CognitoIDP - allow unauthenticated request to sign_up (#5009)
This commit is contained in:
parent
ac6d88518d
commit
552385881c
@ -1403,10 +1403,13 @@ class CognitoIdpBackend(BaseBackend):
|
|||||||
return resource_server
|
return resource_server
|
||||||
|
|
||||||
def sign_up(self, client_id, username, password, attributes):
|
def sign_up(self, client_id, username, password, attributes):
|
||||||
|
# This method may not be authenticated - which means we don't know which region the request was send to
|
||||||
|
# Let's cycle through all regions to find out which one contains our client_id
|
||||||
user_pool = None
|
user_pool = None
|
||||||
for p in self.user_pools.values():
|
for backend in cognitoidp_backends.values():
|
||||||
if client_id in p.clients:
|
for p in backend.user_pools.values():
|
||||||
user_pool = p
|
if client_id in p.clients:
|
||||||
|
user_pool = p
|
||||||
if user_pool is None:
|
if user_pool is None:
|
||||||
raise ResourceNotFoundError(client_id)
|
raise ResourceNotFoundError(client_id)
|
||||||
elif user_pool._get_user(username):
|
elif user_pool._get_user(username):
|
||||||
|
57
tests/test_cognitoidp/test_server.py
Normal file
57
tests/test_cognitoidp/test_server.py
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
import json
|
||||||
|
import moto.server as server
|
||||||
|
|
||||||
|
|
||||||
|
def test_sign_up_method_without_authentication():
|
||||||
|
backend = server.create_backend_app("cognito-idp")
|
||||||
|
test_client = backend.test_client()
|
||||||
|
|
||||||
|
# Create User Pool
|
||||||
|
res = test_client.post(
|
||||||
|
"/",
|
||||||
|
data='{"PoolName": "test-pool"}',
|
||||||
|
headers={
|
||||||
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPool",
|
||||||
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
||||||
|
},
|
||||||
|
)
|
||||||
|
user_pool_id = json.loads(res.data)["UserPool"]["Id"]
|
||||||
|
|
||||||
|
# Create User Pool Client
|
||||||
|
data = {
|
||||||
|
"UserPoolId": user_pool_id,
|
||||||
|
"ClientName": "some-client",
|
||||||
|
"GenerateSecret": False,
|
||||||
|
"ExplicitAuthFlows": ["ALLOW_USER_PASSWORD_AUTH"],
|
||||||
|
}
|
||||||
|
res = test_client.post(
|
||||||
|
"/",
|
||||||
|
data=json.dumps(data),
|
||||||
|
headers={
|
||||||
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.CreateUserPoolClient",
|
||||||
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
||||||
|
},
|
||||||
|
)
|
||||||
|
client_id = json.loads(res.data)["UserPoolClient"]["ClientId"]
|
||||||
|
|
||||||
|
# List User Pool Clients, to verify it exists
|
||||||
|
data = {"UserPoolId": user_pool_id}
|
||||||
|
res = test_client.post(
|
||||||
|
"/",
|
||||||
|
data=json.dumps(data),
|
||||||
|
headers={
|
||||||
|
"X-Amz-Target": "AWSCognitoIdentityProviderService.ListUserPoolClients",
|
||||||
|
"Authorization": "AWS4-HMAC-SHA256 Credential=abcd/20010101/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=...",
|
||||||
|
},
|
||||||
|
)
|
||||||
|
json.loads(res.data)["UserPoolClients"].should.have.length_of(1)
|
||||||
|
|
||||||
|
# Sign Up User
|
||||||
|
data = {"ClientId": client_id, "Username": "test@gmail.com", "Password": "12345678"}
|
||||||
|
res = test_client.post(
|
||||||
|
"/",
|
||||||
|
data=json.dumps(data),
|
||||||
|
headers={"X-Amz-Target": "AWSCognitoIdentityProviderService.SignUp"},
|
||||||
|
)
|
||||||
|
res.status_code.should.equal(200)
|
||||||
|
json.loads(res.data).should.have.key("UserConfirmed").equals(False)
|
Loading…
Reference in New Issue
Block a user