fix(datastore-v1): Multi auth rule for read subscription (#3029)

Subscriptions for `read` auth rule were not processed inside Datastore. `read` auth rule can subscribe to onCreateX, onUpdateX and onDeleteX.

Author: royjit

Amplify/Categories/DataStore/Model/Internal/Schema/AuthRule.swift

@@ -68,3 +68,7 @@ public struct AuthRule {
         self.operations = operations
     }
 }
+
+extension AuthRule: Hashable {
+
+}

AmplifyPlugins/Core/AWSPluginsCore/Auth/AWSAuthModeStrategy.swift

@@ -43,6 +43,9 @@ public protocol AuthModeStrategy: AnyObject {
 
     func authTypesFor(schema: ModelSchema,
                       operation: ModelOperation) -> AWSAuthorizationTypeIterator
+
+    func authTypesFor(schema: ModelSchema,
+                      operations: [ModelOperation]) -> AWSAuthorizationTypeIterator
 }
 
 /// AuthorizationType iterator with an extra `count` property used
@@ -90,10 +93,17 @@ public class AWSDefaultAuthModeStrategy: AuthModeStrategy {
     public weak var authDelegate: AuthModeStrategyDelegate?
     required public init() {}
 
-    public func authTypesFor(schema: ModelSchema,
-                             operation: ModelOperation) -> AWSAuthorizationTypeIterator {
-        return AWSAuthorizationTypeIterator(withValues: [])
-    }
+    public func authTypesFor(
+        schema: ModelSchema,
+        operation: ModelOperation) -> AWSAuthorizationTypeIterator {
+            return AWSAuthorizationTypeIterator(withValues: [])
+        }
+
+    public func authTypesFor(
+        schema: ModelSchema,
+        operations: [ModelOperation]) -> AWSAuthorizationTypeIterator {
+            return AWSAuthorizationTypeIterator(withValues: [])
+        }
 }
 
 // MARK: - AWSMultiAuthModeStrategy
@@ -187,19 +197,40 @@ public class AWSMultiAuthModeStrategy: AuthModeStrategy {
     ///   - schema: model schema
     ///   - operation: model operation
     /// - Returns: an iterator for the applicable auth rules
-    public func authTypesFor(schema: ModelSchema,
-                             operation: ModelOperation) -> AWSAuthorizationTypeIterator {
-        var applicableAuthRules = schema.authRules
-            .filter(modelOperation: operation)
-            .sorted(by: AWSMultiAuthModeStrategy.comparator)
+    public func authTypesFor(
+        schema: ModelSchema,
+        operation: ModelOperation
+    ) -> AWSAuthorizationTypeIterator {
+
+            return authTypesFor(schema: schema, operations: [operation])
+        }
+
+    /// Returns the union of authorization types for the provided schema for the given list of operations
+    /// - Parameters:
+    ///   - schema: model schema
+    ///   - operations: model operations
+    /// - Returns: an iterator for the applicable auth rules
+    public func authTypesFor(
+        schema: ModelSchema,
+        operations: [ModelOperation]
+    ) -> AWSAuthorizationTypeIterator {
+
+        var applicableAuthRules = Set<AuthRule>()
+
+        for operation in operations {
+            let rules = schema.authRules.filter(modelOperation: operation)
+            applicableAuthRules = applicableAuthRules.union(Set(rules))
+        }
+
+        var sortedRules = applicableAuthRules.sorted(by: AWSMultiAuthModeStrategy.comparator)
 
         // if there isn't a user signed in, returns only public or custom rules
         if let authDelegate = authDelegate, !authDelegate.isUserLoggedIn() {
-            applicableAuthRules = applicableAuthRules.filter { rule in
+            sortedRules = sortedRules.filter { rule in
                 return rule.allow == .public || rule.allow == .custom
             }
         }
-        let applicableAuthTypes = applicableAuthRules.map {
+        let applicableAuthTypes = sortedRules.map {
             AWSMultiAuthModeStrategy.authTypeFor(authRule: $0)
         }
         return AWSAuthorizationTypeIterator(withValues: applicableAuthTypes)

AmplifyPlugins/Core/AWSPluginsCoreTests/Auth/AuthModeStrategyTests.swift

@@ -123,6 +123,29 @@ class AuthModeStrategyTests: XCTestCase {
         XCTAssertEqual(authTypesIterator.next(), .awsIAM)
     }
 
+    // Given: multi-auth strategy and a model schema without auth provider
+    // When: auth types are requested with multiple operation
+    // Then: default values based on the auth strategy should be returned
+    func testMultiAuthShouldReturnDefaultAuthTypesForMultipleOperation() {
+        let authMode = AWSMultiAuthModeStrategy()
+        var authTypesIterator = authMode.authTypesFor(schema: ModelNoProvider.schema, operations: [.read, .create])
+        XCTAssertEqual(authTypesIterator.count, 2)
+        XCTAssertEqual(authTypesIterator.next(), .amazonCognitoUserPools)
+        XCTAssertEqual(authTypesIterator.next(), .apiKey)
+    }
+
+    // Given: multi-auth strategy and a model schema with auth provider
+    // When: auth types are requested with multiple operation
+    // Then: auth rule for public access should be returned
+    func testMultiAuthReturnDefaultAuthTypesForMultipleOperationWithProvider() {
+        let authMode = AWSMultiAuthModeStrategy()
+        let delegate = UnauthenticatedUserDelegate()
+        authMode.authDelegate = delegate
+        var authTypesIterator = authMode.authTypesFor(schema: ModelNoProvider.schema, operations: [.read, .create])
+        XCTAssertEqual(authTypesIterator.count, 1)
+        XCTAssertEqual(authTypesIterator.next(), .apiKey)
+    }
+
 }
 
 // MARK: - Test models

AmplifyPlugins/DataStore/AWSDataStoreCategoryPlugin/Sync/SubscriptionSync/IncomingAsyncSubscriptionEventPublisher.swift

@@ -73,8 +73,11 @@ final class IncomingAsyncSubscriptionEventPublisher: AmplifyCancellable {
 
         // onCreate operation
         let onCreateValueListener = onCreateValueListenerHandler(event:)
-        let onCreateAuthTypeProvider = authModeStrategy.authTypesFor(schema: modelSchema,
-                                                                     operation: .create)
+        let onCreateAuthTypeProvider = authModeStrategy.authTypesFor(
+            schema: modelSchema,
+            operations: [.create, .read]
+        )
+
         self.onCreateValueListener = onCreateValueListener
         self.onCreateOperation = RetryableGraphQLSubscriptionOperation(
             requestFactory: IncomingAsyncSubscriptionEventPublisher.apiRequestFactoryFor(
@@ -94,8 +97,10 @@ final class IncomingAsyncSubscriptionEventPublisher: AmplifyCancellable {
 
         // onUpdate operation
         let onUpdateValueListener = onUpdateValueListenerHandler(event:)
-        let onUpdateAuthTypeProvider = authModeStrategy.authTypesFor(schema: modelSchema,
-                                                                     operation: .update)
+        let onUpdateAuthTypeProvider = authModeStrategy.authTypesFor(
+            schema: modelSchema,
+            operations: [.update, .read]
+        )
         self.onUpdateValueListener = onUpdateValueListener
         self.onUpdateOperation = RetryableGraphQLSubscriptionOperation(
             requestFactory: IncomingAsyncSubscriptionEventPublisher.apiRequestFactoryFor(
@@ -115,8 +120,10 @@ final class IncomingAsyncSubscriptionEventPublisher: AmplifyCancellable {
 
         // onDelete operation
         let onDeleteValueListener = onDeleteValueListenerHandler(event:)
-        let onDeleteAuthTypeProvider = authModeStrategy.authTypesFor(schema: modelSchema,
-                                                                     operation: .delete)
+        let onDeleteAuthTypeProvider = authModeStrategy.authTypesFor(
+            schema: modelSchema,
+            operations: [.delete, .read]
+        )
         self.onDeleteValueListener = onDeleteValueListener
         self.onDeleteOperation = RetryableGraphQLSubscriptionOperation(
             requestFactory: IncomingAsyncSubscriptionEventPublisher.apiRequestFactoryFor(

AmplifyPlugins/DataStore/Podfile.lock

@@ -128,4 +128,4 @@ SPEC CHECKSUMS:
 
 PODFILE CHECKSUM: 0bab7193bebdf470839514f327440893b0d26090
 
-COCOAPODS: 1.11.3
+COCOAPODS: 1.12.0

Podfile.lock

@@ -51,4 +51,4 @@ SPEC CHECKSUMS:
 
 PODFILE CHECKSUM: 5e20e56b8ef40444b018a3736b7b726ff9772f00
 
-COCOAPODS: 1.11.3
+COCOAPODS: 1.12.0