fix(Auth): Sign out when user does not exist during delete user task (#2812)

Author: harsh62

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Task/AWSAuthDeleteUserTask.swift

@@ -31,11 +31,12 @@ class AWSAuthDeleteUserTask: AuthDeleteUserTask, DefaultLogger {
         let accessToken = try await taskHelper.getAccessToken()
 
         do {
-            try  await deleteUser(with: accessToken)
+            try await deleteUser(with: accessToken)
             log.verbose("Received Success")
         } catch {
             log.verbose("Delete user failed, reconfiguring auth state. \(error)")
             await waitForReConfigure()
+            await signOutIfUserWasNotFound(with: error)
             throw error
         }
     }
@@ -66,6 +67,18 @@ class AWSAuthDeleteUserTask: AuthDeleteUserTask, DefaultLogger {
         }
     }
 
+    private func signOutIfUserWasNotFound(with error: Error) async {
+        guard case AuthError.service(_, _, let underlyingError) = error,
+              case .userNotFound = (underlyingError as? AWSCognitoAuthError) else {
+            return
+        }
+        log.verbose("User not found, signing out")
+        let signOutData = SignOutEventData(globalSignOut: true)
+        let event = AuthenticationEvent(eventType: .signOutRequested(signOutData))
+        await authStateMachine.send(event)
+        _ = await taskHelper.didSignOut()
+    }
+
     private func waitForReConfigure() async {
 
         let event = AuthEvent(eventType: .reconfigure(configuration))

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Task/AWSAuthSignOutTask.swift

@@ -35,7 +35,7 @@ class AWSAuthSignOutTask: AuthSignOutTask, DefaultLogger {
         if isValidAuthNStateToStart(authNState) {
             log.verbose("Sending signOut event")
             await sendSignOutEvent()
-            return await doSignOut()
+            return await taskHelper.didSignOut()
         } else if case .federatedToIdentityPool = authNState {
             let invalidStateError = AuthError.invalidState(
                 "The user is currently federated to identity pool. You must call clearFederationToIdentityPool to clear credentials.",
@@ -47,40 +47,6 @@ class AWSAuthSignOutTask: AuthSignOutTask, DefaultLogger {
 
     }
 
-    private func doSignOut() async -> AuthSignOutResult {
-
-        let stateSequences = await authStateMachine.listen()
-        log.verbose("Waiting for signOut completion")
-        for await state in stateSequences {
-            guard case .configured(let authNState, _) = state else {
-                return invalidStateResult()
-            }
-
-            switch authNState {
-            case .signedOut(let data):
-                if data.revokeTokenError != nil ||
-                    data.globalSignOutError != nil ||
-                    data.hostedUIError != nil {
-                    return AWSCognitoSignOutResult.partial(
-                        revokeTokenError: data.revokeTokenError,
-                        globalSignOutError: data.globalSignOutError,
-                        hostedUIError: data.hostedUIError)
-                }
-                return AWSCognitoSignOutResult.complete
-            case .signingIn:
-                log.verbose("Cancel if a signIn is in progress")
-                await authStateMachine.send(AuthenticationEvent.init(eventType: .cancelSignIn))
-            case .signingOut(let state):
-                if case .error(let error) = state {
-                    return AWSCognitoSignOutResult.failed(error.authError)
-                }
-            default:
-                continue
-            }
-        }
-        fatalError()
-    }
-
     func isValidAuthNStateToStart(_ authNState: AuthenticationState) -> Bool {
         switch authNState {
         case .signedIn, .signedOut:

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Task/Helpers/AWSAuthTaskHelper.swift

@@ -31,6 +31,40 @@ class AWSAuthTaskHelper: DefaultLogger {
         }
     }
 
+    func didSignOut() async -> AuthSignOutResult {
+        let stateSequences = await authStateMachine.listen()
+        log.verbose("Waiting for signOut completion")
+        for await state in stateSequences {
+            guard case .configured(let authNState, _) = state else {
+                let error = AuthError.invalidState("Auth State not in a valid state", AuthPluginErrorConstants.invalidStateError, nil)
+                return AWSCognitoSignOutResult.failed(error)
+            }
+
+            switch authNState {
+            case .signedOut(let data):
+                if data.revokeTokenError != nil ||
+                    data.globalSignOutError != nil ||
+                    data.hostedUIError != nil {
+                    return AWSCognitoSignOutResult.partial(
+                        revokeTokenError: data.revokeTokenError,
+                        globalSignOutError: data.globalSignOutError,
+                        hostedUIError: data.hostedUIError)
+                }
+                return AWSCognitoSignOutResult.complete
+            case .signingIn:
+                log.verbose("Cancel if a signIn is in progress")
+                await authStateMachine.send(AuthenticationEvent.init(eventType: .cancelSignIn))
+            case .signingOut(let state):
+                if case .error(let error) = state {
+                    return AWSCognitoSignOutResult.failed(error.authError)
+                }
+            default:
+                continue
+            }
+        }
+        fatalError()
+    }
+
     func getAccessToken() async throws -> String {
 
         let session = try await fetchAuthSessionHelper.fetch(authStateMachine)

AmplifyPlugins/Auth/Tests/AWSCognitoAuthPluginUnitTests/TaskTests/AuthenticationProviderDeleteUserTests.swift

@@ -36,6 +36,35 @@ class AuthenticationProviderDeleteUserTests: BasePluginTest {
         }
     }
 
+    /// Test a deleteUser when sign out failed
+    ///
+    /// - Given: Given an auth plugin with mocked service. Mocked service should mock a
+    ///   sign out failure
+    ///
+    /// - When:
+    ///    - I invoke deleteUser
+    /// - Then:
+    ///    - I should still be able to get a success for delete user
+    ///
+    func testSignOutFailureWhenDeleteUserIsSuccess() async {
+        mockIdentityProvider = MockIdentityProvider(
+            mockRevokeTokenResponse: { _ in
+                throw RevokeTokenOutputError.unsupportedTokenTypeException(.init())
+            }, mockGlobalSignOutResponse: { _ in
+                throw GlobalSignOutOutputError.internalErrorException(.init())
+            },
+            mockDeleteUserOutputResponse: { _ in
+                try DeleteUserOutputResponse(httpResponse: .init(body: .empty, statusCode: .ok))
+            }
+        )
+        do {
+            try await plugin.deleteUser()
+            print("Delete user success")
+        } catch {
+            XCTFail("Received failure with error \(error)")
+        }
+    }
+
 
     /// Test a deleteUser with network error from service
     ///
@@ -374,6 +403,7 @@ class AuthenticationProviderDeleteUserTests: BasePluginTest {
     ///    - I invoke deleteUser
     /// - Then:
     ///    - I should get a .service error with .userNotFound error
+    ///      AuthN should be in signedOut state
     ///
     func testDeleteUserWithUserNotFoundException() async {
         mockIdentityProvider = MockIdentityProvider(
@@ -397,6 +427,19 @@ class AuthenticationProviderDeleteUserTests: BasePluginTest {
                 return
             }
         }
+
+        switch await plugin.authStateMachine.currentState {
+        case .configured(let authNState, let authZState):
+            switch (authNState, authZState) {
+            case (.signedOut, .configured):
+                print("AuthN and AuthZ are in a valid state")
+            default:
+                XCTFail("AuthN should be in signed out state")
+            }
+        default:
+            XCTFail("Auth should be in configured state")
+
+        }
     }
 
 // TODO: ENABLE TESTS after adding hosted UI feature