Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CognitoIDP - allow respond_to_auth_challenge without Auth-header (#5133)

Browse Source
This commit is contained in:
Bert Blommers 2022-05-13 19:45:05 +00:00 committed by GitHub
parent 32b662c896
commit 0e3ac26068
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 96 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
moto/cognitoidp/models.py
View File

@ -1834,6 +1834,14 @@ class GlobalCognitoIdpBackend(CognitoIdpBackend):
backend = self._find_backend_by_access_token(access_token) backend = self._find_backend_by_access_token(access_token)
return backend.get_user(access_token) return backend.get_user(access_token)
def respond_to_auth_challenge(
self, session, client_id, challenge_name, challenge_responses
):
backend = self._find_backend_for_clientid(client_id)
return backend.respond_to_auth_challenge(
session, client_id, challenge_name, challenge_responses
)
cognitoidp_backends = BackendDict(CognitoIdpBackend, "cognito-idp") cognitoidp_backends = BackendDict(CognitoIdpBackend, "cognito-idp")
cognitoidp_backends["global"] = GlobalCognitoIdpBackend("global") cognitoidp_backends["global"] = GlobalCognitoIdpBackend("global")

2
moto/cognitoidp/responses.py
View File

@ -444,7 +444,7 @@ class CognitoIdpResponse(BaseResponse):
client_id = self._get_param("ClientId") client_id = self._get_param("ClientId")
challenge_name = self._get_param("ChallengeName") challenge_name = self._get_param("ChallengeName")
challenge_responses = self._get_param("ChallengeResponses") challenge_responses = self._get_param("ChallengeResponses")
auth_result = cognitoidp_backends[self.region].respond_to_auth_challenge( auth_result = cognitoidp_backends["global"].respond_to_auth_challenge(
session, client_id, challenge_name, challenge_responses session, client_id, challenge_name, challenge_responses
) )

88
tests/test_cognitoidp/test_server.py
View File

@ -2,7 +2,7 @@ import json
import moto.server as server import moto.server as server
def test_sign_up_method_without_authentication(): def test_sign_up_user_without_authentication():
backend = server.create_backend_app("cognito-idp") backend = server.create_backend_app("cognito-idp")
test_client = backend.test_client() test_client = backend.test_client()
@ -94,3 +94,89 @@ def test_sign_up_method_without_authentication():
data.should.have.key("UserPoolId").equals(user_pool_id) data.should.have.key("UserPoolId").equals(user_pool_id)
data.should.have.key("Username").equals("test@gmail.com") data.should.have.key("Username").equals("test@gmail.com")
data.should.have.key("UserStatus").equals("CONFIRMED") data.should.have.key("UserStatus").equals("CONFIRMED")
def test_admin_create_user_without_authentication():
backend = server.create_backend_app("cognito-idp")
test_client = backend.test_client()
# Create User Pool
res = test_client.post(
"/",
data='{"PoolName": "test-pool"}',
headers={
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPool",
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
},
)
user_pool_id = json.loads(res.data)["UserPool"]["Id"]
# Create User Pool Client
data = {
"UserPoolId": user_pool_id,
"ClientName": "some-client",
"GenerateSecret": False,
"ExplicitAuthFlows": ["ALLOW_USER_PASSWORD_AUTH"],
}
res = test_client.post(
"/",
data=json.dumps(data),
headers={
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPoolClient",
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
},
)
client_id = json.loads(res.data)["UserPoolClient"]["ClientId"]
# Admin Create User
data = {
"UserPoolId": user_pool_id,
"Username": "test@gmail.com",
"TemporaryPassword": "12345678",
}
res = test_client.post(
"/",
data=json.dumps(data),
headers={
"X-Amz-Target": "AWSCognitoIdentityProviderService.AdminCreateUser",
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
},
)
res.status_code.should.equal(200)
# Initiate Auth
data = {
"ClientId": client_id,
"AuthFlow": "USER_PASSWORD_AUTH",
"AuthParameters": {"USERNAME": "test@gmail.com", "PASSWORD": "12345678"},
}
res = test_client.post(
"/",
data=json.dumps(data),
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth"},
)
session = json.loads(res.data)["Session"]
# Respond to Auth Challenge
data = {
"ClientId": client_id,
"ChallengeName": "NEW_PASSWORD_REQUIRED",
"ChallengeResponses": {
"USERNAME": "test@gmail.com",
"NEW_PASSWORD": "abcdefgh",
},
"Session": session,
}
res = test_client.post(
"/",
data=json.dumps(data),
headers={
"X-Amz-Target": "AWSCognitoIdentityProviderService.RespondToAuthChallenge"
},
)
res.status_code.should.equal(200)
response = json.loads(res.data)
response.should.have.key("AuthenticationResult")
response["AuthenticationResult"].should.have.key("IdToken")
response["AuthenticationResult"].should.have.key("AccessToken")