CCM-7465: use JWT sub as owner field in ddb

bhansell1 · bhansell1 · commit cf001a36c96a · 2024-12-18T16:14:22.000Z
diff --git a/lambdas/authorizer/src/index.ts b/lambdas/authorizer/src/index.ts
@@ -22,7 +22,7 @@ const $AccessToken = z.object({
 const generatePolicy = (
   Resource: string,
   Effect: 'Allow' | 'Deny',
-  context?: { username: string; email: string }
+  context?: { user: string }
 ) => ({
   principalId: 'api-caller',
   policyDocument: {
@@ -110,18 +110,15 @@ export const handler: APIGatewayRequestAuthorizerHandler = async ({
       return generatePolicy(methodArn, 'Deny');
     }
 
-    const emailAddress = UserAttributes.find(
-      ({ Name }) => Name === 'email'
-    )?.Value;
+    const sub = UserAttributes.find(({ Name }) => Name === 'sub')?.Value;
 
-    if (!emailAddress) {
-      logger.warn('Missing user email address');
+    if (!sub) {
+      logger.warn('Missing user subject');
       return generatePolicy(methodArn, 'Deny');
     }
 
     return generatePolicy(methodArn, 'Allow', {
-      username: Username,
-      email: emailAddress,
+      user: sub,
     });
   } catch (error) {
     logger.error(error);
diff --git a/lambdas/backend-api/src/__tests__/templates/api/create.test.ts b/lambdas/backend-api/src/__tests__/templates/api/create.test.ts
@@ -16,9 +16,9 @@ const createMock = jest.spyOn(TemplateClient.prototype, 'createTemplate');
 describe('Template API - Create', () => {
   beforeEach(jest.resetAllMocks);
 
-  test('should return 400 - Invalid request when, no email in requestContext', async () => {
+  test('should return 400 - Invalid request when, no user in requestContext', async () => {
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: undefined } },
+      requestContext: { authorizer: { user: undefined } },
       body: JSON.stringify({ id: 1 }),
     });
 
@@ -48,7 +48,7 @@ describe('Template API - Create', () => {
     });
 
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       body: undefined,
     });
 
@@ -65,7 +65,7 @@ describe('Template API - Create', () => {
       }),
     });
 
-    expect(TemplateClient).toHaveBeenCalledWith('email');
+    expect(TemplateClient).toHaveBeenCalledWith('sub');
 
     expect(createMock).toHaveBeenCalledWith({});
   });
@@ -79,7 +79,7 @@ describe('Template API - Create', () => {
     });
 
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       body: JSON.stringify({ id: 1 }),
     });
 
@@ -93,7 +93,7 @@ describe('Template API - Create', () => {
       }),
     });
 
-    expect(TemplateClient).toHaveBeenCalledWith('email');
+    expect(TemplateClient).toHaveBeenCalledWith('sub');
 
     expect(createMock).toHaveBeenCalledWith({ id: 1 });
   });
@@ -117,7 +117,7 @@ describe('Template API - Create', () => {
     });
 
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       body: JSON.stringify(create),
     });
 
@@ -128,7 +128,7 @@ describe('Template API - Create', () => {
       body: JSON.stringify({ statusCode: 201, template: response }),
     });
 
-    expect(TemplateClient).toHaveBeenCalledWith('email');
+    expect(TemplateClient).toHaveBeenCalledWith('sub');
 
     expect(createMock).toHaveBeenCalledWith(create);
   });
diff --git a/lambdas/backend-api/src/__tests__/templates/api/get.test.ts b/lambdas/backend-api/src/__tests__/templates/api/get.test.ts
@@ -15,9 +15,9 @@ const getTemplateMock = jest.spyOn(TemplateClient.prototype, 'getTemplate');
 describe('Template API - Get', () => {
   beforeEach(jest.resetAllMocks);
 
-  test('should return 400 - Invalid request when, no email in requestContext', async () => {
+  test('should return 400 - Invalid request when, no user in requestContext', async () => {
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: undefined } },
+      requestContext: { authorizer: { user: undefined } },
       pathParameters: { templateId: '1' },
     });
 
@@ -36,7 +36,7 @@ describe('Template API - Get', () => {
 
   test('should return 400 - Invalid request when, no templateId', async () => {
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       pathParameters: { templateId: undefined },
     });
 
@@ -62,7 +62,7 @@ describe('Template API - Get', () => {
     });
 
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       pathParameters: { templateId: '1' },
     });
 
@@ -76,7 +76,7 @@ describe('Template API - Get', () => {
       }),
     });
 
-    expect(TemplateClient).toHaveBeenCalledWith('email');
+    expect(TemplateClient).toHaveBeenCalledWith('sub');
     expect(getTemplateMock).toHaveBeenCalledWith('1');
   });
 
@@ -96,7 +96,7 @@ describe('Template API - Get', () => {
     });
 
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       pathParameters: { templateId: '1' },
     });
 
@@ -107,7 +107,7 @@ describe('Template API - Get', () => {
       body: JSON.stringify({ statusCode: 200, template }),
     });
 
-    expect(TemplateClient).toHaveBeenCalledWith('email');
+    expect(TemplateClient).toHaveBeenCalledWith('sub');
     expect(getTemplateMock).toHaveBeenCalledWith('1');
   });
 });
diff --git a/lambdas/backend-api/src/__tests__/templates/api/list.test.ts b/lambdas/backend-api/src/__tests__/templates/api/list.test.ts
@@ -15,9 +15,9 @@ const listTemplatesMock = jest.spyOn(TemplateClient.prototype, 'listTemplates');
 describe('Template API - List', () => {
   beforeEach(jest.resetAllMocks);
 
-  test('should return 400 - Invalid request when, no email in requestContext', async () => {
+  test('should return 400 - Invalid request when, no user in requestContext', async () => {
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: undefined } },
+      requestContext: { authorizer: { user: undefined } },
     });
 
     const result = await handler(event, mock<Context>(), jest.fn());
@@ -42,7 +42,7 @@ describe('Template API - List', () => {
     });
 
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       pathParameters: { templateId: '1' },
     });
 
@@ -56,7 +56,7 @@ describe('Template API - List', () => {
       }),
     });
 
-    expect(TemplateClient).toHaveBeenCalledWith('email');
+    expect(TemplateClient).toHaveBeenCalledWith('sub');
 
     expect(listTemplatesMock).toHaveBeenCalled();
   });
@@ -77,7 +77,7 @@ describe('Template API - List', () => {
     });
 
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
     });
 
     const result = await handler(event, mock<Context>(), jest.fn());
@@ -87,7 +87,7 @@ describe('Template API - List', () => {
       body: JSON.stringify({ statusCode: 200, templates: [template] }),
     });
 
-    expect(TemplateClient).toHaveBeenCalledWith('email');
+    expect(TemplateClient).toHaveBeenCalledWith('sub');
 
     expect(listTemplatesMock).toHaveBeenCalled();
   });
diff --git a/lambdas/backend-api/src/__tests__/templates/api/update.test.ts b/lambdas/backend-api/src/__tests__/templates/api/update.test.ts
@@ -19,9 +19,9 @@ const updateTemplateMock = jest.spyOn(
 describe('Template API - Update', () => {
   beforeEach(jest.resetAllMocks);
 
-  test('should return 400 - Invalid request when, no email in requestContext', async () => {
+  test('should return 400 - Invalid request when, no user in requestContext', async () => {
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: undefined } },
+      requestContext: { authorizer: { user: undefined } },
       body: JSON.stringify({ name: 'test' }),
       pathParameters: { templateId: '1-2-3' },
     });
@@ -52,7 +52,7 @@ describe('Template API - Update', () => {
     });
 
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       pathParameters: { templateId: '1-2-3' },
       body: undefined,
     });
@@ -70,14 +70,14 @@ describe('Template API - Update', () => {
       }),
     });
 
-    expect(TemplateClient).toHaveBeenCalledWith('email');
+    expect(TemplateClient).toHaveBeenCalledWith('sub');
 
     expect(updateTemplateMock).toHaveBeenCalledWith('1-2-3', {});
   });
 
   test('should return 400 - Invalid request when, no templateId', async () => {
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       body: JSON.stringify({ name: 'test' }),
       pathParameters: { templateId: undefined },
     });
@@ -104,7 +104,7 @@ describe('Template API - Update', () => {
     });
 
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       body: JSON.stringify({ name: 'name' }),
       pathParameters: { templateId: '1-2-3' },
     });
@@ -119,7 +119,7 @@ describe('Template API - Update', () => {
       }),
     });
 
-    expect(TemplateClient).toHaveBeenCalledWith('email');
+    expect(TemplateClient).toHaveBeenCalledWith('sub');
 
     expect(updateTemplateMock).toHaveBeenCalledWith('1-2-3', { name: 'name' });
   });
@@ -144,7 +144,7 @@ describe('Template API - Update', () => {
     });
 
     const event = mock<APIGatewayProxyEvent>({
-      requestContext: { authorizer: { email: 'email' } },
+      requestContext: { authorizer: { user: 'sub' } },
       body: JSON.stringify(update),
       pathParameters: { templateId: '1-2-3' },
     });
@@ -156,7 +156,7 @@ describe('Template API - Update', () => {
       body: JSON.stringify({ statusCode: 200, template: response }),
     });
 
-    expect(TemplateClient).toHaveBeenCalledWith('email');
+    expect(TemplateClient).toHaveBeenCalledWith('sub');
 
     expect(updateTemplateMock).toHaveBeenCalledWith('1-2-3', update);
   });
diff --git a/lambdas/backend-api/src/templates/api/create.ts b/lambdas/backend-api/src/templates/api/create.ts
@@ -3,15 +3,15 @@ import { TemplateClient } from '@backend-api/templates/app/template-client';
 import { apiFailure, apiSuccess } from './responses';
 
 export const handler: APIGatewayProxyHandler = async (event) => {
-  const email = event.requestContext.authorizer?.email;
+  const user = event.requestContext.authorizer?.user;
 
   const dto = JSON.parse(event.body || '{}');
 
-  if (!email) {
+  if (!user) {
     return apiFailure(400, 'Invalid request');
   }
 
-  const client = new TemplateClient(email);
+  const client = new TemplateClient(user);
 
   const { data, error } = await client.createTemplate(dto);
 
diff --git a/lambdas/backend-api/src/templates/api/get.ts b/lambdas/backend-api/src/templates/api/get.ts
@@ -3,15 +3,15 @@ import { TemplateClient } from '@backend-api/templates/app/template-client';
 import { apiFailure, apiSuccess } from './responses';
 
 export const handler: APIGatewayProxyHandler = async (event) => {
-  const email = event.requestContext.authorizer?.email;
+  const user = event.requestContext.authorizer?.user;
 
   const templateId = event.pathParameters?.templateId;
 
-  if (!email || !templateId) {
+  if (!user || !templateId) {
     return apiFailure(400, 'Invalid request');
   }
 
-  const client = new TemplateClient(email);
+  const client = new TemplateClient(user);
 
   const { data, error } = await client.getTemplate(templateId);
 
diff --git a/lambdas/backend-api/src/templates/api/list.ts b/lambdas/backend-api/src/templates/api/list.ts
@@ -3,13 +3,13 @@ import { TemplateClient } from '@backend-api/templates/app/template-client';
 import { apiFailure, apiSuccess } from './responses';
 
 export const handler: APIGatewayProxyHandler = async (event) => {
-  const email = event.requestContext.authorizer?.email;
+  const user = event.requestContext.authorizer?.user;
 
-  if (!email) {
+  if (!user) {
     return apiFailure(400, 'Invalid request');
   }
 
-  const client = new TemplateClient(email);
+  const client = new TemplateClient(user);
 
   const { data, error } = await client.listTemplates();
 
diff --git a/lambdas/backend-api/src/templates/api/update.ts b/lambdas/backend-api/src/templates/api/update.ts
@@ -3,17 +3,17 @@ import { TemplateClient } from '@backend-api/templates/app/template-client';
 import { apiFailure, apiSuccess } from './responses';
 
 export const handler: APIGatewayProxyHandler = async (event) => {
-  const email = event.requestContext.authorizer?.email;
+  const user = event.requestContext.authorizer?.user;
 
   const templateId = event.pathParameters?.templateId;
 
   const dto = JSON.parse(event.body || '{}');
 
-  if (!email || !templateId) {
+  if (!user || !templateId) {
     return apiFailure(400, 'Invalid request');
   }
 
-  const client = new TemplateClient(email);
+  const client = new TemplateClient(user);
 
   const { data, error } = await client.updateTemplate(templateId, dto);
 
