2022-04-06 22:21:14 +00:00
|
|
|
import json
|
|
|
|
|
import moto.server as server
|
|
|
|
|
|
|
|
|
|
|
2022-05-13 19:45:05 +00:00
|
|
|
def test_sign_up_user_without_authentication():
|
2022-04-06 22:21:14 +00:00
|
|
|
backend = server.create_backend_app("cognito-idp")
|
|
|
|
|
test_client = backend.test_client()
|
|
|
|
|
|
|
|
|
|
# Create User Pool
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data='{"PoolName": "test-pool"}',
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPool",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
user_pool_id = json.loads(res.data)["UserPool"]["Id"]
|
|
|
|
|
|
|
|
|
|
# Create User Pool Client
|
|
|
|
|
data = {
|
|
|
|
|
"UserPoolId": user_pool_id,
|
|
|
|
|
"ClientName": "some-client",
|
|
|
|
|
"GenerateSecret": False,
|
|
|
|
|
"ExplicitAuthFlows": ["ALLOW_USER_PASSWORD_AUTH"],
|
|
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPoolClient",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
client_id = json.loads(res.data)["UserPoolClient"]["ClientId"]
|
|
|
|
|
|
|
|
|
|
# List User Pool Clients, to verify it exists
|
|
|
|
|
data = {"UserPoolId": user_pool_id}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.ListUserPoolClients",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
json.loads(res.data)["UserPoolClients"].should.have.length_of(1)
|
|
|
|
|
|
|
|
|
|
# Sign Up User
|
2022-12-14 08:39:50 -01:00
|
|
|
data = {"ClientId": client_id, "Username": "test@gmail.com", "Password": "P2$Sword"}
|
2022-04-06 22:21:14 +00:00
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.SignUp"},
|
|
|
|
|
)
|
|
|
|
|
res.status_code.should.equal(200)
|
|
|
|
|
json.loads(res.data).should.have.key("UserConfirmed").equals(False)
|
2022-05-05 22:34:37 +00:00
|
|
|
|
|
|
|
|
# Confirm Sign Up User
|
|
|
|
|
data = {
|
|
|
|
|
"ClientId": client_id,
|
|
|
|
|
"Username": "test@gmail.com",
|
|
|
|
|
"ConfirmationCode": "sth",
|
|
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.ConfirmSignUp"},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Initiate Auth
|
|
|
|
|
data = {
|
|
|
|
|
"ClientId": client_id,
|
|
|
|
|
"AuthFlow": "USER_PASSWORD_AUTH",
|
2022-12-14 08:39:50 -01:00
|
|
|
"AuthParameters": {"USERNAME": "test@gmail.com", "PASSWORD": "P2$Sword"},
|
2022-05-05 22:34:37 +00:00
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth"},
|
|
|
|
|
)
|
|
|
|
|
res.status_code.should.equal(200)
|
|
|
|
|
access_token = json.loads(res.data)["AuthenticationResult"]["AccessToken"]
|
|
|
|
|
|
|
|
|
|
# Get User
|
|
|
|
|
data = {"AccessToken": access_token}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.GetUser"},
|
|
|
|
|
)
|
|
|
|
|
res.status_code.should.equal(200)
|
|
|
|
|
data = json.loads(res.data)
|
|
|
|
|
data.should.have.key("UserPoolId").equals(user_pool_id)
|
|
|
|
|
data.should.have.key("Username").equals("test@gmail.com")
|
|
|
|
|
data.should.have.key("UserStatus").equals("CONFIRMED")
|
2022-05-13 19:45:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_admin_create_user_without_authentication():
|
|
|
|
|
backend = server.create_backend_app("cognito-idp")
|
|
|
|
|
test_client = backend.test_client()
|
|
|
|
|
|
|
|
|
|
# Create User Pool
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data='{"PoolName": "test-pool"}',
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPool",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
user_pool_id = json.loads(res.data)["UserPool"]["Id"]
|
|
|
|
|
|
|
|
|
|
# Create User Pool Client
|
|
|
|
|
data = {
|
|
|
|
|
"UserPoolId": user_pool_id,
|
|
|
|
|
"ClientName": "some-client",
|
|
|
|
|
"GenerateSecret": False,
|
|
|
|
|
"ExplicitAuthFlows": ["ALLOW_USER_PASSWORD_AUTH"],
|
|
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPoolClient",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
client_id = json.loads(res.data)["UserPoolClient"]["ClientId"]
|
|
|
|
|
|
|
|
|
|
# Admin Create User
|
|
|
|
|
data = {
|
|
|
|
|
"UserPoolId": user_pool_id,
|
|
|
|
|
"Username": "test@gmail.com",
|
|
|
|
|
"TemporaryPassword": "12345678",
|
|
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.AdminCreateUser",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
res.status_code.should.equal(200)
|
|
|
|
|
|
|
|
|
|
# Initiate Auth
|
|
|
|
|
data = {
|
|
|
|
|
"ClientId": client_id,
|
|
|
|
|
"AuthFlow": "USER_PASSWORD_AUTH",
|
|
|
|
|
"AuthParameters": {"USERNAME": "test@gmail.com", "PASSWORD": "12345678"},
|
|
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth"},
|
|
|
|
|
)
|
|
|
|
|
session = json.loads(res.data)["Session"]
|
|
|
|
|
|
|
|
|
|
# Respond to Auth Challenge
|
|
|
|
|
data = {
|
|
|
|
|
"ClientId": client_id,
|
|
|
|
|
"ChallengeName": "NEW_PASSWORD_REQUIRED",
|
|
|
|
|
"ChallengeResponses": {
|
|
|
|
|
"USERNAME": "test@gmail.com",
|
|
|
|
|
"NEW_PASSWORD": "abcdefgh",
|
|
|
|
|
},
|
|
|
|
|
"Session": session,
|
|
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.RespondToAuthChallenge"
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
res.status_code.should.equal(200)
|
|
|
|
|
response = json.loads(res.data)
|
|
|
|
|
|
|
|
|
|
response.should.have.key("AuthenticationResult")
|
|
|
|
|
response["AuthenticationResult"].should.have.key("IdToken")
|
|
|
|
|
response["AuthenticationResult"].should.have.key("AccessToken")
|
