"]["ClientId"]
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result["UserPoolClient"]["ClientName"].should.equal(client_name)
result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
result["UserPoolClient"]["CallbackURLs"][0].should.equal(value)
@mock_cognitoidp
def test_update_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
old_client_name = str(uuid.uuid4())
new_client_name = str(uuid.uuid4())
old_value = str(uuid.uuid4())
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId=user_pool_id, ClientName=old_client_name, CallbackURLs=[old_value]
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result = conn.update_user_pool_client(
UserPoolId=user_pool_id,
ClientId=client_details["UserPoolClient"]["ClientId"],
ClientName=new_client_name,
CallbackURLs=[new_value],
)
result["UserPoolClient"]["ClientName"].should.equal(new_client_name)
fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work (#3135) * fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work * add test for update_user_pool_client
2020-07-16 17:13:12 +09:00
result["UserPoolClient"].should_not.have.key("ClientSecret")
result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
result["UserPoolClient"]["CallbackURLs"][0].should.equal(new_value)
@mock_cognitoidp
def test_update_user_pool_client_returns_secret():
conn = boto3.client("cognito-idp", "us-west-2")
old_client_name = str(uuid.uuid4())
new_client_name = str(uuid.uuid4())
old_value = str(uuid.uuid4())
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=old_client_name,
GenerateSecret=True,
CallbackURLs=[old_value],
)
client_secret = client_details["UserPoolClient"]["ClientSecret"]
result = conn.update_user_pool_client(
UserPoolId=user_pool_id,
ClientId=client_details["UserPoolClient"]["ClientId"],
ClientName=new_client_name,
CallbackURLs=[new_value],
)
result["UserPoolClient"]["ClientName"].should.equal(new_client_name)
result["UserPoolClient"]["ClientSecret"].should.equal(client_secret)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
result["UserPoolClient"]["CallbackURLs"][0].should.equal(new_value)
@mock_cognitoidp
def test_delete_user_pool_client():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_details = conn.create_user_pool_client(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
conn.delete_user_pool_client(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId=user_pool_id, ClientId=client_details["UserPoolClient"]["ClientId"]
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
conn.describe_user_pool_client(
UserPoolId=user_pool_id,
ClientId=client_details["UserPoolClient"]["ClientId"],
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
err["Code"].should.equal("ResourceNotFoundException")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_create_identity_provider():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
ProviderDetails={"thing": value},
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result["IdentityProvider"]["UserPoolId"].should.equal(user_pool_id)
result["IdentityProvider"]["ProviderName"].should.equal(provider_name)
result["IdentityProvider"]["ProviderType"].should.equal(provider_type)
result["IdentityProvider"]["ProviderDetails"]["thing"].should.equal(value)
@mock_cognitoidp
def test_list_identity_providers():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result = conn.list_identity_providers(UserPoolId=user_pool_id, MaxResults=10)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
result["Providers"].should.have.length_of(1)
result["Providers"][0]["ProviderName"].should.equal(provider_name)
result["Providers"][0]["ProviderType"].should.equal(provider_type)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
@mock_cognitoidp
def test_list_identity_providers_returns_max_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 identity providers linked to a user pool
identity_provider_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(identity_provider_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
max_results = 5
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
result["Providers"].should.have.length_of(max_results)
result.should.have.key("NextToken")
@mock_cognitoidp
def test_list_identity_providers_returns_next_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 identity providers linked to a user pool
identity_provider_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(identity_provider_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
max_results = 5
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
result["Providers"].should.have.length_of(max_results)
result.should.have.key("NextToken")
next_token = result["NextToken"]
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result_2 = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results, NextToken=next_token
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
result_2["Providers"].should.have.length_of(max_results)
result_2.shouldnt.have.key("NextToken")
@mock_cognitoidp
def test_list_identity_providers_when_max_items_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 identity providers linked to a user pool
identity_provider_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(identity_provider_count):
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
ProviderDetails={},
)
max_results = identity_provider_count + 5
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result = conn.list_identity_providers(
UserPoolId=user_pool_id, MaxResults=max_results
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
result["Providers"].should.have.length_of(identity_provider_count)
result.shouldnt.have.key("NextToken")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_describe_identity_providers():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
ProviderDetails={"thing": value},
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result = conn.describe_identity_provider(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId=user_pool_id, ProviderName=provider_name
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result["IdentityProvider"]["UserPoolId"].should.equal(user_pool_id)
result["IdentityProvider"]["ProviderName"].should.equal(provider_name)
result["IdentityProvider"]["ProviderType"].should.equal(provider_type)
result["IdentityProvider"]["ProviderDetails"]["thing"].should.equal(value)
[cognitoidp] feat: add update_identity_provider
2019-01-24 20:39:55 -05:00
@mock_cognitoidp
def test_update_identity_provider():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
ProviderDetails={"thing": value},
[cognitoidp] feat: add update_identity_provider
2019-01-24 20:39:55 -05:00
)
result = conn.update_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
ProviderDetails={"thing": new_value},
CognitoIDP - improve default UserPool response (#5074)
2022-04-29 10:50:33 +00:00
AttributeMapping={"email": "email", "username": "sub"},
)["IdentityProvider"]
result["UserPoolId"].should.equal(user_pool_id)
result["ProviderName"].should.equal(provider_name)
result["ProviderType"].should.equal(provider_type)
result["ProviderDetails"]["thing"].should.equal(new_value)
result["AttributeMapping"].should.equal({"email": "email", "username": "sub"})
[cognitoidp] feat: add update_identity_provider
2019-01-24 20:39:55 -05:00
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 17:52:34 -04:00
@mock_cognitoidp
def test_update_identity_provider_no_user_pool():
conn = boto3.client("cognito-idp", "us-west-2")
new_value = str(uuid.uuid4())
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 07:54:49 +02:00
with pytest.raises(conn.exceptions.ResourceNotFoundException) as cm:
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 17:52:34 -04:00
conn.update_identity_provider(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId="foo", ProviderName="bar", ProviderDetails={"thing": new_value}
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 17:52:34 -04:00
)
Finish porting from nose to pytest.
2020-10-06 08:04:09 +02:00
cm.value.operation_name.should.equal("UpdateIdentityProvider")
cm.value.response["Error"]["Code"].should.equal("ResourceNotFoundException")
cm.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 17:52:34 -04:00
@mock_cognitoidp
def test_update_identity_provider_no_identity_provider():
conn = boto3.client("cognito-idp", "us-west-2")
new_value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 07:54:49 +02:00
with pytest.raises(conn.exceptions.ResourceNotFoundException) as cm:
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 17:52:34 -04:00
conn.update_identity_provider(
UserPoolId=user_pool_id,
ProviderName="foo",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
ProviderDetails={"thing": new_value},
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 17:52:34 -04:00
)
Finish porting from nose to pytest.
2020-10-06 08:04:09 +02:00
cm.value.operation_name.should.equal("UpdateIdentityProvider")
cm.value.response["Error"]["Code"].should.equal("ResourceNotFoundException")
cm.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
fix coverage, update IMPLEMENTATION_COVERAGE
2019-03-12 17:52:34 -04:00
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_delete_identity_providers():
conn = boto3.client("cognito-idp", "us-west-2")
provider_name = str(uuid.uuid4())
provider_type = "Facebook"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.create_identity_provider(
UserPoolId=user_pool_id,
ProviderName=provider_name,
ProviderType=provider_type,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
ProviderDetails={"thing": value},
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
conn.delete_identity_provider(UserPoolId=user_pool_id, ProviderName=provider_name)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
conn.describe_identity_provider(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId=user_pool_id, ProviderName=provider_name
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
err["Code"].should.equal("ResourceNotFoundException")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Implement group management for cognito-idp
2018-07-23 16:26:54 +10:00
@mock_cognitoidp
def test_create_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
description = str(uuid.uuid4())
role_arn = "arn:aws:iam:::role/my-iam-role"
precedence = random.randint(0, 100000)
result = conn.create_group(
GroupName=group_name,
UserPoolId=user_pool_id,
Description=description,
RoleArn=role_arn,
Precedence=precedence,
)
result["Group"]["GroupName"].should.equal(group_name)
result["Group"]["UserPoolId"].should.equal(user_pool_id)
result["Group"]["Description"].should.equal(description)
result["Group"]["RoleArn"].should.equal(role_arn)
result["Group"]["Precedence"].should.equal(precedence)
result["Group"]["LastModifiedDate"].should.be.a("datetime.datetime")
result["Group"]["CreationDate"].should.be.a("datetime.datetime")
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
@mock_cognitoidp
def test_update_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
description = str(uuid.uuid4())
description2 = str(uuid.uuid4())
role_arn = "arn:aws:iam:::role/my-iam-role"
role_arn2 = "arn:aws:iam:::role/my-iam-role2"
precedence = random.randint(0, 100000)
precedence2 = random.randint(0, 100000)
conn.create_group(
GroupName=group_name,
UserPoolId=user_pool_id,
Description=description,
RoleArn=role_arn,
Precedence=precedence,
)
result = conn.update_group(
GroupName=group_name,
UserPoolId=user_pool_id,
Description=description2,
RoleArn=role_arn2,
Precedence=precedence2,
)
result["Group"]["GroupName"].should.equal(group_name)
result["Group"]["UserPoolId"].should.equal(user_pool_id)
result["Group"]["Description"].should.equal(description2)
result["Group"]["RoleArn"].should.equal(role_arn2)
result["Group"]["Precedence"].should.equal(precedence2)
result["Group"]["LastModifiedDate"].should.be.a("datetime.datetime")
result["Group"]["CreationDate"].should.be.a("datetime.datetime")
Adding functionality for cognito:groups in access_token (#4592)
2021-11-18 03:03:35 -08:00
@mock_cognitoidp
def test_group_in_access_token():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
temporary_password = "P2$Sword"
Adding functionality for cognito:groups in access_token (#4592)
2021-11-18 03:03:35 -08:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
group_name = str(uuid.uuid4())
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
ReadAttributes=[user_attribute_name],
)["UserPoolClient"]["ClientId"]
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
UserAttributes=[{"Name": user_attribute_name, "Value": user_attribute_value}],
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
result = conn.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
# A newly created user is forced to set a new password
result["ChallengeName"].should.equal("NEW_PASSWORD_REQUIRED")
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["Session"].should_not.equal(None)
Adding functionality for cognito:groups in access_token (#4592)
2021-11-18 03:03:35 -08:00
# This sets a new password and logs the user in (creates tokens)
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
new_password = "P2$Sword"
Adding functionality for cognito:groups in access_token (#4592)
2021-11-18 03:03:35 -08:00
result = conn.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": new_password},
)
claims = jwt.get_unverified_claims(result["AuthenticationResult"]["AccessToken"])
claims["cognito:groups"].should.equal([group_name])
Cognito: add groups to idToken (#5977)
2023-02-24 23:14:08 +01:00
@mock_cognitoidp
def test_group_in_id_token():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
temporary_password = "P2$Sword"
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
group_name = str(uuid.uuid4())
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
ReadAttributes=[user_attribute_name],
)["UserPoolClient"]["ClientId"]
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
UserAttributes=[{"Name": user_attribute_name, "Value": user_attribute_value}],
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
result = conn.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
# A newly created user is forced to set a new password
result["ChallengeName"].should.equal("NEW_PASSWORD_REQUIRED")
result["Session"].should_not.equal(None)
# This sets a new password and logs the user in (creates tokens)
new_password = "P2$Sword"
result = conn.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": new_password},
)
claims = jwt.get_unverified_claims(result["AuthenticationResult"]["IdToken"])
claims["cognito:groups"].should.equal([group_name])
Implement group management for cognito-idp
2018-07-23 16:26:54 +10:00
@mock_cognitoidp
def test_create_group_with_duplicate_name_raises_error():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 07:54:49 +02:00
with pytest.raises(ClientError) as cm:
Implement group management for cognito-idp
2018-07-23 16:26:54 +10:00
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
Finish porting from nose to pytest.
2020-10-06 08:04:09 +02:00
cm.value.operation_name.should.equal("CreateGroup")
cm.value.response["Error"]["Code"].should.equal("GroupExistsException")
cm.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
Implement group management for cognito-idp
2018-07-23 16:26:54 +10:00
@mock_cognitoidp
def test_get_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
result = conn.get_group(GroupName=group_name, UserPoolId=user_pool_id)
result["Group"]["GroupName"].should.equal(group_name)
result["Group"]["UserPoolId"].should.equal(user_pool_id)
result["Group"]["LastModifiedDate"].should.be.a("datetime.datetime")
result["Group"]["CreationDate"].should.be.a("datetime.datetime")
@mock_cognitoidp
def test_list_groups():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
result = conn.list_groups(UserPoolId=user_pool_id)
result["Groups"].should.have.length_of(1)
result["Groups"][0]["GroupName"].should.equal(group_name)
cognito-idp - pagination for `list_groups` and `list_users_in_group`. (#5292)
2022-07-26 01:54:50 +02:00
@mock_cognitoidp
def test_list_groups_returns_pagination_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 groups
group_count = 10
for _ in range(group_count):
conn.create_group(UserPoolId=user_pool_id, GroupName=str(uuid.uuid4()))
max_results = 5
result = conn.list_groups(UserPoolId=user_pool_id, Limit=max_results)
result["Groups"].should.have.length_of(max_results)
result.should.have.key("NextToken")
next_token = result["NextToken"]
result_2 = conn.list_groups(
UserPoolId=user_pool_id, Limit=max_results, NextToken=next_token
)
result_2["Groups"].should.have.length_of(max_results)
result_2.shouldnt.have.key("NextToken")
@mock_cognitoidp
def test_list_groups_when_limit_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
group_count = 10
for _ in range(group_count):
conn.create_group(UserPoolId=user_pool_id, GroupName=str(uuid.uuid4()))
max_results = group_count + 5
result = conn.list_groups(UserPoolId=user_pool_id, Limit=max_results)
result["Groups"].should.have.length_of(group_count)
result.shouldnt.have.key("NextToken")
Implement group management for cognito-idp
2018-07-23 16:26:54 +10:00
@mock_cognitoidp
def test_delete_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
result = conn.delete_group(GroupName=group_name, UserPoolId=user_pool_id)
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
Implement group management for cognito-idp
2018-07-23 16:26:54 +10:00
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 07:54:49 +02:00
with pytest.raises(ClientError) as cm:
Implement group management for cognito-idp
2018-07-23 16:26:54 +10:00
conn.get_group(GroupName=group_name, UserPoolId=user_pool_id)
Finish porting from nose to pytest.
2020-10-06 08:04:09 +02:00
cm.value.response["Error"]["Code"].should.equal("ResourceNotFoundException")
Implement group management for cognito-idp
2018-07-23 16:26:54 +10:00
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
@mock_cognitoidp
def test_admin_add_user_to_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result = conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_admin_add_user_to_group_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = "test@example.com"
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
@mock_cognitoidp
def test_admin_add_user_to_group_again_is_noop():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
# should there be an assertion here?
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
@mock_cognitoidp
def test_list_users_in_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
result = conn.list_users_in_group(UserPoolId=user_pool_id, GroupName=group_name)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(username)
@mock_cognitoidp
def test_list_users_in_group_ignores_deleted_user():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
username2 = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username2)
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username2, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
conn.admin_delete_user(UserPoolId=user_pool_id, Username=username)
result = conn.list_users_in_group(UserPoolId=user_pool_id, GroupName=group_name)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(username2)
cognito-idp - pagination for `list_groups` and `list_users_in_group`. (#5292)
2022-07-26 01:54:50 +02:00
@mock_cognitoidp
def test_list_users_in_group_returns_pagination_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
# Given 10 users
usernames = [str(uuid.uuid4()) for _ in range(10)]
for username in usernames:
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
max_results = 5
result = conn.list_users_in_group(
UserPoolId=user_pool_id, GroupName=group_name, Limit=max_results
)
result["Users"].should.have.length_of(max_results)
result.should.have.key("NextToken")
next_token = result["NextToken"]
result_2 = conn.list_users_in_group(
UserPoolId=user_pool_id,
GroupName=group_name,
Limit=max_results,
NextToken=next_token,
)
result_2["Users"].should.have.length_of(max_results)
result_2.shouldnt.have.key("NextToken")
@mock_cognitoidp
def test_list_users_in_group_when_limit_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
# Given 10 users
usernames = [str(uuid.uuid4()) for _ in range(10)]
for username in usernames:
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
max_results = len(usernames) + 5
result = conn.list_users_in_group(
UserPoolId=user_pool_id, GroupName=group_name, Limit=max_results
)
result["Users"].should.have.length_of(len(usernames))
result.shouldnt.have.key("NextToken")
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
@mock_cognitoidp
def test_admin_list_groups_for_user():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
result = conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)
result["Groups"].should.have.length_of(1)
result["Groups"][0]["GroupName"].should.equal(group_name)
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_admin_list_groups_for_user_with_username_attribute():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = "test@example.com"
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
result = conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)
result["Groups"].should.have.length_of(1)
result["Groups"][0]["GroupName"].should.equal(group_name)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
@mock_cognitoidp
def test_admin_list_groups_for_user_ignores_deleted_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
group_name2 = str(uuid.uuid4())
conn.create_group(GroupName=group_name2, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name2
)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
conn.delete_group(GroupName=group_name, UserPoolId=user_pool_id)
result = conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)
result["Groups"].should.have.length_of(1)
result["Groups"][0]["GroupName"].should.equal(group_name2)
@mock_cognitoidp
def test_admin_remove_user_from_group():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result = conn.admin_remove_user_from_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.list_users_in_group(UserPoolId=user_pool_id, GroupName=group_name)[
"Users"
].should.have.length_of(0)
conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)[
"Groups"
].should.have.length_of(0)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_admin_remove_user_from_group_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = "test@example.com"
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
result = conn.admin_remove_user_from_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
conn.list_users_in_group(UserPoolId=user_pool_id, GroupName=group_name)[
"Users"
].should.have.length_of(0)
conn.admin_list_groups_for_user(Username=username, UserPoolId=user_pool_id)[
"Groups"
].should.have.length_of(0)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
@mock_cognitoidp
def test_admin_remove_user_from_group_again_is_noop():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
group_name = str(uuid.uuid4())
conn.create_group(GroupName=group_name, UserPoolId=user_pool_id)
username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
conn.admin_add_user_to_group(
UserPoolId=user_pool_id, Username=username, GroupName=group_name
)
Implement user-group relationships for cognito-idp
2018-07-23 20:54:51 +10:00
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_admin_create_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
result = conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserAttributes=[{"Name": "thing", "Value": value}],
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result["User"]["Username"].should.equal(username)
result["User"]["UserStatus"].should.equal("FORCE_CHANGE_PASSWORD")
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
result["User"]["Attributes"].should.have.length_of(2)
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 15:48:31 +01:00
def _verify_attribute(name, v):
attr = [a for a in result["User"]["Attributes"] if a["Name"] == name]
attr.should.have.length_of(1)
attr[0]["Value"].should.equal(v)
_verify_attribute("thing", value)
Be able to change `enabled` status for cognito-idp users
2018-07-27 16:10:26 +10:00
result["User"]["Enabled"].should.equal(True)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_admin_create_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
result = conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
result["User"]["Username"].should_not.equal(username)
result["User"]["UserStatus"].should.equal("FORCE_CHANGE_PASSWORD")
result["User"]["Attributes"].should.have.length_of(3)
def _verify_attribute(name, v):
attr = [a for a in result["User"]["Attributes"] if a["Name"] == name]
attr.should.have.length_of(1)
attr[0]["Value"].should.equal(v)
_verify_attribute("thing", value)
_verify_attribute("email", username)
result["User"]["Enabled"].should.equal(True)
@mock_cognitoidp
def test_admin_create_user_with_incorrect_username_attribute_type_fails():
conn = boto3.client("cognito-idp", "us-west-2")
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
with pytest.raises(ClientError) as ex:
username = str(uuid.uuid4())
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
err = ex.value.response["Error"]
err["Code"].should.equal("InvalidParameterException")
err["Message"].should.equal("Username should be either an email or a phone number.")
@mock_cognitoidp
def test_admin_create_user_with_existing_username_attribute_fails():
conn = boto3.client("cognito-idp", "us-west-2")
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
username = "test@example.com"
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
with pytest.raises(ClientError) as ex:
username = "test@example.com"
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
err = ex.value.response["Error"]
err["Code"].should.equal("UsernameExistsException")
err["Message"].should.equal("test@example.com")
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 13:51:00 -03:00
@mock_cognitoidp
def test_admin_create_existing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserAttributes=[{"Name": "thing", "Value": value}],
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 13:51:00 -03:00
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 13:51:00 -03:00
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserAttributes=[{"Name": "thing", "Value": value}],
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 13:51:00 -03:00
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
err["Code"].should.equal("UsernameExistsException")
Existing user now raises a UsernameExistsException If a user is attempted to be added to a pool that already contains a user with that username, the UsernameExistsException is thrown, to match AWS behaviour.
2019-08-06 13:51:00 -03:00
cognito-idp – Implemented admin_confirm_sign_up (#4462) (#4463)
2021-10-23 13:32:56 +02:00
@mock_cognitoidp
def test_admin_confirm_sign_up():
conn = boto3.client("cognito-idp", "us-east-1")
username = str(uuid.uuid4())
password = "Passw0rd!"
user_pool_id = conn.create_user_pool(
PoolName="us-east-1_aaaaaaaa", AutoVerifiedAttributes=["email"]
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=False
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
user["UserStatus"].should.equal("UNCONFIRMED")
conn.admin_confirm_sign_up(UserPoolId=user_pool_id, Username=username)
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
cognito-idp – Implemented admin_confirm_sign_up (#4462) (#4463)
2021-10-23 13:32:56 +02:00
user["UserStatus"].should.equal("CONFIRMED")
@mock_cognitoidp
def test_admin_confirm_sign_up_non_existing_user():
conn = boto3.client("cognito-idp", "us-east-1")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName="us-east-1_aaaaaaaa", AutoVerifiedAttributes=["email"]
)["UserPool"]["Id"]
with pytest.raises(ClientError) as exc:
conn.admin_confirm_sign_up(UserPoolId=user_pool_id, Username=username)
err = exc.value.response["Error"]
err["Code"].should.equal("UserNotFoundException")
Upgrade flake8 to 4.x (#5066)
2022-04-27 11:58:59 +00:00
err["Message"].should.equal("User does not exist.")
cognito-idp – Implemented admin_confirm_sign_up (#4462) (#4463)
2021-10-23 13:32:56 +02:00
@mock_cognitoidp
def test_admin_confirm_sign_up_non_existing_pool():
conn = boto3.client("cognito-idp", "us-east-1")
user_pool_id = "us-east-1_aaaaaaaa"
with pytest.raises(ClientError) as exc:
conn.admin_confirm_sign_up(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
err = exc.value.response["Error"]
err["Code"].should.equal("ResourceNotFoundException")
err["Message"].should.equal(f"User pool {user_pool_id} does not exist.")
MessageAction for cognito admin_create_user is now handled If an invitation is attempted to be reset to a pool we validate that the user is indeed already in the pool else we raise a UserNotFoundException to match AWS behaviour
2020-02-10 18:09:15 +01:00
@mock_cognitoidp
def test_admin_resend_invitation_existing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
# Resending this should not throw an error
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
MessageAction="RESEND",
)
MessageAction for cognito admin_create_user is now handled If an invitation is attempted to be reset to a pool we validate that the user is indeed already in the pool else we raise a UserNotFoundException to match AWS behaviour
2020-02-10 18:09:15 +01:00
@mock_cognitoidp
def test_admin_resend_invitation_missing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 12:43:37 +02:00
with pytest.raises(ClientError) as exc:
MessageAction for cognito admin_create_user is now handled If an invitation is attempted to be reset to a pool we validate that the user is indeed already in the pool else we raise a UserNotFoundException to match AWS behaviour
2020-02-10 18:09:15 +01:00
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
MessageAction="RESEND",
)
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 12:43:37 +02:00
err = exc.value.response["Error"]
err["Code"].should.equal("UserNotFoundException")
Upgrade flake8 to 4.x (#5066)
2022-04-27 11:58:59 +00:00
err["Message"].should.equal("User does not exist.")
MessageAction for cognito admin_create_user is now handled If an invitation is attempted to be reset to a pool we validate that the user is indeed already in the pool else we raise a UserNotFoundException to match AWS behaviour
2020-02-10 18:09:15 +01:00
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_admin_get_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserAttributes=[{"Name": "thing", "Value": value}],
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["Username"].should.equal(username)
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
result["UserAttributes"].should.have.length_of(2)
@mock_cognitoidp
def test_admin_get_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email", "phone_number"]
)["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
{"Name": "thing", "Value": value},
{"Name": "phone_number", "Value": "+123456789"},
],
)
# verify user can be queried by email
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["Username"].should_not.equal(username)
result["UserAttributes"].should.have.length_of(4)
def _verify_attribute(name, v):
attr = [a for a in result["UserAttributes"] if a["Name"] == name]
attr.should.have.length_of(1)
attr[0]["Value"].should.equal(v)
_verify_attribute("phone_number", "+123456789")
_verify_attribute("email", "test@example.com")
# verify user can be queried by phone number
result = conn.admin_get_user(UserPoolId=user_pool_id, Username="+123456789")
result["Username"].should_not.equal(username)
result["UserAttributes"].should.have.length_of(4)
_verify_attribute("phone_number", "+123456789")
_verify_attribute("email", "test@example.com")
# verify that the generate user sub is a valid UUID v4
[user_sub] = [
attr["Value"] for attr in result["UserAttributes"] if attr["Name"] == "sub"
]
uuid.UUID(user_sub)
# verify user should be queried by user sub
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=user_sub)
result["Username"].should_not.equal(username)
result["UserAttributes"].should.have.length_of(4)
_verify_attribute("phone_number", "+123456789")
_verify_attribute("email", "test@example.com")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Missing users now raise a UserNotFoundException A missing user in a cognito user pool has raises a UserNotFoundException, not a ResourceNotFoundException. This commit corrects the behaviour so that the correct exception is raised
2018-10-17 18:39:52 +01:00
@mock_cognitoidp
def test_admin_get_missing_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 12:43:37 +02:00
with pytest.raises(ClientError) as exc:
Missing users now raise a UserNotFoundException A missing user in a cognito user pool has raises a UserNotFoundException, not a ResourceNotFoundException. This commit corrects the behaviour so that the correct exception is raised
2018-10-17 18:39:52 +01:00
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 12:43:37 +02:00
err = exc.value.response["Error"]
err["Code"].should.equal("UserNotFoundException")
Upgrade flake8 to 4.x (#5066)
2022-04-27 11:58:59 +00:00
err["Message"].should.equal("User does not exist.")
Missing users now raise a UserNotFoundException A missing user in a cognito user pool has raises a UserNotFoundException, not a ResourceNotFoundException. This commit corrects the behaviour so that the correct exception is raised
2018-10-17 18:39:52 +01:00
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_admin_get_missing_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 12:43:37 +02:00
with pytest.raises(ClientError) as exc:
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 12:43:37 +02:00
err = exc.value.response["Error"]
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
err["Code"].should.equal("UserNotFoundException")
Upgrade flake8 to 4.x (#5066)
2022-04-27 11:58:59 +00:00
err["Message"].should.equal("User does not exist.")
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 15:48:31 +01:00
@mock_cognitoidp
def test_get_user():
conn = boto3.client("cognito-idp", "us-west-2")
outputs = authentication_flow(conn, "ADMIN_NO_SRP_AUTH")
result = conn.get_user(AccessToken=outputs["access_token"])
result["Username"].should.equal(outputs["username"])
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
result["UserAttributes"].should.have.length_of(2)
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 15:48:31 +01:00
def _verify_attribute(name, v):
attr = [a for a in result["UserAttributes"] if a["Name"] == name]
attr.should.have.length_of(1)
attr[0]["Value"].should.equal(v)
fix: cognito-idp: admin_create_user remove default attributes (#4070) * 4069: fix: cognito-idp: admin_create_user remove default attributes
2021-07-14 15:35:09 +01:00
for key, value in outputs["additional_fields"].items():
_verify_attribute(key, value)
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 15:48:31 +01:00
@mock_cognitoidp
def test_get_user_unknown_accesstoken():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.get_user(AccessToken="n/a")
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
err["Message"].should.equal("Invalid token")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_list_users():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.list_users(UserPoolId=user_pool_id)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(username)
Add test
2020-02-05 12:03:33 +01:00
username_bis = str(uuid.uuid4())
conn.admin_create_user(
Change from black linter
2020-02-05 14:19:08 +01:00
UserPoolId=user_pool_id,
Username=username_bis,
UserAttributes=[{"Name": "phone_number", "Value": "+33666666666"}],
)
result = conn.list_users(
cognito-idp – Added format validation and implemented prefix operator for Filter param of list_users (#4388)
2021-10-12 00:31:40 +02:00
UserPoolId=user_pool_id, Filter='phone_number="+33666666666"'
Add test
2020-02-05 12:03:33 +01:00
)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(username_bis)
[fix] cognito-idp list_users Filter arg now support spaces (#3317)
2020-09-19 13:26:01 +03:00
# checking Filter with space
result = conn.list_users(
cognito-idp – Added format validation and implemented prefix operator for Filter param of list_users (#4388)
2021-10-12 00:31:40 +02:00
UserPoolId=user_pool_id, Filter='phone_number = "+33666666666"'
[fix] cognito-idp list_users Filter arg now support spaces (#3317)
2020-09-19 13:26:01 +03:00
)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(username_bis)
Add test
2020-02-05 12:03:33 +01:00
cognito-idp – Added format validation and implemented prefix operator for Filter param of list_users (#4388)
2021-10-12 00:31:40 +02:00
user0_username = "user0@example.com"
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=user0_username,
UserAttributes=[{"Name": "phone_number", "Value": "+48555555555"}],
)
# checking Filter with prefix operator
result = conn.list_users(UserPoolId=user_pool_id, Filter='phone_number ^= "+48"')
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should.equal(user0_username)
# empty value Filter should also be supported
result = conn.list_users(UserPoolId=user_pool_id, Filter='family_name=""')
result["Users"].should.have.length_of(0)
@mock_cognitoidp
def test_list_users_incorrect_filter():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
with pytest.raises(conn.exceptions.InvalidParameterException) as exc:
conn.list_users(UserPoolId=user_pool_id, Filter="username = foo")
_assert_filter_parsing_error(exc)
with pytest.raises(conn.exceptions.InvalidParameterException) as exc:
conn.list_users(UserPoolId=user_pool_id, Filter="username=")
_assert_filter_parsing_error(exc)
def _assert_filter_parsing_error(exc):
err = exc.value.response["Error"]
assert err["Code"].should.equal("InvalidParameterException")
assert err["Message"].should.equal("Error while parsing filter")
fix for 'status' filter, inherent_attributes test (#4129) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 17:34:07 +02:00
cognito-idp – Do not allow custom attributes in list_users() Filter param (#4389) (#4407)
2021-10-13 11:55:58 +02:00
@mock_cognitoidp
def test_list_users_invalid_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
with pytest.raises(conn.exceptions.InvalidParameterException) as exc:
conn.list_users(UserPoolId=user_pool_id, Filter='custom:foo = "bar"')
err = exc.value.response["Error"]
assert err["Code"].should.equal("InvalidParameterException")
assert err["Message"].should.equal("Invalid search attribute: custom:foo")
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_list_users_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.list_users(UserPoolId=user_pool_id)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should_not.equal(username)
def _verify_attribute(name, v):
attr = [a for a in result["Users"][0]["Attributes"] if a["Name"] == name]
attr.should.have.length_of(1)
attr[0]["Value"].should.equal(v)
_verify_attribute("email", username)
username_bis = "test2@uexample.com"
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username_bis,
UserAttributes=[{"Name": "phone_number", "Value": "+33666666666"}],
)
result = conn.list_users(
UserPoolId=user_pool_id, Filter='phone_number="+33666666666"'
)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should_not.equal(username_bis)
uuid.UUID(result["Users"][0]["Username"])
_verify_attribute("email", username_bis)
# checking Filter with space
result = conn.list_users(
UserPoolId=user_pool_id, Filter='phone_number = "+33666666666"'
)
result["Users"].should.have.length_of(1)
result["Users"][0]["Username"].should_not.equal(username_bis)
_verify_attribute("email", username_bis)
fix for 'status' filter, inherent_attributes test (#4129) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 17:34:07 +02:00
@mock_cognitoidp
def test_list_users_inherent_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.list_users(UserPoolId=user_pool_id)
cognito:user_status filter in list users (#4120) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 08:56:41 +02:00
result["Users"].should.have.length_of(1)
fix for 'status' filter, inherent_attributes test (#4129) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 17:34:07 +02:00
result["Users"][0]["Username"].should.equal(username)
# create a confirmed disabled user
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
disabled_user_username = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=disabled_user_username)
conn.confirm_sign_up(
ClientId=client_id, Username=disabled_user_username, ConfirmationCode="123456"
)
conn.admin_disable_user(UserPoolId=user_pool_id, Username=disabled_user_username)
# filter, filter value, response field, response field expected value - all target confirmed disabled user
filters = [
("username", disabled_user_username, "Username", disabled_user_username),
("status", "Disabled", "Enabled", False),
("cognito:user_status", "CONFIRMED", "UserStatus", "CONFIRMED"),
]
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for name, filter_value, response_field, response_field_expected_value in filters:
fix for 'status' filter, inherent_attributes test (#4129) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 17:34:07 +02:00
result = conn.list_users(
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 21:41:08 -01:00
UserPoolId=user_pool_id, Filter=f'{name}="{filter_value}"'
fix for 'status' filter, inherent_attributes test (#4129) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 17:34:07 +02:00
)
result["Users"].should.have.length_of(1)
result["Users"][0][response_field].should.equal(response_field_expected_value)
cognito:user_status filter in list users (#4120) Co-authored-by: Łukasz Nowak <lukasz.nowak@idemia.com>
2021-08-03 08:56:41 +02:00
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 15:48:31 +01:00
@mock_cognitoidp
def test_get_user_unconfirmed():
if settings.TEST_SERVER_MODE:
raise SkipTest("Cant patch attributes in server mode.")
conn = boto3.client("cognito-idp", "us-west-2")
outputs = authentication_flow(conn, "ADMIN_NO_SRP_AUTH")
MultiAccount support (#5192)
2022-08-13 09:49:43 +00:00
backend = moto.cognitoidp.models.cognitoidp_backends[ACCOUNT_ID]["us-west-2"]
CognitoIDP: get_user (#4038) * cognito-idp get_user support * add carium expected attributes * CognitoIDP#get_user - Add negative tests Co-authored-by: Lalitha Kolla <lalitha.kolla@carium.com>
2021-06-27 15:48:31 +01:00
user_pool = backend.user_pools[outputs["user_pool_id"]]
user_pool.users[outputs["username"]].status = "UNCONFIRMED"
with pytest.raises(ClientError) as ex:
conn.get_user(AccessToken=outputs["access_token"])
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
err["Message"].should.equal("username")
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
@mock_cognitoidp
def test_list_users_returns_limit_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
user_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(user_count):
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
max_results = 5
result = conn.list_users(UserPoolId=user_pool_id, Limit=max_results)
result["Users"].should.have.length_of(max_results)
result.should.have.key("PaginationToken")
@mock_cognitoidp
def test_list_users_returns_pagination_tokens():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
user_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(user_count):
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
max_results = 5
result = conn.list_users(UserPoolId=user_pool_id, Limit=max_results)
result["Users"].should.have.length_of(max_results)
result.should.have.key("PaginationToken")
next_token = result["PaginationToken"]
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
result_2 = conn.list_users(
UserPoolId=user_pool_id, Limit=max_results, PaginationToken=next_token
)
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
result_2["Users"].should.have.length_of(max_results)
result_2.shouldnt.have.key("PaginationToken")
@mock_cognitoidp
def test_list_users_when_limit_more_than_total_items():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Given 10 users
user_count = 10
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
for _ in range(user_count):
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_create_user(UserPoolId=user_pool_id, Username=str(uuid.uuid4()))
Adds limiting/pagination to cognitoidp list_* functions
2018-10-24 15:10:28 +01:00
max_results = user_count + 5
result = conn.list_users(UserPoolId=user_pool_id, Limit=max_results)
result["Users"].should.have.length_of(user_count)
result.shouldnt.have.key("PaginationToken")
CognitoIDP:list_users() - Implement AttributesToGet-parameter (#4539)
2021-11-07 15:02:48 -01:00
@mock_cognitoidp
def test_list_users_with_attributes_to_get():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
for _ in range(5):
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=str(uuid.uuid4()),
UserAttributes=[
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "Jane"},
{"Name": "custom:foo", "Value": "bar"},
],
)
result = conn.list_users(
UserPoolId=user_pool_id, AttributesToGet=["given_name", "custom:foo", "unknown"]
)
users = result["Users"]
users.should.have.length_of(5)
for user in users:
user["Attributes"].should.have.length_of(2)
user["Attributes"].should.contain({"Name": "given_name", "Value": "Jane"})
user["Attributes"].should.contain({"Name": "custom:foo", "Value": "bar"})
Be able to change `enabled` status for cognito-idp users
2018-07-27 16:10:26 +10:00
@mock_cognitoidp
def test_admin_disable_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_disable_user(UserPoolId=user_pool_id, Username=username)
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)[
"Enabled"
].should.equal(False)
Be able to change `enabled` status for cognito-idp users
2018-07-27 16:10:26 +10:00
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_admin_disable_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_disable_user(UserPoolId=user_pool_id, Username=username)
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)[
"Enabled"
].should.equal(False)
Be able to change `enabled` status for cognito-idp users
2018-07-27 16:10:26 +10:00
@mock_cognitoidp
def test_admin_enable_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_disable_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_enable_user(UserPoolId=user_pool_id, Username=username)
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)[
"Enabled"
].should.equal(True)
Be able to change `enabled` status for cognito-idp users
2018-07-27 16:10:26 +10:00
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_admin_enable_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_disable_user(UserPoolId=user_pool_id, Username=username)
result = conn.admin_enable_user(UserPoolId=user_pool_id, Username=username)
list(result.keys()).should.equal(["ResponseMetadata"]) # No response expected
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)[
"Enabled"
].should.equal(True)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_admin_delete_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_delete_user(UserPoolId=user_pool_id, Username=username)
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 12:43:37 +02:00
with pytest.raises(ClientError) as exc:
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 12:43:37 +02:00
err = exc.value.response["Error"]
err["Code"].should.equal("UserNotFoundException")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_admin_delete_user_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_delete_user(UserPoolId=user_pool_id, Username=username)
with pytest.raises(ClientError) as ex:
conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
err = ex.value.response["Error"]
err["Code"].should.equal("UserNotFoundException")
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
def authentication_flow(conn, auth_flow):
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
temporary_password = "P2$Sword"
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
Testing new feature
2018-08-07 13:55:32 +02:00
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
ReadAttributes=[user_attribute_name],
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)["UserPoolClient"]["ClientId"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserAttributes=[{"Name": user_attribute_name, "Value": user_attribute_value}],
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
result = conn.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
AuthFlow=auth_flow,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
# A newly created user is forced to set a new password
result["ChallengeName"].should.equal("NEW_PASSWORD_REQUIRED")
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["Session"].should_not.equal(None)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
# This sets a new password and logs the user in (creates tokens)
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
new_password = "P2$Sword"
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
result = conn.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": new_password},
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["AuthenticationResult"]["IdToken"].should_not.equal(None)
result["AuthenticationResult"]["AccessToken"].should_not.equal(None)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
return {
"user_pool_id": user_pool_id,
"client_id": client_id,
"id_token": result["AuthenticationResult"]["IdToken"],
"access_token": result["AuthenticationResult"]["AccessToken"],
"username": username,
"password": new_password,
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
"additional_fields": {user_attribute_name: user_attribute_value},
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
}
@mock_cognitoidp
def test_authentication_flow():
conn = boto3.client("cognito-idp", "us-west-2")
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
authentication_flow(conn, auth_flow)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Restrict initiate_auth and admin_initiate_auth AuthFlow (#4836)
2022-02-07 23:55:51 +00:00
@mock_cognitoidp
def test_authentication_flow_invalid_flow():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
authentication_flow(conn, "NO_SUCH_FLOW")
err = ex.value.response["Error"]
err["Code"].should.equal("InvalidParameterException")
err["Message"].should.equal(
"1 validation error detected: Value 'NO_SUCH_FLOW' at 'authFlow' failed to satisfy constraint: "
"Member must satisfy enum value set: "
"['ADMIN_NO_SRP_AUTH', 'ADMIN_USER_PASSWORD_AUTH', 'USER_SRP_AUTH', 'REFRESH_TOKEN_AUTH', 'REFRESH_TOKEN', "
"'CUSTOM_AUTH', 'USER_PASSWORD_AUTH']"
)
@mock_cognitoidp
def test_authentication_flow_invalid_user_flow():
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
"""Pass a user authFlow to admin_initiate_auth"""
Restrict initiate_auth and admin_initiate_auth AuthFlow (#4836)
2022-02-07 23:55:51 +00:00
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
authentication_flow(conn, "USER_PASSWORD_AUTH")
err = ex.value.response["Error"]
err["Code"].should.equal("InvalidParameterException")
err["Message"].should.equal("Initiate Auth method not supported")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
def user_authentication_flow(conn):
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
user_attribute_name = str(uuid.uuid4())
user_attribute_value = str(uuid.uuid4())
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id,
ClientName=str(uuid.uuid4()),
ReadAttributes=[user_attribute_name],
GenerateSecret=True,
)["UserPoolClient"]["ClientId"]
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
conn.sign_up(ClientId=client_id, Username=username, Password=password)
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
client_secret = conn.describe_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientId=client_id
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)["UserPoolClient"]["ClientSecret"]
conn.confirm_sign_up(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
ClientId=client_id, Username=username, ConfirmationCode="123456"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)
# generating secret hash
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
fix SALT and SRP_B params
2020-12-03 11:05:59 +01:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
"SECRET_HASH": secret_hash,
},
)
result = conn.respond_to_auth_challenge(
ClientId=client_id,
ChallengeName=result["ChallengeName"],
ChallengeResponses={
"PASSWORD_CLAIM_SIGNATURE": str(uuid.uuid4()),
"PASSWORD_CLAIM_SECRET_BLOCK": result["Session"],
"TIMESTAMP": str(uuid.uuid4()),
"USERNAME": username,
},
)
refresh_token = result["AuthenticationResult"]["RefreshToken"]
# add mfa token
conn.associate_software_token(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
AccessToken=result["AuthenticationResult"]["AccessToken"]
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)
conn.verify_software_token(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
AccessToken=result["AuthenticationResult"]["AccessToken"], UserCode="123456"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)
conn.set_user_mfa_preference(
AccessToken=result["AuthenticationResult"]["AccessToken"],
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True},
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="REFRESH_TOKEN",
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
AuthParameters={"SECRET_HASH": secret_hash, "REFRESH_TOKEN": refresh_token},
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["AuthenticationResult"]["IdToken"].should_not.equal(None)
result["AuthenticationResult"]["AccessToken"].should_not.equal(None)
CognitoIdp fixes (#4518)
2022-03-10 15:38:43 +01:00
result["AuthenticationResult"]["TokenType"].should.equal("Bearer")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
# authenticate user once again this time with mfa token
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
fix SALT and SRP_B params
2020-12-03 11:05:59 +01:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
"SECRET_HASH": secret_hash,
},
)
result = conn.respond_to_auth_challenge(
ClientId=client_id,
ChallengeName=result["ChallengeName"],
ChallengeResponses={
"PASSWORD_CLAIM_SIGNATURE": str(uuid.uuid4()),
"PASSWORD_CLAIM_SECRET_BLOCK": result["Session"],
"TIMESTAMP": str(uuid.uuid4()),
"USERNAME": username,
},
)
result = conn.respond_to_auth_challenge(
ClientId=client_id,
Session=result["Session"],
ChallengeName=result["ChallengeName"],
ChallengeResponses={
"SOFTWARE_TOKEN_MFA_CODE": "123456",
"USERNAME": username,
"SECRET_HASH": secret_hash,
},
)
return {
"user_pool_id": user_pool_id,
"client_id": client_id,
"client_secret": client_secret,
"secret_hash": secret_hash,
"id_token": result["AuthenticationResult"]["IdToken"],
"access_token": result["AuthenticationResult"]["AccessToken"],
"refresh_token": refresh_token,
"username": username,
"password": password,
"additional_fields": {user_attribute_name: user_attribute_value},
}
@mock_cognitoidp
def test_user_authentication_flow():
conn = boto3.client("cognito-idp", "us-west-2")
user_authentication_flow(conn)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_token_legitimacy():
conn = boto3.client("cognito-idp", "us-west-2")
path = "../../moto/cognitoidp/resources/jwks-public.json"
with open(os.path.join(os.path.dirname(__file__), path)) as f:
json_web_key = json.loads(f.read())["keys"][0]
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
outputs = authentication_flow(conn, auth_flow)
id_token = outputs["id_token"]
access_token = outputs["access_token"]
client_id = outputs["client_id"]
CognitoIDP: Replace email with username in cogntio JWT tokens (#5652)
2022-11-10 18:08:56 +01:00
username = outputs["username"]
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 21:41:08 -01:00
issuer = (
f"https://cognito-idp.us-west-2.amazonaws.com/{outputs['user_pool_id']}"
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
)
id_claims = json.loads(jws.verify(id_token, json_web_key, "RS256"))
id_claims["iss"].should.equal(issuer)
id_claims["aud"].should.equal(client_id)
id_claims["token_use"].should.equal("id")
CognitoIDP: ID-token has different key for username (#6056)
2023-03-12 09:19:33 -01:00
id_claims["cognito:username"].should.equal(username)
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for k, v in outputs["additional_fields"].items():
id_claims[k].should.equal(v)
access_claims = json.loads(jws.verify(access_token, json_web_key, "RS256"))
access_claims["iss"].should.equal(issuer)
Cognito payload - Switch key name of "client_id" (#5708)
2022-11-26 06:06:12 +09:00
access_claims["client_id"].should.equal(client_id)
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
access_claims["token_use"].should.equal("access")
CognitoIDP: Replace email with username in cogntio JWT tokens (#5652)
2022-11-10 18:08:56 +01:00
access_claims["username"].should.equal(username)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
moto/issues/2672 | Formatted using black
2020-01-06 13:29:23 +08:00
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_change_password():
conn = boto3.client("cognito-idp", "us-west-2")
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
outputs = authentication_flow(conn, auth_flow)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
# Take this opportunity to test change_password, which requires an access token.
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
newer_password = "P2$Sword2"
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
conn.change_password(
AccessToken=outputs["access_token"],
PreviousPassword=outputs["password"],
ProposedPassword=newer_password,
)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
# Log in again, which should succeed without a challenge because the user is no
# longer in the force-new-password state.
result = conn.admin_initiate_auth(
UserPoolId=outputs["user_pool_id"],
ClientId=outputs["client_id"],
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={
"USERNAME": outputs["username"],
"PASSWORD": newer_password,
},
)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["AuthenticationResult"].should_not.equal(None)
Append region-info to UserAgent-header, if it already exists
2020-06-30 15:00:08 +01:00
@mock_cognitoidp
def test_change_password__using_custom_user_agent_header():
Admin: Update Docs to point to getmoto (#5826)
2023-01-07 11:35:14 +00:00
# https://github.com/getmoto/moto/issues/3098
Append region-info to UserAgent-header, if it already exists
2020-06-30 15:00:08 +01:00
# As the admin_initiate_auth-method is unauthenticated, we use the user-agent header to pass in the region
# This test verifies this works, even if we pass in our own user-agent header
from botocore.config import Config
my_config = Config(user_agent_extra="more/info", signature_version="v4")
conn = boto3.client("cognito-idp", "us-west-2", config=my_config)
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
outputs = authentication_flow(conn, auth_flow)
Append region-info to UserAgent-header, if it already exists
2020-06-30 15:00:08 +01:00
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
# Take this opportunity to test change_password, which requires an access token.
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
newer_password = "P2$Sword2"
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
conn.change_password(
AccessToken=outputs["access_token"],
PreviousPassword=outputs["password"],
ProposedPassword=newer_password,
)
Append region-info to UserAgent-header, if it already exists
2020-06-30 15:00:08 +01:00
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
# Log in again, which should succeed without a challenge because the user is no
# longer in the force-new-password state.
result = conn.admin_initiate_auth(
UserPoolId=outputs["user_pool_id"],
ClientId=outputs["client_id"],
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={
"USERNAME": outputs["username"],
"PASSWORD": newer_password,
},
)
Append region-info to UserAgent-header, if it already exists
2020-06-30 15:00:08 +01:00
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["AuthenticationResult"].should_not.equal(None)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
def test_forgot_password():
conn = boto3.client("cognito-idp", "us-west-2")
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 16:26:57 +02:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
result = conn.forgot_password(ClientId=client_id, Username=str(uuid.uuid4()))
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["CodeDeliveryDetails"]["Destination"].should_not.equal(None)
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 16:26:57 +02:00
result["CodeDeliveryDetails"]["DeliveryMedium"].should.equal("SMS")
result["CodeDeliveryDetails"]["AttributeName"].should.equal("phone_number")
@mock_cognitoidp
def test_forgot_password_nonexistent_client_id():
conn = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
conn.forgot_password(ClientId=create_id(), Username=str(uuid.uuid4()))
err = ex.value.response["Error"]
err["Code"].should.equal("ResourceNotFoundException")
err["Message"].should.equal("Username/client id combination not found.")
@mock_cognitoidp
def test_forgot_password_admin_only_recovery():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "admin_only", "Priority": 1}]
},
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
with pytest.raises(ClientError) as ex:
conn.forgot_password(ClientId=client_id, Username=str(uuid.uuid4()))
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
err["Message"].should.equal("Contact administrator to reset password.")
@mock_cognitoidp
def test_forgot_password_user_with_all_recovery_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "verified_email", "Priority": 1}]
},
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
{"Name": "email", "Value": "test@moto.com"},
{"Name": "phone_number", "Value": "555555555"},
],
)
result = conn.forgot_password(ClientId=client_id, Username=username)
result["CodeDeliveryDetails"]["Destination"].should.equal("test@moto.com")
result["CodeDeliveryDetails"]["DeliveryMedium"].should.equal("EMAIL")
result["CodeDeliveryDetails"]["AttributeName"].should.equal("email")
conn.update_user_pool(
UserPoolId=user_pool_id,
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "verified_phone_number", "Priority": 1}]
},
)
result = conn.forgot_password(ClientId=client_id, Username=username)
result["CodeDeliveryDetails"]["Destination"].should.equal("555555555")
result["CodeDeliveryDetails"]["DeliveryMedium"].should.equal("SMS")
result["CodeDeliveryDetails"]["AttributeName"].should.equal("phone_number")
@mock_cognitoidp
def test_forgot_password_nonexistent_user_or_user_without_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "verified_email", "Priority": 1}]
},
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
user_without_attributes = str(uuid.uuid4())
nonexistent_user = str(uuid.uuid4())
conn.admin_create_user(UserPoolId=user_pool_id, Username=user_without_attributes)
for user in user_without_attributes, nonexistent_user:
result = conn.forgot_password(ClientId=client_id, Username=user)
result["CodeDeliveryDetails"]["Destination"].should.equal(user + "@h***.com")
result["CodeDeliveryDetails"]["DeliveryMedium"].should.equal("EMAIL")
result["CodeDeliveryDetails"]["AttributeName"].should.equal("email")
conn.update_user_pool(
UserPoolId=user_pool_id,
AccountRecoverySetting={
"RecoveryMechanisms": [{"Name": "verified_phone_number", "Priority": 1}]
},
)
for user in user_without_attributes, nonexistent_user:
result = conn.forgot_password(ClientId=client_id, Username=user)
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
Added significant verification to ForgotPassword, changed UserStatus dict to enum (#4469)
2021-10-24 16:26:57 +02:00
result["CodeDeliveryDetails"]["Destination"].should.equal("+*******9934")
result["CodeDeliveryDetails"]["DeliveryMedium"].should.equal("SMS")
result["CodeDeliveryDetails"]["AttributeName"].should.equal("phone_number")
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
@mock_cognitoidp
Return OTP from forgot password (#4478)
2021-10-27 20:29:29 +02:00
def test_confirm_forgot_password_legacy():
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)["UserPoolClient"]["ClientId"]
conn.admin_create_user(
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
)
Return OTP from forgot password (#4478)
2021-10-27 20:29:29 +02:00
# Random confirmation code - opt out of verification
conn.forgot_password(ClientId=client_id, Username=username)
res = conn.confirm_forgot_password(
Implement some of cognito-idp
2018-05-02 16:13:12 -05:00
ClientId=client_id,
Username=username,
ConfirmationCode=str(uuid.uuid4()),
Password=str(uuid.uuid4()),
)
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 16:58:10 -06:00
Return OTP from forgot password (#4478)
2021-10-27 20:29:29 +02:00
res["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
@mock_cognitoidp
def test_confirm_forgot_password_opt_in_verification():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
conn.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
res = conn.forgot_password(ClientId=client_id, Username=username)
confirmation_code = res["ResponseMetadata"]["HTTPHeaders"][
"x-moto-forgot-password-confirmation-code"
]
confirmation_code.should.match(r"moto-confirmation-code:[0-9]{6}", re.I)
res = conn.confirm_forgot_password(
ClientId=client_id,
Username=username,
ConfirmationCode=confirmation_code,
Password=str(uuid.uuid4()),
)
res["ResponseMetadata"]["HTTPStatusCode"].should.equal(200)
@mock_cognitoidp
def test_confirm_forgot_password_opt_in_verification_invalid_confirmation_code():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
conn.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
with pytest.raises(ClientError) as ex:
conn.confirm_forgot_password(
ClientId=client_id,
Username=username,
ConfirmationCode="moto-confirmation-code:123invalid",
Password=str(uuid.uuid4()),
)
err = ex.value.response["Error"]
err["Code"].should.equal("ExpiredCodeException")
err["Message"].should.equal("Invalid code provided, please request a code again.")
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 10:49:19 -07:00
@mock_cognitoidp
def test_admin_user_global_sign_out():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
conn.admin_user_global_sign_out(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=result["user_pool_id"], Username=result["username"]
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 10:49:19 -07:00
)
admin_user_global_sign_out works only once (#4717)
2021-12-27 23:18:02 +03:00
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="REFRESH_TOKEN",
AuthParameters={
"REFRESH_TOKEN": result["refresh_token"],
"SECRET_HASH": result["secret_hash"],
},
)
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
err["Message"].should.equal("Refresh Token has been revoked")
@mock_cognitoidp
def test_admin_user_global_sign_out_twice():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
conn.admin_user_global_sign_out(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=result["user_pool_id"], Username=result["username"]
admin_user_global_sign_out works only once (#4717)
2021-12-27 23:18:02 +03:00
)
conn.admin_user_global_sign_out(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=result["user_pool_id"], Username=result["username"]
admin_user_global_sign_out works only once (#4717)
2021-12-27 23:18:02 +03:00
)
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 10:49:19 -07:00
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="REFRESH_TOKEN",
AuthParameters={
"REFRESH_TOKEN": result["refresh_token"],
"SECRET_HASH": result["secret_hash"],
},
)
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
err["Message"].should.equal("Refresh Token has been revoked")
@mock_cognitoidp
def test_admin_user_global_sign_out_unknown_userpool():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
conn.admin_user_global_sign_out(UserPoolId="n/a", Username=result["username"])
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 10:49:19 -07:00
err = ex.value.response["Error"]
err["Code"].should.equal("ResourceNotFoundException")
@mock_cognitoidp
def test_admin_user_global_sign_out_unknown_user():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
conn.admin_user_global_sign_out(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=result["user_pool_id"], Username="n/a"
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 10:49:19 -07:00
)
err = ex.value.response["Error"]
err["Code"].should.equal("UserNotFoundException")
cognito-idp – Correct exception when user does not exist (#4482)
2021-10-27 12:43:37 +02:00
err["Message"].should.equal("User does not exist.")
Add support for admin_user_global_sign_out to cognitoidp (#4092) * Add support for admin_user_global_sign_out to cognitoidp
2021-07-27 10:49:19 -07:00
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
@mock_cognitoidp
def test_global_sign_out():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
conn.global_sign_out(AccessToken=result["access_token"])
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="REFRESH_TOKEN",
AuthParameters={
"REFRESH_TOKEN": result["refresh_token"],
"SECRET_HASH": result["secret_hash"],
},
)
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
err["Message"].should.equal("Refresh Token has been revoked")
CognitoIDP: sign_out() should invalidate AccessToken (#5794)
2022-12-20 21:09:02 -01:00
with pytest.raises(ClientError) as ex:
conn.get_user(AccessToken=result["access_token"])
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
@mock_cognitoidp
def test_global_sign_out_unknown_accesstoken():
conn = boto3.client("cognito-idp", "us-east-2")
with pytest.raises(ClientError) as ex:
conn.global_sign_out(AccessToken="n/a")
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 16:58:10 -06:00
@mock_cognitoidp
def test_admin_update_user_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "John"},
],
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 16:58:10 -06:00
)
conn.admin_update_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "Jane"},
],
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 16:58:10 -06:00
)
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
attributes = user["UserAttributes"]
Add cognito-idp admin_update_user_attributes #2184 (#2185)
2019-05-20 16:58:10 -06:00
attributes.should.be.a(list)
for attr in attributes:
Run black on moto & test directories.
2019-10-31 08:44:26 -07:00
val = attr["Value"]
if attr["Name"] == "family_name":
val.should.equal("Doe")
elif attr["Name"] == "given_name":
val.should.equal("Jane")
CognitoIDP - Return KID in headers of ID token
2020-06-20 10:43:02 +01:00
cognito-idp – Implemented admin_delete_user_attributes (#4487)
2021-10-28 23:21:22 +02:00
@mock_cognitoidp
def test_admin_delete_user_attributes():
conn = boto3.client("cognito-idp", "us-east-1")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Schema=[
{
"Name": "foo",
"AttributeDataType": "String",
"Mutable": True,
"Required": False,
}
],
)["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "John"},
{"Name": "nickname", "Value": "Joe"},
{"Name": "custom:foo", "Value": "bar"},
],
)
conn.admin_delete_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributeNames=["nickname", "custom:foo"],
)
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
user["UserAttributes"].should.have.length_of(3) # family_name, given_name and sub
user["UserAttributes"].should.contain({"Name": "family_name", "Value": "Doe"})
user["UserAttributes"].should.contain({"Name": "given_name", "Value": "John"})
user["UserAttributes"].should_not.contain({"Name": "nickname", "Value": "Joe"})
user["UserAttributes"].should_not.contain({"Name": "custom:foo", "Value": "bar"})
@mock_cognitoidp
def test_admin_delete_user_attributes_non_existing_attribute():
conn = boto3.client("cognito-idp", "us-east-1")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "John"},
{"Name": "nickname", "Value": "Joe"},
],
)
with pytest.raises(ClientError) as exc:
conn.admin_delete_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributeNames=["nickname", "custom:foo"],
)
err = exc.value.response["Error"]
err["Code"].should.equal("InvalidParameterException")
err["Message"].should.equal(
"Invalid user attributes: user.custom:foo: Attribute does not exist in the schema.\n"
)
Core - Use json module for error_json exception type rendering instead of jinja2 (#4587)
2021-11-17 17:19:03 +01:00
with pytest.raises(ClientError) as exc:
conn.admin_delete_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributeNames=["nickname", "custom:foo", "custom:bar"],
)
err = exc.value.response["Error"]
err["Code"].should.equal("InvalidParameterException")
err["Message"].should.equal(
"Invalid user attributes: user.custom:foo: Attribute does not exist in the schema.\nuser.custom:bar: Attribute does not exist in the schema.\n"
)
cognito-idp – Implemented admin_delete_user_attributes (#4487)
2021-10-28 23:21:22 +02:00
@mock_cognitoidp
def test_admin_delete_user_attributes_non_existing_user():
conn = boto3.client("cognito-idp", "us-east-1")
username = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
with pytest.raises(ClientError) as exc:
conn.admin_delete_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributeNames=["nickname", "custom:foo"],
)
err = exc.value.response["Error"]
err["Code"].should.equal("UserNotFoundException")
err["Message"].should.equal("User does not exist.")
@mock_cognitoidp
def test_admin_delete_user_attributes_non_existing_pool():
conn = boto3.client("cognito-idp", "us-east-1")
user_pool_id = "us-east-1_aaaaaaaa"
with pytest.raises(ClientError) as exc:
conn.admin_delete_user_attributes(
UserPoolId=user_pool_id,
Username=str(uuid.uuid4()),
UserAttributeNames=["nickname"],
)
err = exc.value.response["Error"]
err["Code"].should.equal("ResourceNotFoundException")
err["Message"].should.equal(f"User pool {user_pool_id} does not exist.")
CognitoIDP: update_group, global_sign_out, update_user_attributes (#5086)
2022-05-01 21:04:57 +00:00
@mock_cognitoidp
def test_update_user_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
result = authentication_flow(conn, auth_flow="ADMIN_USER_PASSWORD_AUTH")
access_token = result["access_token"]
username = result["username"]
user_pool_id = result["user_pool_id"]
conn.update_user_attributes(
AccessToken=access_token,
UserAttributes=[
{"Name": "family_name", "Value": "Doe"},
{"Name": "given_name", "Value": "Jane"},
],
)
user = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
attributes = user["UserAttributes"]
attributes.should.contain({"Name": "family_name", "Value": "Doe"})
attributes.should.contain({"Name": "given_name", "Value": "Jane"})
@mock_cognitoidp
def test_update_user_attributes_unknown_accesstoken():
conn = boto3.client("cognito-idp", "us-east-2")
with pytest.raises(ClientError) as ex:
conn.update_user_attributes(
AccessToken="n/a", UserAttributes=[{"Name": "a", "Value": "b"}]
)
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 20:31:30 +09:00
@mock_cognitoidp
def test_resource_server():
client = boto3.client("cognito-idp", "us-west-2")
name = str(uuid.uuid4())
res = client.create_user_pool(PoolName=name)
user_pool_id = res["UserPool"]["Id"]
identifier = "http://localhost.localdomain"
name = "local server"
scopes = [
{"ScopeName": "app:write", "ScopeDescription": "write scope"},
{"ScopeName": "app:read", "ScopeDescription": "read scope"},
]
res = client.create_resource_server(
UserPoolId=user_pool_id, Identifier=identifier, Name=name, Scopes=scopes
)
res["ResourceServer"]["UserPoolId"].should.equal(user_pool_id)
res["ResourceServer"]["Identifier"].should.equal(identifier)
res["ResourceServer"]["Name"].should.equal(name)
res["ResourceServer"]["Scopes"].should.equal(scopes)
Port test suite from nose to pytest. This just eliminates all errors on the tests collection. Elimination of failures is left to the next commit.
2020-10-06 07:54:49 +02:00
with pytest.raises(ClientError) as ex:
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 20:31:30 +09:00
client.create_resource_server(
UserPoolId=user_pool_id, Identifier=identifier, Name=name, Scopes=scopes
)
Finish porting from nose to pytest.
2020-10-06 08:04:09 +02:00
ex.value.operation_name.should.equal("CreateResourceServer")
ex.value.response["Error"]["Code"].should.equal("InvalidParameterException")
ex.value.response["Error"]["Message"].should.equal(
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 21:41:08 -01:00
f"{identifier} already exists in user pool {user_pool_id}."
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 20:31:30 +09:00
)
Finish porting from nose to pytest.
2020-10-06 08:04:09 +02:00
ex.value.response["ResponseMetadata"]["HTTPStatusCode"].should.equal(400)
Add basic implement for cognito-idp create_resource_server (#3153) * Add basic implement for cognito-idp create_resource_server * lint
2020-07-20 20:31:30 +09:00
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
@mock_cognitoidp
def test_sign_up():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
result = conn.sign_up(ClientId=client_id, Username=username, Password=password)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["UserConfirmed"].should.equal(False)
result["UserSub"].should_not.equal(None)
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
@mock_cognitoidp
@pytest.mark.parametrize("password", ["p2$$word", "P2$s"])
def test_sign_up_with_invalid_password(password):
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
with pytest.raises(ClientError) as exc:
conn.sign_up(ClientId=client_id, Username=username, Password=password)
err = exc.value.response["Error"]
err["Code"].should.equal("InvalidPasswordException")
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_sign_up_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email", "phone_number"]
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
with pytest.raises(ClientError) as err:
# Attempt to add user again
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
conn.sign_up(ClientId=client_id, Username=username, Password=password)
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
err.value.response["Error"]["Code"].should.equal("InvalidParameterException")
username = "test@example.com"
result = conn.sign_up(ClientId=client_id, Username=username, Password=password)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["UserConfirmed"].should.equal(False)
result["UserSub"].should_not.equal(None)
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
username = "+123456789"
result = conn.sign_up(ClientId=client_id, Username=username, Password=password)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["UserConfirmed"].should.equal(False)
result["UserSub"].should_not.equal(None)
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
Cognito IdP: Raise UsernameExistsException from sign_up when user exists (#3765) * Raise UsernameExistsException from sign_up when user exists * Run formatter * Use pytest.raises * Fix test
2021-03-16 18:22:53 -04:00
@mock_cognitoidp
def test_sign_up_existing_user():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4())
Cognito IdP: Raise UsernameExistsException from sign_up when user exists (#3765) * Raise UsernameExistsException from sign_up when user exists * Run formatter * Use pytest.raises * Fix test
2021-03-16 18:22:53 -04:00
)["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
Cognito IdP: Raise UsernameExistsException from sign_up when user exists (#3765) * Raise UsernameExistsException from sign_up when user exists * Run formatter * Use pytest.raises * Fix test
2021-03-16 18:22:53 -04:00
# Add initial user
conn.sign_up(ClientId=client_id, Username=username, Password=password)
with pytest.raises(ClientError) as err:
# Attempt to add user again
conn.sign_up(ClientId=client_id, Username=username, Password=password)
err.value.response["Error"]["Code"].should.equal("UsernameExistsException")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
@mock_cognitoidp
def test_confirm_sign_up():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
conn.confirm_sign_up(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
ClientId=client_id, Username=username, ConfirmationCode="123456"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["UserStatus"].should.equal("CONFIRMED")
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_confirm_sign_up_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
conn.confirm_sign_up(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
ClientId=client_id, Username=username, ConfirmationCode="123456"
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["UserStatus"].should.equal("CONFIRMED")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
@mock_cognitoidp
def test_initiate_auth_USER_SRP_AUTH():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
client_secret = conn.describe_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientId=client_id
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)["UserPoolClient"]["ClientSecret"]
conn.confirm_sign_up(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
ClientId=client_id, Username=username, ConfirmationCode="123456"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
fix SALT and SRP_B params
2020-12-03 11:05:59 +01:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
"SECRET_HASH": secret_hash,
},
)
result["ChallengeName"].should.equal("PASSWORD_VERIFIER")
CognitoIdp fixes (#4518)
2022-03-10 15:38:43 +01:00
result["ChallengeParameters"]["USERNAME"].should.equal(username)
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
@mock_cognitoidp
def test_initiate_auth_USER_SRP_AUTH_with_username_attributes():
conn = boto3.client("cognito-idp", "us-west-2")
username = "test@example.com"
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
client_secret = conn.describe_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientId=client_id
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
)["UserPoolClient"]["ClientSecret"]
conn.confirm_sign_up(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
ClientId=client_id, Username=username, ConfirmationCode="123456"
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
)
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
result = conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
"SRP_A": uuid.uuid4().hex,
"SECRET_HASH": secret_hash,
},
)
result["ChallengeName"].should.equal("PASSWORD_VERIFIER")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
@mock_cognitoidp
def test_initiate_auth_REFRESH_TOKEN():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
result = conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="REFRESH_TOKEN",
AuthParameters={
"REFRESH_TOKEN": result["refresh_token"],
"SECRET_HASH": result["secret_hash"],
},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["AuthenticationResult"]["AccessToken"].should_not.equal(None)
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 10:19:54 +02:00
@mock_cognitoidp
def test_initiate_auth_USER_PASSWORD_AUTH():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
result = conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={"USERNAME": result["username"], "PASSWORD": result["password"]},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["AuthenticationResult"]["AccessToken"].should_not.equal(None)
result["AuthenticationResult"]["IdToken"].should_not.equal(None)
result["AuthenticationResult"]["RefreshToken"].should_not.equal(None)
CognitoIdp fixes (#4518)
2022-03-10 15:38:43 +01:00
result["AuthenticationResult"]["TokenType"].should.equal("Bearer")
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 10:19:54 +02:00
Restrict initiate_auth and admin_initiate_auth AuthFlow (#4836)
2022-02-07 23:55:51 +00:00
@mock_cognitoidp
def test_initiate_auth_invalid_auth_flow():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
user_authentication_flow(conn)
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="NO_SUCH_FLOW",
AuthParameters={
"USERNAME": result["username"],
"PASSWORD": result["password"],
},
)
err = ex.value.response["Error"]
err["Code"].should.equal("InvalidParameterException")
err["Message"].should.equal(
"1 validation error detected: Value 'NO_SUCH_FLOW' at 'authFlow' failed to satisfy constraint: "
"Member must satisfy enum value set: ['ADMIN_NO_SRP_AUTH', 'ADMIN_USER_PASSWORD_AUTH', 'USER_SRP_AUTH', "
"'REFRESH_TOKEN_AUTH', 'REFRESH_TOKEN', 'CUSTOM_AUTH', 'USER_PASSWORD_AUTH']"
)
@mock_cognitoidp
def test_initiate_auth_invalid_admin_auth_flow():
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
"""Pass an admin auth_flow to the regular initiate_auth"""
Restrict initiate_auth and admin_initiate_auth AuthFlow (#4836)
2022-02-07 23:55:51 +00:00
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
user_authentication_flow(conn)
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="ADMIN_USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": result["username"],
"PASSWORD": result["password"],
},
)
err = ex.value.response["Error"]
err["Code"].should.equal("InvalidParameterException")
err["Message"].should.equal("Initiate Auth method not supported")
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 21:34:05 +01:00
@mock_cognitoidp
def test_initiate_auth_USER_PASSWORD_AUTH_with_FORCE_CHANGE_PASSWORD_status():
# Test flow:
# 1. Create user with FORCE_CHANGE_PASSWORD status
# 2. Login with temporary password
# 3. Check that the right challenge is received
# 4. Respond to challenge with new password
# 5. Check that the access tokens are received
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
# Create pool and client
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = client.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 21:34:05 +01:00
)["UserPoolClient"]["ClientId"]
# Create user in status FORCE_CHANGE_PASSWORD
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
temporary_password = "P2$Sword"
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 21:34:05 +01:00
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=temporary_password
)
result = client.initiate_auth(
ClientId=client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
result["ChallengeName"].should.equal("NEW_PASSWORD_REQUIRED")
result["ChallengeParameters"]["USERNAME"].should.equal(username)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["Session"].should_not.equal("")
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 21:34:05 +01:00
assert result.get("AuthenticationResult") is None
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
new_password = "P2$Sword2"
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 21:34:05 +01:00
result = client.respond_to_auth_challenge(
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
Session=result["Session"],
ChallengeResponses={
"NEW_PASSWORD": new_password,
"USERNAME": result["ChallengeParameters"]["USERNAME"],
},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
result["AuthenticationResult"]["IdToken"].should_not.equal("")
result["AuthenticationResult"]["AccessToken"].should_not.equal("")
Enhancement/cognitoidp add force change password challenge flow (#4740)
2022-01-06 21:34:05 +01:00
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 10:19:54 +02:00
@mock_cognitoidp
def test_initiate_auth_USER_PASSWORD_AUTH_user_not_found():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={"USERNAME": "INVALIDUSER", "PASSWORD": result["password"]},
)
err = ex.value.response["Error"]
err["Code"].should.equal("UserNotFoundException")
@mock_cognitoidp
def test_initiate_auth_USER_PASSWORD_AUTH_user_incorrect_password():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={
"USERNAME": result["username"],
"PASSWORD": "NotAuthorizedException",
},
)
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
@mock_cognitoidp
def test_initiate_auth_USER_PASSWORD_AUTH_unconfirmed_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 10:19:54 +02:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
Add support for USER_PASSWORD_AUTH auth method (cognito-idp) (#4164) Co-authored-by: Bartosz Sledz <bartosz.sledz@hitachivantara.com>
2021-08-12 10:19:54 +02:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
with pytest.raises(ClientError) as ex:
conn.initiate_auth(
ClientId=client_id,
AuthFlow="USER_PASSWORD_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": password},
)
err = ex.value.response["Error"]
err["Code"].should.equal("UserNotConfirmedException")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
@mock_cognitoidp
def test_initiate_auth_for_unconfirmed_user():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
client_secret = conn.describe_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientId=client_id
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)["UserPoolClient"]["ClientSecret"]
key = bytes(str(client_secret).encode("latin-1"))
msg = bytes(str(username + client_id).encode("latin-1"))
new_digest = hmac.new(key, msg, hashlib.sha256).digest()
secret_hash = base64.b64encode(new_digest).decode()
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
conn.initiate_auth(
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
fix SALT and SRP_B params
2020-12-03 11:05:59 +01:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
"SECRET_HASH": secret_hash,
},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
err["Code"].should.equal("UserNotConfirmedException")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
@mock_cognitoidp
def test_initiate_auth_with_invalid_secret_hash():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$Sword"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = conn.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)["UserPoolClient"]["ClientId"]
conn.sign_up(ClientId=client_id, Username=username, Password=password)
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
conn.describe_user_pool_client(UserPoolId=user_pool_id, ClientId=client_id)
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
conn.confirm_sign_up(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
ClientId=client_id, Username=username, ConfirmationCode="123456"
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
)
invalid_secret_hash = str(uuid.uuid4())
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Techdebt: Enable pylint rules (#4432)
2021-10-18 19:44:29 +00:00
conn.initiate_auth(
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
ClientId=client_id,
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": username,
fix SALT and SRP_B params
2020-12-03 11:05:59 +01:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
"SECRET_HASH": invalid_secret_hash,
},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
@mock_cognitoidp
def test_setting_mfa():
conn = boto3.client("cognito-idp", "us-west-2")
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
result = authentication_flow(conn, auth_flow)
conn.associate_software_token(AccessToken=result["access_token"])
conn.verify_software_token(
AccessToken=result["access_token"], UserCode="123456"
)
conn.set_user_mfa_preference(
AccessToken=result["access_token"],
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True},
)
result = conn.admin_get_user(
UserPoolId=result["user_pool_id"], Username=result["username"]
)
result["UserMFASettingList"].should.have.length_of(1)
Add implementation for cognitoidp admin_set_user_mfa_preference (#4884)
2022-02-24 17:52:45 -06:00
result["PreferredMfaSetting"].should.equal("SOFTWARE_TOKEN_MFA")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
@mock_cognitoidp
def test_setting_mfa_when_token_not_verified():
conn = boto3.client("cognito-idp", "us-west-2")
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
for auth_flow in ["ADMIN_NO_SRP_AUTH", "ADMIN_USER_PASSWORD_AUTH"]:
result = authentication_flow(conn, auth_flow)
conn.associate_software_token(AccessToken=result["access_token"])
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
Support cognito admin user password auth flow (#3547) Applies the user credentials pattern from the ADMIN_NO_SRP_AUTH flow to the ADMIN_USER_PASSWORD_AUTH auth flow for Cognito admin_initiate_auth requests. Co-authored-by: Robin Wilkins <r.wilkins@waracle.com>
2020-12-15 07:48:52 +00:00
conn.set_user_mfa_preference(
AccessToken=result["access_token"],
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
err["Code"].should.equal("InvalidParameterException")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
Add implementation for cognitoidp admin_set_user_mfa_preference (#4884)
2022-02-24 17:52:45 -06:00
@mock_cognitoidp
def test_admin_setting_mfa():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
username = "test@example.com"
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
conn.admin_set_user_mfa_preference(
Username=username,
UserPoolId=user_pool_id,
SMSMfaSettings={"Enabled": True, "PreferredMfa": True},
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["UserMFASettingList"].should.have.length_of(1)
result["PreferredMfaSetting"].should.equal("SMS_MFA")
@mock_cognitoidp
def test_admin_setting_mfa_when_token_not_verified():
conn = boto3.client("cognito-idp", "us-west-2")
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()), UsernameAttributes=["email"]
)["UserPool"]["Id"]
username = "test@example.com"
conn.admin_create_user(UserPoolId=user_pool_id, Username=username)
with pytest.raises(conn.exceptions.InvalidParameterException):
conn.admin_set_user_mfa_preference(
Username=username,
UserPoolId=user_pool_id,
SoftwareTokenMfaSettings={"Enabled": True, "PreferredMfa": True},
)
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
@mock_cognitoidp
def test_respond_to_auth_challenge_with_invalid_secret_hash():
conn = boto3.client("cognito-idp", "us-west-2")
result = user_authentication_flow(conn)
valid_secret_hash = result["secret_hash"]
invalid_secret_hash = str(uuid.uuid4())
challenge = conn.initiate_auth(
ClientId=result["client_id"],
AuthFlow="USER_SRP_AUTH",
AuthParameters={
"USERNAME": result["username"],
fix SALT and SRP_B params
2020-12-03 11:05:59 +01:00
"SRP_A": uuid.uuid4().hex,
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
"SECRET_HASH": valid_secret_hash,
},
)
challenge = conn.respond_to_auth_challenge(
ClientId=result["client_id"],
ChallengeName=challenge["ChallengeName"],
ChallengeResponses={
"PASSWORD_CLAIM_SIGNATURE": str(uuid.uuid4()),
"PASSWORD_CLAIM_SECRET_BLOCK": challenge["Session"],
"TIMESTAMP": str(uuid.uuid4()),
"USERNAME": result["username"],
},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
with pytest.raises(ClientError) as exc:
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
conn.respond_to_auth_challenge(
ClientId=result["client_id"],
Session=challenge["Session"],
ChallengeName=challenge["ChallengeName"],
ChallengeResponses={
"SOFTWARE_TOKEN_MFA_CODE": "123456",
"USERNAME": result["username"],
"SECRET_HASH": invalid_secret_hash,
},
)
Admin - enable more Pylint rules (#5037)
2022-04-18 20:44:56 +00:00
err = exc.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge (#3260) * added cognito-idp initiate_auth and PASSWORD_VERIFIER challenge to respond_to_auth_challenge * fixed for python2 * added mfa, REFRESH_TOKEN to initiate_auth, SOFTWARE_TOKEN_MFA to respond_to_auth_challenge * added negative tests * test
2020-09-01 10:20:31 +02:00
added cognito idp function admin_set_user_password to the code (#3328) * added cognito idp function to the code * fixed linting issues
2020-09-21 23:10:07 +05:30
@mock_cognitoidp
def test_admin_set_user_password():
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
password = "P2$$word"
added cognito idp function admin_set_user_password to the code (#3328) * added cognito idp function to the code * fixed linting issues
2020-09-21 23:10:07 +05:30
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
conn.admin_set_user_password(
UserPoolId=user_pool_id, Username=username, Password=password, Permanent=True
)
result = conn.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["Username"].should.equal(username)
Userpool UsernameAttributes (#4262)
2021-10-20 07:56:45 -04:00
result["UserAttributes"].should.have.length_of(2)
fix: cognito-idp: admin_create_user remove default attributes (#4070) * 4069: fix: cognito-idp: admin_create_user remove default attributes
2021-07-14 15:35:09 +01:00
def _verify_attribute(name, v):
attr = [a for a in result["UserAttributes"] if a["Name"] == name]
attr.should.have.length_of(1)
attr[0]["Value"].should.equal(v)
_verify_attribute("thing", value)
added cognito idp function admin_set_user_password to the code (#3328) * added cognito idp function to the code * fixed linting issues
2020-09-21 23:10:07 +05:30
CognitoIDP - Validate password using policy (#5768)
2022-12-14 08:39:50 -01:00
@mock_cognitoidp
@pytest.mark.parametrize("password", ["pa$$word", "Password", "p2ssword", "P2$S"])
def test_admin_set_invalid_user_password(password):
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
with pytest.raises(ClientError) as exc:
conn.admin_set_user_password(
UserPoolId=user_pool_id,
Username=username,
Password=password,
Permanent=True,
)
err = exc.value.response["Error"]
err["Code"].should.equal("InvalidPasswordException")
@mock_cognitoidp
@pytest.mark.parametrize("password", ["password", "P2$$word"])
def test_admin_set_invalid_user_password__custom_policy_provided(password):
conn = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
value = str(uuid.uuid4())
user_pool_id = conn.create_user_pool(
PoolName=str(uuid.uuid4()),
Policies={
"PasswordPolicy": {
"MinimumLength": 12,
"RequireUppercase": False,
"RequireLowercase": False,
"RequireNumbers": False,
"RequireSymbols": False,
}
},
)["UserPool"]["Id"]
conn.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "thing", "Value": value}],
)
with pytest.raises(ClientError) as exc:
conn.admin_set_user_password(
UserPoolId=user_pool_id,
Username=username,
Password=password,
Permanent=True,
)
err = exc.value.response["Error"]
err["Code"].should.equal("InvalidPasswordException")
# We can set a plain password, as long as it's 12 characters long
conn.admin_set_user_password(
UserPoolId=user_pool_id,
Username=username,
Password="longpassword",
Permanent=True,
)
Fix: Python 2/3 Incompatibility (#3488) Previous code would raise `TypeError: 'dict_keys' object is not subscriptable` when run under Python 3. * Re-write code in Python 2/3 compatible way. * Add clarifying comment. * Add test coverage. Supersedes #3227
2020-11-21 05:36:33 -08:00
@mock_cognitoidp
def test_change_password_with_invalid_token_raises_error():
client = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
client.change_password(
AccessToken=str(uuid.uuid4()),
PreviousPassword="previous_password",
ProposedPassword="newer_password",
)
ex.value.response["Error"]["Code"].should.equal("NotAuthorizedException")
@mock_cognitoidp
def test_confirm_forgot_password_with_non_existent_client_id_raises_error():
client = boto3.client("cognito-idp", "us-west-2")
with pytest.raises(ClientError) as ex:
client.confirm_forgot_password(
ClientId="non-existent-client-id",
Username="not-existent-username",
ConfirmationCode=str(uuid.uuid4()),
Password=str(uuid.uuid4()),
)
ex.value.response["Error"]["Code"].should.equal("ResourceNotFoundException")
Added admin_reset_user_password implementation (#4412)
2021-10-14 12:12:08 +02:00
@mock_cognitoidp
def test_admin_reset_password_and_change_password():
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
temporary_pass = str(uuid.uuid4())
# Create pool and client
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = client.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
Added admin_reset_user_password implementation (#4412)
2021-10-14 12:12:08 +02:00
)["UserPoolClient"]["ClientId"]
# Create CONFIRMED user with verified email
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=temporary_pass
)
client.confirm_sign_up(
ClientId=client_id, Username=username, ConfirmationCode="123456"
)
client.admin_update_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "email_verified", "Value": "true"}],
)
# User should be in RESET_REQUIRED state after reset
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
result = client.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["UserStatus"].should.equal("RESET_REQUIRED")
# Return to CONFIRMED status after NEW_PASSWORD_REQUIRED auth challenge
auth_result = client.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_pass},
)
password = "Admin123!"
auth_result = client.respond_to_auth_challenge(
Session=auth_result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": password},
)
result = client.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["UserStatus"].should.equal("CONFIRMED")
# Return to CONFIRMED after user-initated password change
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
client.change_password(
AccessToken=auth_result["AuthenticationResult"]["AccessToken"],
PreviousPassword=password,
ProposedPassword="Admin1234!",
)
result = client.admin_get_user(UserPoolId=user_pool_id, Username=username)
result["UserStatus"].should.equal("CONFIRMED")
AdminInitiateAuth - return correct AccessToken for Refresh-scenario (#5109)
2022-05-09 08:41:29 +00:00
@mock_cognitoidp
def test_admin_initiate_auth__use_access_token():
client = boto3.client("cognito-idp", "us-west-2")
un = str(uuid.uuid4())
pw = str(uuid.uuid4())
# Create pool and client
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = client.create_user_pool_client(
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
)["UserPoolClient"]["ClientId"]
client.admin_create_user(UserPoolId=user_pool_id, Username=un, TemporaryPassword=pw)
client.confirm_sign_up(ClientId=client_id, Username=un, ConfirmationCode="123456")
# Initiate once, to get a refresh token
auth_result = client.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": un, "PASSWORD": pw},
)
refresh_token = auth_result["AuthenticationResult"]["RefreshToken"]
# Initiate Auth using a Refresh Token
auth_result = client.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="REFRESH_TOKEN",
AuthParameters={"REFRESH_TOKEN": refresh_token},
)
access_token = auth_result["AuthenticationResult"]["AccessToken"]
# Verify the AccessToken of this authentication works
client.global_sign_out(AccessToken=access_token)
Added admin_reset_user_password implementation (#4412)
2021-10-14 12:12:08 +02:00
@mock_cognitoidp
def test_admin_reset_password_disabled_user():
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
# Create pool
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Create disabled user
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
client.admin_disable_user(UserPoolId=user_pool_id, Username=username)
with pytest.raises(ClientError) as ex:
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
err["Message"].should.equal("User is disabled")
@mock_cognitoidp
def test_admin_reset_password_unconfirmed_user():
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
# Create pool
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
# Create user in status FORCE_CHANGE_PASSWORD
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
with pytest.raises(ClientError) as ex:
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
err = ex.value.response["Error"]
err["Code"].should.equal("NotAuthorizedException")
err["Message"].should.equal("User password cannot be reset in the current state.")
@mock_cognitoidp
def test_admin_reset_password_no_verified_notification_channel():
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
# Create pool and client
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = client.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
Added admin_reset_user_password implementation (#4412)
2021-10-14 12:12:08 +02:00
)["UserPoolClient"]["ClientId"]
# Create CONFIRMED user without verified email or phone
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
client.confirm_sign_up(
ClientId=client_id, Username=username, ConfirmationCode="123456"
)
with pytest.raises(ClientError) as ex:
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
err = ex.value.response["Error"]
err["Code"].should.equal("InvalidParameterException")
err["Message"].should.equal(
"Cannot reset password for the user as there is no registered/verified email or phone_number"
)
@mock_cognitoidp
def test_admin_reset_password_multiple_invocations():
client = boto3.client("cognito-idp", "us-west-2")
username = str(uuid.uuid4())
# Create pool and client
user_pool_id = client.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
client_id = client.create_user_pool_client(
Update Black + formatting (#4926)
2022-03-10 13:39:59 -01:00
UserPoolId=user_pool_id, ClientName=str(uuid.uuid4()), GenerateSecret=True
Added admin_reset_user_password implementation (#4412)
2021-10-14 12:12:08 +02:00
)["UserPoolClient"]["ClientId"]
# Create CONFIRMED user with verified email
client.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=str(uuid.uuid4())
)
client.confirm_sign_up(
ClientId=client_id, Username=username, ConfirmationCode="123456"
)
client.admin_update_user_attributes(
UserPoolId=user_pool_id,
Username=username,
UserAttributes=[{"Name": "email_verified", "Value": "true"}],
)
for _ in range(3):
try:
client.admin_reset_user_password(UserPoolId=user_pool_id, Username=username)
user = client.admin_get_user(UserPoolId=user_pool_id, Username=username)
user["UserStatus"].should.equal("RESET_REQUIRED")
except ClientError:
pytest.fail("Shouldn't throw error on consecutive invocations")
Cognito - Dont run test in ServerMode
2020-06-20 12:48:10 +01:00
# Test will retrieve public key from cognito.amazonaws.com/.well-known/jwks.json,
# which isnt mocked in ServerMode
if not settings.TEST_SERVER_MODE:
CognitoIDP - Return KID in headers of ID token
2020-06-20 10:43:02 +01:00
Cognito - Dont run test in ServerMode
2020-06-20 12:48:10 +01:00
@mock_cognitoidp
def test_idtoken_contains_kid_header():
Admin: Update Docs to point to getmoto (#5826)
2023-01-07 11:35:14 +00:00
# https://github.com/getmoto/moto/issues/3078
Cognito - Dont run test in ServerMode
2020-06-20 12:48:10 +01:00
# Setup
cognito = boto3.client("cognito-idp", "us-west-2")
user_pool_id = cognito.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"][
"Id"
]
client = cognito.create_user_pool_client(
UserPoolId=user_pool_id,
ExplicitAuthFlows=[
"ALLOW_ADMIN_USER_PASSWORD_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH",
"ALLOW_ADMIN_NO_SRP_AUTH",
],
AllowedOAuthFlows=["code", "implicit"],
ClientName=str(uuid.uuid4()),
CallbackURLs=["https://example.com"],
)
client_id = client["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
temporary_password = "1TemporaryP@ssword"
cognito.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
)
result = cognito.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
# A newly created user is forced to set a new password
# This sets a new password and logs the user in (creates tokens)
password = "1F@kePassword"
result = cognito.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": password},
)
#
id_token = result["AuthenticationResult"]["IdToken"]
CognitoIDP - Return KID in headers of ID token
2020-06-20 10:43:02 +01:00
Cognito - Dont run test in ServerMode
2020-06-20 12:48:10 +01:00
# Verify the KID header is present in the token, and corresponds to the KID supplied by the public JWT
verify_kid_header(id_token)
CognitoIDP - Return KID in headers of ID token
2020-06-20 10:43:02 +01:00
def verify_kid_header(token):
"""Verifies the kid-header is corresponds with the public key"""
headers = jwt.get_unverified_headers(token)
kid = headers["kid"]
key_index = -1
keys = fetch_public_keys()
for i in range(len(keys)):
if kid == keys[i]["kid"]:
key_index = i
break
if key_index == -1:
raise Exception("Public key (kid) not found in jwks.json")
def fetch_public_keys():
Techdebt: Replace string-format with f-strings (for tests dirs) (#5678)
2022-11-17 21:41:08 -01:00
keys_url = "https://cognito-idp.us-west-2.amazonaws.com/someuserpoolid/.well-known/jwks.json"
Simplify Cognito test - auto decode JSON
2020-06-20 11:05:06 +01:00
response = requests.get(keys_url).json()
return response["keys"]
Reference in New Issue Copy Permalink