fix #3133 Cognito Identity Provider : create_user_pool_client GenerateSecret=True doesn't work (#3135)

* fix #3133 Cognito Identity Provider : create_user_pool_client `GenerateSecret=True` doesn't work * add test for update_user_pool_client
2020-07-16 17:13:12 +09:00 · 2020-07-16 17:13:12 +09:00 · 3e2a5e7ee8
commit 3e2a5e7ee8
parent 419f3fba5a
3 changed files with 64 additions and 4 deletions
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@ -210,10 +210,11 @@ class CognitoIdpUserPoolDomain(BaseModel):


 class CognitoIdpUserPoolClient(BaseModel):
-    def __init__(self, user_pool_id, extended_config):
+    def __init__(self, user_pool_id, generate_secret, extended_config):
        self.user_pool_id = user_pool_id
        self.id = str(uuid.uuid4())
        self.secret = str(uuid.uuid4())
+        self.generate_secret = generate_secret or False
        self.extended_config = extended_config or {}

    def _base_json(self):
@ -225,6 +226,8 @@ class CognitoIdpUserPoolClient(BaseModel):

    def to_json(self, extended=False):
        user_pool_client_json = self._base_json()
+        if self.generate_secret:
+            user_pool_client_json.update({"ClientSecret": self.secret})
        if extended:
            user_pool_client_json.update(self.extended_config)

@ -402,12 +405,14 @@ class CognitoIdpBackend(BaseBackend):
        return user_pool_domain

    # User pool client
-    def create_user_pool_client(self, user_pool_id, extended_config):
+    def create_user_pool_client(self, user_pool_id, generate_secret, extended_config):
        user_pool = self.user_pools.get(user_pool_id)
        if not user_pool:
            raise ResourceNotFoundError(user_pool_id)

-        user_pool_client = CognitoIdpUserPoolClient(user_pool_id, extended_config)
+        user_pool_client = CognitoIdpUserPoolClient(
+            user_pool_id, generate_secret, extended_config
+        )
        user_pool.clients[user_pool_client.id] = user_pool_client
        return user_pool_client

--- a/moto/cognitoidp/responses.py
+++ b/moto/cognitoidp/responses.py
@ -84,8 +84,9 @@ class CognitoIdpResponse(BaseResponse):
    # User pool client
    def create_user_pool_client(self):
        user_pool_id = self.parameters.pop("UserPoolId")
+        generate_secret = self.parameters.pop("GenerateSecret", False)
        user_pool_client = cognitoidp_backends[self.region].create_user_pool_client(
-            user_pool_id, self.parameters
+            user_pool_id, generate_secret, self.parameters
        )
        return json.dumps({"UserPoolClient": user_pool_client.to_json(extended=True)})

--- a/tests/test_cognitoidp/test_cognitoidp.py
+++ b/tests/test_cognitoidp/test_cognitoidp.py
@ -213,6 +213,29 @@ def test_create_user_pool_client():
    result["UserPoolClient"]["UserPoolId"].should.equal(user_pool_id)
    result["UserPoolClient"]["ClientId"].should_not.be.none
    result["UserPoolClient"]["ClientName"].should.equal(client_name)
+    result["UserPoolClient"].should_not.have.key("ClientSecret")
+    result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
+    result["UserPoolClient"]["CallbackURLs"][0].should.equal(value)
+
+
+@mock_cognitoidp
+def test_create_user_pool_client_returns_secret():
+    conn = boto3.client("cognito-idp", "us-west-2")
+
+    client_name = str(uuid.uuid4())
+    value = str(uuid.uuid4())
+    user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
+    result = conn.create_user_pool_client(
+        UserPoolId=user_pool_id,
+        ClientName=client_name,
+        GenerateSecret=True,
+        CallbackURLs=[value],
+    )
+
+    result["UserPoolClient"]["UserPoolId"].should.equal(user_pool_id)
+    result["UserPoolClient"]["ClientId"].should_not.be.none
+    result["UserPoolClient"]["ClientName"].should.equal(client_name)
+    result["UserPoolClient"]["ClientSecret"].should_not.be.none
    result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
    result["UserPoolClient"]["CallbackURLs"][0].should.equal(value)

@ -331,6 +354,37 @@ def test_update_user_pool_client():
    )

    result["UserPoolClient"]["ClientName"].should.equal(new_client_name)
+    result["UserPoolClient"].should_not.have.key("ClientSecret")
+    result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
+    result["UserPoolClient"]["CallbackURLs"][0].should.equal(new_value)
+
+
+@mock_cognitoidp
+def test_update_user_pool_client_returns_secret():
+    conn = boto3.client("cognito-idp", "us-west-2")
+
+    old_client_name = str(uuid.uuid4())
+    new_client_name = str(uuid.uuid4())
+    old_value = str(uuid.uuid4())
+    new_value = str(uuid.uuid4())
+    user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
+    client_details = conn.create_user_pool_client(
+        UserPoolId=user_pool_id,
+        ClientName=old_client_name,
+        GenerateSecret=True,
+        CallbackURLs=[old_value],
+    )
+    client_secret = client_details["UserPoolClient"]["ClientSecret"]
+
+    result = conn.update_user_pool_client(
+        UserPoolId=user_pool_id,
+        ClientId=client_details["UserPoolClient"]["ClientId"],
+        ClientName=new_client_name,
+        CallbackURLs=[new_value],
+    )
+
+    result["UserPoolClient"]["ClientName"].should.equal(new_client_name)
+    result["UserPoolClient"]["ClientSecret"].should.equal(client_secret)
    result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
    result["UserPoolClient"]["CallbackURLs"][0].should.equal(new_value)