fix(auth): cognito integ test fixes (#1940)

Author: haverchuck

packages/amplify_core/lib/src/types/auth/sign_in/auth_next_sign_in_step.dart

@@ -27,7 +27,6 @@ class AuthNextSignInStep<Key extends UserAttributeKey> extends AuthNextStep
     super.additionalInfo,
     super.codeDeliveryDetails,
     required this.signInStep,
-    this.challengeParameters,
     this.missingAttributes = const [],
   });
 
@@ -41,7 +40,6 @@ class AuthNextSignInStep<Key extends UserAttributeKey> extends AuthNextStep
       );
 
   final String signInStep;
-  final Map<String, String>? challengeParameters;
 
   /// Attributes which are required in your backend but have not yet been
   /// provided as part of the sign-in/sign-up flow for this user.
@@ -53,7 +51,6 @@ class AuthNextSignInStep<Key extends UserAttributeKey> extends AuthNextStep
   @override
   List<Object?> get props => [
         signInStep,
-        challengeParameters,
         missingAttributes,
       ];
 

packages/amplify_core/lib/src/types/auth/sign_in/auth_next_sign_in_step.g.dart

@@ -26,6 +26,8 @@ void main() {
   IntegrationTestWidgetsFlutterBinding.ensureInitialized();
   late String username;
   late String password;
+  CognitoSignInOptions options = const CognitoSignInOptions(
+      authFlowType: AuthenticationFlowType.customAuth);
   group(
     'custom auth passwordless signIn',
     () {
@@ -34,9 +36,7 @@ void main() {
       });
 
       setUpAll(() async {
-        await configureAuth(
-          customAuth: true,
-        );
+        await configureAuth();
         // create new user for each test
         username = generateUsername();
         password = generatePassword();
@@ -50,35 +50,11 @@ void main() {
       });
 
       testWidgets(
-        'Unconfirmed user sign in throws UserNotConfirmedException (even when password not verified)',
-        (WidgetTester tester) async {
-          var unconfirmedUsername = '${generateUsername()}unconfirmedUSer';
-          await Amplify.Auth.signUp(
-            username: unconfirmedUsername,
-            password: password,
-            options: CognitoSignUpOptions(
-              userAttributes: {
-                CognitoUserAttributeKey.email: '[email protected]',
-                CognitoUserAttributeKey.phoneNumber: '+15555555555',
-              },
-            ),
-          );
-
-          expect(
-            Amplify.Auth.signIn(username: unconfirmedUsername, password: null),
-            throwsA(
-              isA<UserNotConfirmedException>(),
-            ),
-          );
-        },
-      );
-
-      testWidgets(
-        'signIn should return data from the auth challenge lambda',
+        'signIn should return data from the auth challenge lambda (passwordless)',
         (WidgetTester tester) async {
           final res = await Amplify.Auth.signIn(
             username: username,
-            password: null,
+            options: options,
           );
           expect(
             res.isSignedIn,
@@ -89,6 +65,14 @@ void main() {
             res.nextStep!.additionalInfo?['test-key'],
             'test-value',
           );
+          expect(
+            res.nextStep!.additionalInfo?['USERNAME'],
+            isNotNull,
+          );
+          expect(
+            res.nextStep!.additionalInfo?.length,
+            2,
+          );
           expect(
             res.nextStep?.signInStep,
             'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE',
@@ -101,7 +85,7 @@ void main() {
         (WidgetTester tester) async {
           await Amplify.Auth.signIn(
             username: username,
-            password: null,
+            options: options,
           );
           // '123' is the arbitrary challenge answer defined in lambda code
           final res = await Amplify.Auth.confirmSignIn(
@@ -117,7 +101,10 @@ void main() {
       testWidgets(
         'an incorrect challenge reply should throw a NotAuthorizedException',
         (WidgetTester tester) async {
-          await Amplify.Auth.signIn(username: username, password: null);
+          await Amplify.Auth.signIn(
+            username: username,
+            options: options,
+          );
           // '123' is the arbitrary challenge answer defined in lambda code
           expect(
             Amplify.Auth.confirmSignIn(confirmationValue: 'wrong'),
@@ -127,6 +114,70 @@ void main() {
           );
         },
       );
+
+      testWidgets(
+        'if a password is provided but is incorrect, throw NotAuthorizedException',
+        (WidgetTester tester) async {
+          // '123' is the arbitrary challenge answer defined in lambda code
+          expect(
+            Amplify.Auth.signIn(
+              username: username,
+              password: 'wrong',
+              options: options,
+            ),
+            throwsA(
+              isA<NotAuthorizedException>(),
+            ),
+          );
+        },
+      );
+
+      testWidgets(
+        'a correct password and correct challenge reply should sign in the user',
+        (WidgetTester tester) async {
+          await Amplify.Auth.signIn(
+            username: username,
+            password: password,
+            options: options,
+          );
+          // '123' is the arbitrary challenge answer defined in lambda code
+          final res = await Amplify.Auth.confirmSignIn(
+            confirmationValue: '123',
+          );
+          expect(
+            res.isSignedIn,
+            true,
+          );
+        },
+      );
+
+      testWidgets(
+        'signIn should return data from the auth challenge lambda (with password)',
+        (WidgetTester tester) async {
+          final res = await Amplify.Auth.signIn(
+            username: username,
+            password: password,
+            options: options,
+          );
+          expect(
+            res.isSignedIn,
+            false,
+          );
+          // additionalInfo key values defined in lambda code
+          expect(
+            res.nextStep!.additionalInfo?['test-key'],
+            'test-value',
+          );
+          expect(
+            res.nextStep!.additionalInfo?.length,
+            1,
+          );
+          expect(
+            res.nextStep?.signInStep,
+            'CONFIRM_SIGN_IN_WITH_CUSTOM_CHALLENGE',
+          );
+        },
+      );
     },
   );
 }

packages/auth/amplify_auth_cognito/example/integration_test/custom_auth_passwordless_test.dart renamed to packages/auth/amplify_auth_cognito/example/integration_test/custom_auth_test.dart

@@ -82,14 +82,10 @@ void main() {
       );
     });
 
-    testWidgets(
-        'should throw an InvalidStateException if a user is already signed in',
-        (WidgetTester tester) async {
-      await Amplify.Auth.signIn(username: username, password: password);
-      expect(
-        Amplify.Auth.signIn(username: username, password: password),
-        throwsA(isA<InvalidStateException>()),
-      );
+    testWidgets('additionalInfo should be null', (WidgetTester tester) async {
+      final result =
+          await Amplify.Auth.signIn(username: username, password: password);
+      expect(result.nextStep?.additionalInfo, isNull);
     });
   });
 

packages/auth/amplify_auth_cognito/example/integration_test/sign_in_sign_out_test.dart

@@ -13,20 +13,16 @@
 // permissions and limitations under the License.
 //
 
-import 'dart:convert';
-
 import 'package:amplify_auth_cognito/amplify_auth_cognito.dart';
 import 'package:amplify_auth_cognito_example/amplifyconfiguration.dart';
 import 'package:amplify_flutter/amplify_flutter.dart';
 
 Future<void> configureAuth(
-    {List<AmplifyPluginInterface> additionalPlugins = const [],
-    bool customAuth = false}) async {
+    {List<AmplifyPluginInterface> additionalPlugins = const []}) async {
   if (!Amplify.isConfigured) {
     final authPlugin = AmplifyAuthCognito();
-    String config = _createConfig(amplifyconfig, customAuth: customAuth);
     await Amplify.addPlugins([authPlugin, ...additionalPlugins]);
-    await Amplify.configure(config);
+    await Amplify.configure(amplifyconfig);
   }
 }
 
@@ -38,15 +34,3 @@ Future<void> signOutUser() async {
     // Ignore a signOut error because we only care when someone signed in.
   }
 }
-
-// parse json, and switch auth mode if required by test
-String _createConfig(String amplifyconfig, {bool customAuth = false}) {
-  String config = amplifyconfig;
-  if (customAuth) {
-    var configString = jsonDecode(amplifyconfig);
-    configString['auth']['plugins']['awsCognitoAuthPlugin']['Auth']['Default']
-        ['authenticationFlowType'] = 'CUSTOM_AUTH';
-    config = jsonEncode(configString);
-  }
-  return config;
-}

packages/auth/amplify_auth_cognito/example/integration_test/utils/setup_utils.dart

@@ -1,14 +1,43 @@
+// Scenario A: Password was not sent in client library API request, so SRP was not performed
+// Scenario B: Password was sent in client library API request, so SRP was performed and verification expected in Lambda
+
 exports.handler = async (event) => {
-  if (event.request.session.length == 1 && event.request.session[0].challengeName == 'SRP_A') {
+  // Scenario A: Step 1
+  if (event.request.session.length == 0) {
     event.response.issueTokens = false;
     event.response.failAuthentication = false;
     event.response.challengeName = 'CUSTOM_CHALLENGE';
-  } else if (event.request.session.length == 2 && event.request.session[1].challengeName == 'CUSTOM_CHALLENGE' && event.request.session[1].challengeResult == true) {
-      event.response.issueTokens = true;
-      event.response.failAuthentication = false;
+    // Scenario B: Step 1
+  } else if (
+    event.request.session.length == 1 &&
+    event.request.session[0].challengeName == 'SRP_A'
+  ) {
+    event.response.issueTokens = false;
+    event.response.failAuthentication = false;
+    event.response.challengeName = 'PASSWORD_VERIFIER'
+    // Scenario A: Step 2
+  } else if (
+    event.request.session.length == 2 &&
+    event.request.session[1].challengeName == 'PASSWORD_VERIFIER' &&
+    event.request.session[1].challengeResult == true
+  ) {
+    event.response.issueTokens = false;
+    event.response.failAuthentication = false;
+    event.response.challengeName = 'CUSTOM_CHALLENGE';
+    // Scenario A: Step 3 OR Scenario B Step 2
+  } else if (
+    (event.request.session.length == 1 &&
+      event.request.session[0].challengeName == 'CUSTOM_CHALLENGE' &&
+      event.request.session[0].challengeResult == true) ||
+    (event.request.session.length == 3 &&
+      event.request.session[2].challengeName == 'CUSTOM_CHALLENGE' &&
+      event.request.session[2].challengeResult == true)
+  ) {
+    event.response.issueTokens = true;
+    event.response.failAuthentication = false;
   } else {
-      event.response.issueTokens = false;
-      event.response.failAuthentication = true;
+    event.response.issueTokens = false;
+    event.response.failAuthentication = true;
   }
   return event;
 };

packages/auth/amplify_auth_cognito/example/tool/DefineAuthChallengeLambda/src/index.js

@@ -454,7 +454,7 @@ class AmplifyAuthCognitoDart extends AuthPluginInterface
               codeDeliveryDetails: _getChallengeDeliveryDetails(
                 state.challengeParameters,
               ),
-              challengeParameters: state.challengeParameters,
+              additionalInfo: state.challengeParameters,
               missingAttributes: state.requiredAttributes,
             ),
           );
@@ -519,7 +519,7 @@ class AmplifyAuthCognitoDart extends AuthPluginInterface
               codeDeliveryDetails: _getChallengeDeliveryDetails(
                 state.challengeParameters,
               ),
-              challengeParameters: state.challengeParameters,
+              additionalInfo: state.challengeParameters,
               missingAttributes: state.requiredAttributes,
             ),
           );