fix(auth): clear credentials values only if namespacing has changed (#3827)

* fix(auth): clear credentials values only if namespacing has changed

* fix session errors

Author: harsh62

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/CredentialStorage/AWSCognitoAuthCredentialStore.swift

@@ -65,12 +65,12 @@ struct AWSCognitoAuthCredentialStore {
             newIdentityConfigData != nil &&
             oldIdentityPoolConfiguration == newIdentityConfigData
         {
-
             // retrieve data from the old namespace and save with the new namespace
             if let oldCognitoCredentialsData = try? keychain._getData(oldNameSpace) {
                 try? keychain._set(oldCognitoCredentialsData, key: newNameSpace)
             }
-        } else if oldAuthConfigData != currentAuthConfig {
+        } else if oldAuthConfigData != currentAuthConfig &&
+                    oldNameSpace != newNameSpace {
             // Clear the old credentials
             try? keychain._remove(oldNameSpace)
         }

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Operations/Helpers/FetchAuthSessionOperationHelper.swift

@@ -8,7 +8,7 @@
 import Foundation
 import Amplify
 
-class FetchAuthSessionOperationHelper: DefaultLogger {
+class FetchAuthSessionOperationHelper {
 
     typealias FetchAuthSessionCompletion = (Result<AuthSession, AuthError>) -> Void
 
@@ -108,85 +108,41 @@ class FetchAuthSessionOperationHelper: DefaultLogger {
                                      "Auth plugin is in an invalid state")
     }
 
-    func sessionResultWithError(_ error: AuthorizationError,
-                                authenticationState: AuthenticationState)
-    throws -> AuthSession {
-        log.verbose("Received error - \(error)")
+    func sessionResultWithError(
+        _ error: AuthorizationError,
+        authenticationState: AuthenticationState
+    ) throws -> AuthSession {
+        log.verbose("Received fetch auth session error - \(error)")
 
         var isSignedIn = false
-        if case .signedIn = authenticationState {
-            isSignedIn = true
-        }
-        switch error {
-        case .sessionError(let fetchError, let credentials):
-            return try sessionResultWithFetchError(fetchError,
-                                                   authenticationState: authenticationState,
-                                                   existingCredentials: credentials)
-        case .sessionExpired(let error):
-            let session = AuthCognitoSignedInSessionHelper.makeExpiredSignedInSession(
-                underlyingError: error)
-            return session
-        default:
-            let message = "Unknown error occurred"
-            let error = AuthError.unknown(message)
-            let session = AWSAuthCognitoSession(isSignedIn: isSignedIn,
-                                                identityIdResult: .failure(error),
-                                                awsCredentialsResult: .failure(error),
-                                                cognitoTokensResult: .failure(error))
-            return session
-        }
-    }
-
-    func sessionResultWithFetchError(_ error: FetchSessionError,
-                                     authenticationState: AuthenticationState,
-                                     existingCredentials: AmplifyCredentials)
-    throws -> AuthSession {
+        var authError: AuthError = error.authError
 
-        var isSignedIn = false
         if case .signedIn = authenticationState {
             isSignedIn = true
         }
 
         switch error {
-
-        case .notAuthorized, .noCredentialsToRefresh:
-            if !isSignedIn {
+        case .sessionError(let fetchError, _):
+            if (fetchError == .notAuthorized || fetchError == .noCredentialsToRefresh) && !isSignedIn {
                 return AuthCognitoSignedOutSessionHelper.makeSessionWithNoGuestAccess()
-            }
-
-        case .service(let error):
-            var authError: AuthError
-            if let convertedAuthError = (error as? AuthErrorConvertible)?.authError {
-                authError = convertedAuthError
             } else {
-                authError = AuthError.service(
-                    "Unknown service error occurred",
-                    "See the attached error for more details",
-                    error)
+                authError = fetchError.authError
             }
-            let session = AWSAuthCognitoSession(
-                isSignedIn: isSignedIn,
-                identityIdResult: .failure(authError),
-                awsCredentialsResult: .failure(authError),
-                cognitoTokensResult: .failure(authError))
+        case .sessionExpired(let error):
+            let session = AuthCognitoSignedInSessionHelper.makeExpiredSignedInSession(
+                underlyingError: error)
             return session
-        default: break
-
+        default:
+            break
         }
-        let message = "Unknown error occurred"
-        let error = AuthError.unknown(message)
-        let session = AWSAuthCognitoSession(isSignedIn: isSignedIn,
-                                            identityIdResult: .failure(error),
-                                            awsCredentialsResult: .failure(error),
-                                            cognitoTokensResult: .failure(error))
-        return session
-    }
 
-    public static var log: Logger {
-        Amplify.Logging.logger(forCategory: CategoryType.auth.displayName, forNamespace: String(describing: self))
-    }
-
-    public var log: Logger {
-        Self.log
+        let session = AWSAuthCognitoSession(
+            isSignedIn: isSignedIn,
+            identityIdResult: .failure(authError),
+            awsCredentialsResult: .failure(authError),
+            cognitoTokensResult: .failure(authError))
+        return session
     }
 }
+
+extension FetchAuthSessionOperationHelper: DefaultLogger { }

AmplifyPlugins/Auth/Tests/AuthHostApp/AuthIntegrationTests/CredentialStore/CredentialStoreConfigurationTests.swift

@@ -89,8 +89,16 @@ class CredentialStoreConfigurationTests: AWSAuthBaseTest {
             XCTFail("Unable to save credentials")
         }
 
+        // When configuration changed
+        let updatedConfig = AuthConfiguration.userPoolsAndIdentityPools(
+            UserPoolConfigurationData(poolId: Defaults.userPoolId,
+                                      clientId: Defaults.appClientId,
+                                      region: Defaults.regionString,
+                                      clientSecret: Defaults.appClientSecret,
+                                      pinpointAppId: "somethingNew"),
+            Defaults.makeIdentityConfigData())
         // When configuration don't change changed
-        let newCredentialStore = AWSCognitoAuthCredentialStore(authConfiguration: initialAuthConfig)
+        let newCredentialStore = AWSCognitoAuthCredentialStore(authConfiguration: updatedConfig)
 
         // Then
         guard let credentials = try? newCredentialStore.retrieveCredential(),