fix(auth): Pass deviceMetadata in RespondToAuthChallenge for signIn challenges

Author: royjit

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/SRPAuth/VerifyPasswordSRP.swift

@@ -26,22 +26,24 @@ struct VerifyPasswordSRP: Action {
 
         logVerbose("\(#fileID) Starting execution", environment: environment)
 
+        let inputUsername = stateData.username
+        var username = inputUsername
+        var deviceMetadata = DeviceMetadata.noData
         do {
             let srpEnv = try environment.srpEnvironment()
             let userPoolEnv = try environment.userPoolEnvironment()
             let srpClient = try SRPSignInHelper.srpClient(srpEnv)
             let parameters = try challengeParameters()
 
-            let inputUsername = stateData.username
-            let username = parameters["USERNAME"] ?? inputUsername
+            username = parameters["USERNAME"] ?? inputUsername
             let userIdForSRP = parameters["USER_ID_FOR_SRP"] ?? inputUsername
 
             let saltHex = try saltHex(parameters)
             let secretBlockString = try secretBlockString(parameters)
             let secretBlock = try secretBlock(secretBlockString)
             let serverPublicB = try serverPublic(parameters)
 
-            let deviceMetadata = await DeviceMetadataHelper.getDeviceMetadata(
+            deviceMetadata = await DeviceMetadataHelper.getDeviceMetadata(
                 for: username,
                 with: environment)
             let signature = try signature(userIdForSRP: userIdForSRP,

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/VerifySignInChallenge.swift

@@ -21,6 +21,8 @@ struct VerifySignInChallenge: Action {
 
     func execute(withDispatcher dispatcher: EventDispatcher, environment: Environment) async {
         logVerbose("\(#fileID) Starting execution", environment: environment)
+        let username = challenge.username
+        var deviceMetadata = DeviceMetadata.noData
 
         do {
             let userpoolEnv = try environment.userPoolEnvironment()
@@ -29,6 +31,10 @@ struct VerifySignInChallenge: Action {
             let challengeType = challenge.challenge
             let responseKey = try challenge.getChallengeKey()
 
+            deviceMetadata = await DeviceMetadataHelper.getDeviceMetadata(
+                            for: username,
+                            with: environment)
+
             let input = RespondToAuthChallengeInput.verifyChallenge(
                 username: username,
                 challengeType: challengeType,
@@ -37,6 +43,7 @@ struct VerifySignInChallenge: Action {
                 answer: confirmSignEventData.answer,
                 clientMetadata: confirmSignEventData.metadata,
                 attributes: confirmSignEventData.attributes,
+                deviceMetadata: deviceMetadata,
                 environment: userpoolEnv)
 
             let responseEvent = try await UserPoolSignInHelper.sendRespondToAuth(

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Support/Utils/RespondToAuthChallengeInput+Amplify.swift

@@ -84,6 +84,7 @@ extension RespondToAuthChallengeInput {
         answer: String,
         clientMetadata: [String: String]?,
         attributes: [String: String],
+        deviceMetadata: DeviceMetadata,
         environment: UserPoolEnvironment) -> RespondToAuthChallengeInput {
 
             var challengeResponses = [
@@ -101,7 +102,7 @@ extension RespondToAuthChallengeInput {
                 challengeResponses: challengeResponses,
                 session: session,
                 clientMetadata: clientMetadata ?? [:],
-                deviceMetadata: .noData,
+                deviceMetadata: deviceMetadata,
                 environment: environment)
         }
 

AmplifyPlugins/Auth/Tests/AWSCognitoAuthPluginUnitTests/ActionTests/InitiateAuthSRP/VerifyPasswordSRPTests.swift

@@ -419,4 +419,135 @@ class VerifyPasswordSRPTests: XCTestCase {
         await waitForExpectations(timeout: 0.1)
     }
 
+//    /// Test verify password retry on device not found
+//    ///
+//    /// - Given: VerifyPasswordSRP action with mocked cognito client and configuration
+//    /// - When:
+//    ///    - I invoke the action with valid input and mock empty device not found error from Cognito
+//    /// - Then:
+//    ///    - Should send an event with retryRespondPasswordVerifier
+//    ///
+//    func testPasswordVerifierWithDeviceNotFound() async {
+//
+//        let identityProviderFactory: CognitoFactory = {
+//            MockIdentityProvider(
+//                mockRespondToAuthChallengeResponse: { _ in
+//                    throw RespondToAuthChallengeOutputError.resourceNotFoundException(
+//                        ResourceNotFoundException()
+//                    )
+//                })
+//        }
+//
+//        let environment = Defaults.makeDefaultAuthEnvironment(
+//            userPoolFactory: identityProviderFactory)
+//
+//        let data = InitiateAuthOutputResponse.validTestData
+//        let action = VerifyPasswordSRP(stateData: SRPStateData.testData,
+//                                       authResponse: data)
+//
+//        let passwordVerifierError = expectation(description: "passwordVerifierError")
+//
+//        let dispatcher = MockDispatcher { event in
+//            defer { passwordVerifierError.fulfill() }
+//
+//            guard let event = event as? SignInEvent else {
+//                XCTFail("Expected event to be SignInEvent but got \(event)")
+//                return
+//            }
+//
+//            guard case .retryRespondPasswordVerifier = event.eventType
+//            else {
+//                XCTFail("Should receive retryRespondPasswordVerifier")
+//                return
+//            }
+//        }
+//
+//        await action.execute(withDispatcher: dispatcher, environment: environment)
+//        await waitForExpectations(timeout: 0.1)
+//    }
+
+    /// Test  successful response from the VerifyPasswordSRP for confirmDevice
+    ///
+    /// - Given: VerifyPasswordSRP action with mocked cognito client and configuration
+    /// - When:
+    ///    - I invoke the action with valid input and mock new device
+    /// - Then:
+    ///    - Should send an event confirmDevice
+    ///
+    func testRespondToAuthChallengeWithConfirmDevice() async {
+        let identityProviderFactory: CognitoFactory = {
+            MockIdentityProvider(
+                mockRespondToAuthChallengeResponse: { _ in
+                    return RespondToAuthChallengeOutputResponse.testDataWithNewDevice()
+                })
+        }
+
+        let environment = Defaults.makeDefaultAuthEnvironment(
+            userPoolFactory: identityProviderFactory)
+
+        let data = InitiateAuthOutputResponse.validTestData
+        let action = VerifyPasswordSRP(stateData: SRPStateData.testData,
+                                       authResponse: data)
+
+        let passwordVerifierCompletion = expectation(
+            description: "passwordVerifierCompletion")
+
+        let dispatcher = MockDispatcher { event in
+            guard let event = event as? SignInEvent else {
+                XCTFail("Expected event to be SignInEvent but got \(event)")
+                return
+            }
+
+            if case .confirmDevice(let signedInData) = event.eventType {
+                XCTAssertNotNil(signedInData)
+                passwordVerifierCompletion.fulfill()
+            }
+        }
+
+        await action.execute(withDispatcher: dispatcher, environment: environment)
+        await waitForExpectations(timeout: 0.1)
+    }
+
+    /// Test  successful response from the VerifyPasswordSRP for verifyDevice
+    ///
+    /// - Given: VerifyPasswordSRP action with mocked cognito client and configuration
+    /// - When:
+    ///    - I invoke the action with valid input and mock verify device as response
+    /// - Then:
+    ///    - Should send an event initiateDeviceSRP
+    ///
+    func testRespondToAuthChallengeWithVerifyDevice() async {
+        let identityProviderFactory: CognitoFactory = {
+            MockIdentityProvider(
+                mockRespondToAuthChallengeResponse: { _ in
+                    return RespondToAuthChallengeOutputResponse.testDataWithVerifyDevice()
+                })
+        }
+
+        let environment = Defaults.makeDefaultAuthEnvironment(
+            userPoolFactory: identityProviderFactory)
+
+        let data = InitiateAuthOutputResponse.validTestData
+        let action = VerifyPasswordSRP(stateData: SRPStateData.testData,
+                                       authResponse: data)
+
+        let passwordVerifierCompletion = expectation(
+            description: "passwordVerifierCompletion")
+
+        let dispatcher = MockDispatcher { event in
+            guard let event = event as? SignInEvent else {
+                XCTFail("Expected event to be SignInEvent but got \(event)")
+                return
+            }
+
+            if case .initiateDeviceSRP(_, let response) = event.eventType {
+                XCTAssertNotNil(response)
+                passwordVerifierCompletion.fulfill()
+            }
+        }
+
+        await action.execute(withDispatcher: dispatcher, environment: environment)
+        await waitForExpectations(timeout: 0.1)
+    }
+
 }