2022-04-06 22:21:14 +00:00
|
|
|
import json
|
|
|
|
|
import moto.server as server
|
|
|
|
|
|
|
|
|
|
|
2022-05-13 19:45:05 +00:00
|
|
|
def test_sign_up_user_without_authentication():
|
2022-04-06 22:21:14 +00:00
|
|
|
backend = server.create_backend_app("cognito-idp")
|
|
|
|
|
test_client = backend.test_client()
|
|
|
|
|
|
|
|
|
|
# Create User Pool
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data='{"PoolName": "test-pool"}',
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPool",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
user_pool_id = json.loads(res.data)["UserPool"]["Id"]
|
|
|
|
|
|
|
|
|
|
# Create User Pool Client
|
|
|
|
|
data = {
|
|
|
|
|
"UserPoolId": user_pool_id,
|
|
|
|
|
"ClientName": "some-client",
|
|
|
|
|
"GenerateSecret": False,
|
|
|
|
|
"ExplicitAuthFlows": ["ALLOW_USER_PASSWORD_AUTH"],
|
|
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPoolClient",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
client_id = json.loads(res.data)["UserPoolClient"]["ClientId"]
|
|
|
|
|
|
|
|
|
|
# List User Pool Clients, to verify it exists
|
|
|
|
|
data = {"UserPoolId": user_pool_id}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.ListUserPoolClients",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
2023-07-08 20:37:50 +00:00
|
|
|
assert len(json.loads(res.data)["UserPoolClients"]) == 1
|
2022-04-06 22:21:14 +00:00
|
|
|
|
|
|
|
|
# Sign Up User
|
2022-12-14 09:39:50 +00:00
|
|
|
data = {"ClientId": client_id, "Username": "test@gmail.com", "Password": "P2$Sword"}
|
2022-04-06 22:21:14 +00:00
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.SignUp"},
|
|
|
|
|
)
|
2023-07-08 20:37:50 +00:00
|
|
|
assert res.status_code == 200
|
|
|
|
|
assert json.loads(res.data)["UserConfirmed"] is False
|
2022-05-05 22:34:37 +00:00
|
|
|
|
|
|
|
|
# Confirm Sign Up User
|
|
|
|
|
data = {
|
|
|
|
|
"ClientId": client_id,
|
|
|
|
|
"Username": "test@gmail.com",
|
|
|
|
|
"ConfirmationCode": "sth",
|
|
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.ConfirmSignUp"},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
# Initiate Auth
|
|
|
|
|
data = {
|
|
|
|
|
"ClientId": client_id,
|
|
|
|
|
"AuthFlow": "USER_PASSWORD_AUTH",
|
2022-12-14 09:39:50 +00:00
|
|
|
"AuthParameters": {"USERNAME": "test@gmail.com", "PASSWORD": "P2$Sword"},
|
2022-05-05 22:34:37 +00:00
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth"},
|
|
|
|
|
)
|
2023-07-08 20:37:50 +00:00
|
|
|
assert res.status_code == 200
|
2022-05-05 22:34:37 +00:00
|
|
|
access_token = json.loads(res.data)["AuthenticationResult"]["AccessToken"]
|
|
|
|
|
|
|
|
|
|
# Get User
|
|
|
|
|
data = {"AccessToken": access_token}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.GetUser"},
|
|
|
|
|
)
|
2023-07-08 20:37:50 +00:00
|
|
|
assert res.status_code == 200
|
2022-05-05 22:34:37 +00:00
|
|
|
data = json.loads(res.data)
|
2023-07-08 20:37:50 +00:00
|
|
|
assert data["UserPoolId"] == user_pool_id
|
|
|
|
|
assert data["Username"] == "test@gmail.com"
|
|
|
|
|
assert data["UserStatus"] == "CONFIRMED"
|
2022-05-13 19:45:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_admin_create_user_without_authentication():
|
|
|
|
|
backend = server.create_backend_app("cognito-idp")
|
|
|
|
|
test_client = backend.test_client()
|
|
|
|
|
|
|
|
|
|
# Create User Pool
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data='{"PoolName": "test-pool"}',
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPool",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
user_pool_id = json.loads(res.data)["UserPool"]["Id"]
|
|
|
|
|
|
|
|
|
|
# Create User Pool Client
|
|
|
|
|
data = {
|
|
|
|
|
"UserPoolId": user_pool_id,
|
|
|
|
|
"ClientName": "some-client",
|
|
|
|
|
"GenerateSecret": False,
|
|
|
|
|
"ExplicitAuthFlows": ["ALLOW_USER_PASSWORD_AUTH"],
|
|
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPoolClient",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
client_id = json.loads(res.data)["UserPoolClient"]["ClientId"]
|
|
|
|
|
|
|
|
|
|
# Admin Create User
|
|
|
|
|
data = {
|
|
|
|
|
"UserPoolId": user_pool_id,
|
|
|
|
|
"Username": "test@gmail.com",
|
2023-04-05 16:15:30 +00:00
|
|
|
"TemporaryPassword": "A!1a12345678",
|
2022-05-13 19:45:05 +00:00
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.AdminCreateUser",
|
|
|
|
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
|
|
|
|
},
|
|
|
|
|
)
|
2023-07-08 20:37:50 +00:00
|
|
|
assert res.status_code == 200
|
2022-05-13 19:45:05 +00:00
|
|
|
|
|
|
|
|
# Initiate Auth
|
|
|
|
|
data = {
|
|
|
|
|
"ClientId": client_id,
|
|
|
|
|
"AuthFlow": "USER_PASSWORD_AUTH",
|
2023-04-05 16:15:30 +00:00
|
|
|
"AuthParameters": {"USERNAME": "test@gmail.com", "PASSWORD": "A!1a12345678"},
|
2022-05-13 19:45:05 +00:00
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth"},
|
|
|
|
|
)
|
|
|
|
|
session = json.loads(res.data)["Session"]
|
|
|
|
|
|
|
|
|
|
# Respond to Auth Challenge
|
|
|
|
|
data = {
|
|
|
|
|
"ClientId": client_id,
|
|
|
|
|
"ChallengeName": "NEW_PASSWORD_REQUIRED",
|
|
|
|
|
"ChallengeResponses": {
|
|
|
|
|
"USERNAME": "test@gmail.com",
|
2023-04-05 16:15:30 +00:00
|
|
|
"NEW_PASSWORD": "A!1aabcdefgh",
|
2022-05-13 19:45:05 +00:00
|
|
|
},
|
|
|
|
|
"Session": session,
|
|
|
|
|
}
|
|
|
|
|
res = test_client.post(
|
|
|
|
|
"/",
|
|
|
|
|
data=json.dumps(data),
|
|
|
|
|
headers={
|
|
|
|
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.RespondToAuthChallenge"
|
|
|
|
|
},
|
|
|
|
|
)
|
2023-07-08 20:37:50 +00:00
|
|
|
assert res.status_code == 200
|
2022-05-13 19:45:05 +00:00
|
|
|
response = json.loads(res.data)
|
|
|
|
|
|
2023-07-08 20:37:50 +00:00
|
|
|
assert "AuthenticationResult" in response
|
|
|
|
|
assert "IdToken" in response["AuthenticationResult"]
|
|
|
|
|
assert "AccessToken" in response["AuthenticationResult"]
|
