feat(auth): Fix cancelling hostedUI returning a generic error (#982)

- This is a behavior change and potential break the current customers, please see Before and After effect below in the PR
- Cancelling HostedUI signOut now returns userCancelled similar to the cancelling signIn

Author: royjit

AmplifyPlugins/Auth/AWSCognitoAuthPlugin/Dependency/AuthenticationProviderAdapter+SignIn.swift

@@ -148,7 +148,7 @@ extension AuthenticationProviderAdapter {
                         guard let self = self else { return }
 
                         if let error = error {
-                            let authError = self.convertSignUIErrorToAuthError(error)
+                            let authError = self.convertSignInUIErrorToAuthError(error)
                             completionHandler(.failure(authError))
                             return
                         }
@@ -182,7 +182,13 @@ extension AuthenticationProviderAdapter {
         return .failure(authError)
     }
 
-    private func convertSignUIErrorToAuthError(_ error: Error) -> AuthError {
+    private func convertSignInUIErrorToAuthError(_ error: Error) -> AuthError {
+        if AuthErrorHelper.didUserCancelHostedUI(error) {
+            return AuthError.service(
+                AuthPluginErrorConstants.hostedUIUserCancelledError.errorDescription,
+                AuthPluginErrorConstants.hostedUIUserCancelledError.recoverySuggestion,
+                AWSCognitoAuthError.userCancelled)
+        }
         if let awsMobileClientError = error as? AWSMobileClientError {
             switch awsMobileClientError {
             case .securityFailed(message: _):
@@ -207,7 +213,6 @@ extension AuthenticationProviderAdapter {
             default:
                 break
             }
-
         }
         let authError = AuthErrorHelper.toAuthError(error)
         return authError

AmplifyPlugins/Auth/AWSCognitoAuthPlugin/Dependency/AuthenticationProviderAdapter+SignOut.swift

@@ -17,8 +17,7 @@ extension AuthenticationProviderAdapter {
             guard let self = self else {
                 return
             }
-            self.signOutWithUI(isGlobalSignout: request.options.globalSignOut,
-                               completionHandler: completionHandler)
+            self.signOutWithUI(isGlobalSignout: request.options.globalSignOut, completionHandler: completionHandler)
         }
     }
 
@@ -31,19 +30,32 @@ extension AuthenticationProviderAdapter {
 
         let signOutOptions = SignOutOptions(signOutGlobally: isGlobalSignout, invalidateTokens: true)
         awsMobileClient.signOut(options: signOutOptions) { [weak self] error in
-            guard error == nil else {
-                let authError = AuthErrorHelper.toAuthError(error!)
-                if case .notAuthorized = authError {
-                    // signOut globally might return notAuthorized when the current token is expired or invalidated
-                    // In this case, we just signOut the user locally and return a success result back.
-                    self?.awsMobileClient.signOutLocally()
-                    completionHandler(.success(()))
-                } else {
-                    completionHandler(.failure(authError))
-                }
+            guard let error = error else {
+                completionHandler(.success(()))
                 return
             }
-            completionHandler(.success(()))
+
+            // If the user had cancelled the signOut flow by closing the HostedUI,
+            // return userCancelled error.
+            if AuthErrorHelper.didUserCancelHostedUI(error) {
+                let signOutError = AuthError.service(
+                    AuthPluginErrorConstants.hostedUIUserCancelledSignOutError.errorDescription,
+                    AuthPluginErrorConstants.hostedUIUserCancelledSignOutError.recoverySuggestion,
+                    AWSCognitoAuthError.userCancelled)
+                completionHandler(.failure(signOutError))
+                return
+            }
+
+            let authError = AuthErrorHelper.toAuthError(error)
+            if case .notAuthorized = authError {
+                // signOut globally might return notAuthorized when the current token is expired or invalidated
+                // In this case, we just signOut the user locally and return a success result back.
+                self?.awsMobileClient.signOutLocally()
+                completionHandler(.success(()))
+            } else {
+                completionHandler(.failure(authError))
+            }
+            return
         }
     }
 }

AmplifyPlugins/Auth/AWSCognitoAuthPlugin/Models/Options/AWSAttributeResendConfirmationCodeOptions.swift

@@ -7,6 +7,7 @@
 
 import Foundation
 
+// swiftlint:disable type_name
 public struct AWSAttributeResendConfirmationCodeOptions {
 
     public let metadata: [String: String]?

AmplifyPlugins/Auth/AWSCognitoAuthPlugin/Support/Constants/AuthPluginErrorConstants.swift

@@ -36,6 +36,10 @@ struct AuthPluginErrorConstants {
         "User cancelled the signIn flow and could not be completed.",
         "Present the signIn UI again for the user to sign in.")
 
+    static let hostedUIUserCancelledSignOutError: AuthPluginErrorString = (
+        "User cancelled the signOut flow and could not be completed.",
+        "Present the signOut UI again for the user to sign out.")
+
     static let userInvalidError: AuthPluginErrorString = (
         "Could not validate the user",
         "Get the current user Auth.getCurrentUser() and make the request")

AmplifyPlugins/Auth/AWSCognitoAuthPlugin/Support/Utils/AuthErrorHelper.swift

@@ -7,6 +7,8 @@
 
 import Amplify
 import AWSMobileClient
+import SafariServices
+import AuthenticationServices
 
 struct AuthErrorHelper {
 
@@ -165,4 +167,21 @@ struct AuthErrorHelper {
         return AuthError.unknown("An unknown error occurred", error)
 
     }
+
+    static func didUserCancelHostedUI(_ error: Error) -> Bool {
+        if let sfAuthError = error as? SFAuthenticationError,
+           case SFAuthenticationError.Code.canceledLogin = sfAuthError.code {
+            return true
+        }
+
+        if #available(iOS 12.0, *) {
+
+            if let asWebAuthError = error as? ASWebAuthenticationSessionError,
+               case ASWebAuthenticationSessionError.Code.canceledLogin = asWebAuthError.code {
+                return true
+            }
+        }
+
+        return false
+    }
 }

AmplifyPlugins/Auth/AWSCognitoAuthPluginTests/AuthenticationProviderTests/AuthenticationProviderSigninWithSocialWebUITests.swift

@@ -95,12 +95,12 @@ class AuthenticationProviderSigninWithSocialWebUITests: BaseAuthenticationProvid
     /// - Given: an auth plugin with mocked service.
     ///
     /// - When:
-    ///    - I invoke signInWithWebUI and mock cancel
+    ///    - I invoke signInWithWebUI and mock cancel using SFAuthenticationError
     /// - Then:
-    ///    - I should get a SFAuthenticationError.canceledLogin error
+    ///    - I should get a AWSCognitoAuthError.userCancelled error
     ///
     func testCancelSignIn() {
-        let mockError = NSError(domain: "com.apple.SafariServices.Authentication",
+        let mockError = NSError(domain: SFAuthenticationErrorDomain,
                                 code: SFAuthenticationError.canceledLogin.rawValue,
                                 userInfo: nil)
         mockAWSMobileClient?.showSignInMockResult = .failure(mockError)
@@ -115,9 +115,45 @@ class AuthenticationProviderSigninWithSocialWebUITests: BaseAuthenticationProvid
             case .success(let signinResult):
                 XCTFail("Should throw user cancelled error, instead - \(signinResult)")
             case .failure(let error):
-                guard case .unknown(_, let underlyingError) = error,
-                      case .canceledLogin = (underlyingError as? SFAuthenticationError)?.code else {
-                    XCTFail("Should produce SFAuthenticationError error but instead produced \(error)")
+                guard case .service(_, _, let underlyingError) = error,
+                      case .userCancelled = (underlyingError as? AWSCognitoAuthError) else {
+                    XCTFail("Should produce AWSCognitoAuthError error but instead produced \(error)")
+                    return
+                }
+            }
+        }
+        wait(for: [resultExpectation], timeout: apiTimeout)
+    }
+
+    /// Test a signInWithWebUI when the user cancel
+    ///
+    /// - Given: an auth plugin with mocked service.
+    ///
+    /// - When:
+    ///    - I invoke signInWithWebUI and mock cancel using ASWebAuthenticationSessionError
+    /// - Then:
+    ///    - I should get a AWSCognitoAuthError.userCancelled error
+    ///
+    @available(iOS 12.0, *)
+    func testASWebAuthenticationSessionError() {
+        let mockError = NSError(domain: ASWebAuthenticationSessionErrorDomain,
+                                code: ASWebAuthenticationSessionError.canceledLogin.rawValue,
+                                userInfo: nil)
+        mockAWSMobileClient?.showSignInMockResult = .failure(mockError)
+        let options = AuthWebUISignInRequest.Options()
+
+        let resultExpectation = expectation(description: "Should receive a result")
+        _ = plugin.signInWithWebUI(for: .amazon, presentationAnchor: window, options: options) { result in
+            defer {
+                resultExpectation.fulfill()
+            }
+            switch result {
+            case .success(let signinResult):
+                XCTFail("Should throw user cancelled error, instead - \(signinResult)")
+            case .failure(let error):
+                guard case .service(_, _, let underlyingError) = error,
+                      case .userCancelled = (underlyingError as? AWSCognitoAuthError) else {
+                    XCTFail("Should produce AWSCognitoAuthError error but instead produced \(error)")
                     return
                 }
             }

AmplifyPlugins/Auth/AWSCognitoAuthPluginTests/AuthenticationProviderTests/AuthenticationProviderSigninWithWebUITests.swift

@@ -115,9 +115,9 @@ class AuthenticationProviderSigninWithWebUITests: BaseAuthenticationProviderTest
             case .success(let signinResult):
                 XCTFail("Should throw user cancelled error, instead - \(signinResult)")
             case .failure(let error):
-                guard case .unknown(_, let underlyingError) = error,
-                      case .canceledLogin = (underlyingError as? SFAuthenticationError)?.code else {
-                    XCTFail("Should produce SFAuthenticationError error but instead produced \(error)")
+                guard case .service(_, _, let underlyingError) = error,
+                      case .userCancelled = (underlyingError as? AWSCognitoAuthError) else {
+                    XCTFail("Should produce userCancelled error but instead produced \(error)")
                     return
                 }
             }

AmplifyPlugins/Auth/AWSCognitoAuthPluginTests/AuthenticationProviderTests/AuthenticationProviderSignoutTests.swift

@@ -275,10 +275,10 @@ class AuthenticationProviderSignoutTests: BaseAuthenticationProviderTest {
     /// - When:
     ///    - I invoke signOut
     /// - Then:
-    ///    - I should get a SFAuthenticationError.canceledLogin error
+    ///    - I should get a AWSCognitoAuthError.userCancelled error
     ///
     func testSignOutWithUserCancel() {
-        let error = NSError(domain: "com.apple.SafariServices.Authentication",
+        let error = NSError(domain: SFAuthenticationErrorDomain,
                             code: SFAuthenticationError.canceledLogin.rawValue,
                             userInfo: nil)
         let options = AuthSignOutRequest.Options()
@@ -293,9 +293,46 @@ class AuthenticationProviderSignoutTests: BaseAuthenticationProviderTest {
             case .success:
                 XCTFail("Should not get success")
             case .failure(let error):
-                guard case .unknown(_, let underlyingError) = error,
-                      case .canceledLogin = (underlyingError as? SFAuthenticationError)?.code else {
-                    XCTFail("Should produce SFAuthenticationError error instead of \(error)")
+                guard case .service(_, _, let underlyingError) = error,
+                      case .userCancelled = (underlyingError as? AWSCognitoAuthError) else {
+                    XCTFail("Should produce userCancelled error instead of \(error)")
+                    return
+                }
+            }
+        }
+        wait(for: [resultExpectation], timeout: apiTimeout)
+    }
+
+    /// Test a signOut with userCancelled from service
+    ///
+    /// - Given: Given an auth plugin with mocked service. Mocked service should mock a
+    ///   ASWeb UserCancelled response
+    ///
+    /// - When:
+    ///    - I invoke signOut
+    /// - Then:
+    ///    - I should get a AWSCognitoAuthError.userCancelled error
+    ///
+    @available(iOS 12.0, *)
+    func testASWebAuthSignOutWithUserCancel() {
+        let mockError = NSError(domain: ASWebAuthenticationSessionErrorDomain,
+                                code: ASWebAuthenticationSessionError.canceledLogin.rawValue,
+                                userInfo: nil)
+        let options = AuthSignOutRequest.Options()
+        mockAWSMobileClient.signOutMockError = mockError
+        let resultExpectation = expectation(description: "Should receive a result")
+        _ = plugin.signOut(options: options) { result in
+            defer {
+                resultExpectation.fulfill()
+            }
+
+            switch result {
+            case .success:
+                XCTFail("Should not get success")
+            case .failure(let error):
+                guard case .service(_, _, let underlyingError) = error,
+                      case .userCancelled = (underlyingError as? AWSCognitoAuthError) else {
+                    XCTFail("Should produce userCancelled error instead of \(error)")
                     return
                 }
             }

AmplifyPlugins/Auth/Podfile.lock

@@ -10,18 +10,18 @@ PODS:
     - AWSCore (~> 2.22.0)
     - AWSMobileClient (~> 2.22.0)
     - AWSPluginsCore (= 1.5.5)
-  - AWSAuthCore (2.22.0):
-    - AWSCore (= 2.22.0)
-  - AWSCognitoIdentityProvider (2.22.0):
-    - AWSCognitoIdentityProviderASF (= 2.22.0)
-    - AWSCore (= 2.22.0)
-  - AWSCognitoIdentityProviderASF (2.22.0)
-  - AWSCore (2.22.0)
-  - AWSMobileClient (2.22.0):
-    - AWSAuthCore (= 2.22.0)
-    - AWSCognitoIdentityProvider (= 2.22.0)
-    - AWSCognitoIdentityProviderASF (= 2.22.0)
-    - AWSCore (= 2.22.0)
+  - AWSAuthCore (2.22.1):
+    - AWSCore (= 2.22.1)
+  - AWSCognitoIdentityProvider (2.22.1):
+    - AWSCognitoIdentityProviderASF (= 2.22.1)
+    - AWSCore (= 2.22.1)
+  - AWSCognitoIdentityProviderASF (2.22.1)
+  - AWSCore (2.22.1)
+  - AWSMobileClient (2.22.1):
+    - AWSAuthCore (= 2.22.1)
+    - AWSCognitoIdentityProvider (= 2.22.1)
+    - AWSCognitoIdentityProviderASF (= 2.22.1)
+    - AWSCore (= 2.22.1)
   - AWSPluginsCore (1.5.5):
     - Amplify (= 1.5.5)
     - AWSCore (~> 2.22.0)
@@ -76,11 +76,11 @@ CHECKOUT OPTIONS:
 SPEC CHECKSUMS:
   Amplify: 975fe3981790cf06e605353d2e704fc0985a45f3
   AmplifyTestCommon: 4e33dad284eca69acdb7511418c877967c0fc5da
-  AWSAuthCore: b54e2008da479e5a6ffdb6b482821d8f5a9afaa4
-  AWSCognitoIdentityProvider: 32a91ad644e49e40235a408a8fbb96ea74891f19
-  AWSCognitoIdentityProviderASF: 8b92721c17f2951ecd5bcfb749d5534f2851c2c7
-  AWSCore: 8bd1def9cb0b6770c65b6d394f1c1cbc0a5562b7
-  AWSMobileClient: bba690cc09c6569cc1111141beaa4e2f789f536b
+  AWSAuthCore: ad355f72d2d3e56939fb3b2965b796a93091cdf1
+  AWSCognitoIdentityProvider: 33e00e930891f899c27c007b33863e79b4b896af
+  AWSCognitoIdentityProviderASF: ac1574ea9fda4877400ecef9004e4e5759eb4961
+  AWSCore: f3f2e25cf5b4cb58b9561b48987d4fdd019227c2
+  AWSMobileClient: 70c694a0399c37084edaaebe8e1f1b6f21fd299f
   AWSPluginsCore: 358365037f62d5bc995037d6eb687f39582d90d0
   CwlCatchException: 70a52ae44ea5d46db7bd385f801a94942420cd8c
   CwlPreconditionTesting: d33a4e4f285c0b885fddcae5dfedfbb34d4f3961