chore: kickoff release

Author: harsh62

Amplify/Categories/Auth/Models/AuthSignInStep.swift

@@ -39,6 +39,19 @@ public enum AuthSignInStep {
     ///
     case continueSignInWithMFASelection(AllowedMFATypes)
 
+    /// Auth step is for continuing sign in by setting up EMAIL multi factor authentication.
+    ///
+    case continueSignInWithEmailMFASetup
+
+    /// Auth step is for continuing sign in by selecting multi factor authentication type to setup
+    ///
+    case continueSignInWithMFASetupSelection(AllowedMFATypes)
+
+    /// Auth step is for confirming sign in with OTP
+    ///
+    /// OTP for the factor will be sent to the delivery medium.
+    case confirmSignInWithOTP(AuthCodeDeliveryDetails)
+
     /// Auth step required the user to change their password.
     ///
     case resetPassword(AdditionalInfo?)
@@ -51,3 +64,5 @@ public enum AuthSignInStep {
     ///
     case done
 }
+
+extension AuthSignInStep: Equatable { }

Amplify/Categories/Auth/Models/MFAType.swift

@@ -12,4 +12,7 @@ public enum MFAType: String {
 
     /// Time-based One Time Password linked with an authenticator app
     case totp
+
+    /// Email Service linked with an email
+    case email
 }

Amplify/Categories/Auth/Models/TOTPSetupDetails.swift

@@ -40,3 +40,5 @@ public struct TOTPSetupDetails {
         }
 
 }
+
+extension TOTPSetupDetails: Equatable { }

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/AWSCognitoAuthPlugin+PluginSpecificAPI.swift

@@ -41,12 +41,14 @@ public extension AWSCognitoAuthPlugin {
     }
 
     func updateMFAPreference(
-        sms: MFAPreference?,
-        totp: MFAPreference?
+        sms: MFAPreference? = nil,
+        totp: MFAPreference? = nil,
+        email: MFAPreference? = nil
     ) async throws {
         let task = UpdateMFAPreferenceTask(
             smsPreference: sms,
             totpPreference: totp,
+            emailPreference: email,
             authStateMachine: authStateMachine,
             userPoolFactory: authEnvironment.cognitoUserPoolFactory)
         return try await task.value

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/AWSCognitoAuthPluginBehavior.swift

@@ -49,6 +49,7 @@ protocol AWSCognitoAuthPluginBehavior: AuthCategoryPlugin {
     ///   - totp: The preference that needs to be updated for TOTP
     func updateMFAPreference(
         sms: MFAPreference?,
-        totp: MFAPreference?
+        totp: MFAPreference?,
+        email: MFAPreference?
     ) async throws
 }

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/InitializeResolveChallenge.swift

@@ -18,10 +18,54 @@ struct InitializeResolveChallenge: Action {
 
     func execute(withDispatcher dispatcher: EventDispatcher, environment: Environment) async {
         logVerbose("\(#fileID) Starting execution", environment: environment)
+        do {
+            let nextStep = try resolveNextSignInStep(for: challenge)
+            let event = SignInChallengeEvent(eventType: .waitForAnswer(challenge, signInMethod, nextStep))
+            logVerbose("\(#fileID) Sending event \(event.type)", environment: environment)
+            await dispatcher.send(event)
+        } catch let error as SignInError {
+            let errorEvent = SignInEvent(eventType: .throwAuthError(error))
+            logVerbose("\(#fileID) Sending event \(errorEvent)",
+                       environment: environment)
+            await dispatcher.send(errorEvent)
+        } catch {
+            let error = SignInError.service(error: error)
+            let errorEvent = SignInEvent(eventType: .throwAuthError(error))
+            logVerbose("\(#fileID) Sending event \(errorEvent)",
+                       environment: environment)
+            await dispatcher.send(errorEvent)
+        }
+    }
 
-        let event = SignInChallengeEvent(eventType: .waitForAnswer(challenge, signInMethod))
-        logVerbose("\(#fileID) Sending event \(event.type)", environment: environment)
-        await dispatcher.send(event)
+    private func resolveNextSignInStep(for challenge: RespondToAuthChallenge) throws -> AuthSignInStep {
+        switch challenge.challenge.authChallengeType {
+        case .smsMfa:
+            let delivery = challenge.codeDeliveryDetails
+            return .confirmSignInWithSMSMFACode(delivery, challenge.parameters)
+        case .totpMFA:
+            return .confirmSignInWithTOTPCode
+        case .customChallenge:
+            return .confirmSignInWithCustomChallenge(challenge.parameters)
+        case .newPasswordRequired:
+            return .confirmSignInWithNewPassword(challenge.parameters)
+        case .selectMFAType:
+            return .continueSignInWithMFASelection(challenge.getAllowedMFATypesForSelection)
+        case .emailMFA:
+            return .confirmSignInWithOTP(challenge.codeDeliveryDetails)
+        case .setUpMFA:
+            var allowedMFATypesForSetup = challenge.getAllowedMFATypesForSetup
+            // remove SMS, as it is not supported and should not be sent back to the customer, since it could be misleading
+            allowedMFATypesForSetup.remove(.sms)
+            if allowedMFATypesForSetup.count > 1 {
+                return .continueSignInWithMFASetupSelection(allowedMFATypesForSetup)
+            } else if let mfaType = allowedMFATypesForSetup.first,
+                      mfaType == .email {
+                return .continueSignInWithEmailMFASetup
+            }
+            throw SignInError.unknown(message: "Unable to determine next step from challenge:\n\(challenge)")
+        case .unknown(let cognitoChallengeType):
+            throw SignInError.unknown(message: "Challenge not supported\(cognitoChallengeType)")
+        }
     }
 
 }

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/SoftwareTokenSetup/InitializeTOTPSetup.swift

@@ -10,7 +10,7 @@ import Foundation
 struct InitializeTOTPSetup: Action {
 
     var identifier: String = "InitializeTOTPSetup"
-    let authResponse: SignInResponseBehavior
+    let authResponse: RespondToAuthChallenge
 
     func execute(withDispatcher dispatcher: EventDispatcher, environment: Environment) async {
         logVerbose("\(#fileID) Start execution", environment: environment)
@@ -26,9 +26,9 @@ extension InitializeTOTPSetup: CustomDebugDictionaryConvertible {
     var debugDictionary: [String: Any] {
         [
             "identifier": identifier,
-            "challengeName": authResponse.challengeName?.rawValue ?? "",
+            "challengeName": authResponse.challenge.rawValue,
             "session": authResponse.session?.masked() ?? "",
-            "challengeParameters": authResponse.challengeParameters ?? [:]
+            "challengeParameters": authResponse.parameters ?? [:]
         ]
     }
 }

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/SoftwareTokenSetup/SetUpTOTP.swift

@@ -12,7 +12,7 @@ import AWSCognitoIdentityProvider
 struct SetUpTOTP: Action {
 
     var identifier: String = "SetUpTOTP"
-    let authResponse: SignInResponseBehavior
+    let authResponse: RespondToAuthChallenge
     let signInEventData: SignInEventData
 
     func execute(withDispatcher dispatcher: EventDispatcher, environment: Environment) async {
@@ -65,9 +65,9 @@ extension SetUpTOTP: CustomDebugDictionaryConvertible {
     var debugDictionary: [String: Any] {
         [
             "identifier": identifier,
-            "challengeName": authResponse.challengeName?.rawValue ?? "",
+            "challengeName": authResponse.challenge.rawValue,
             "session": authResponse.session?.masked() ?? "",
-            "challengeParameters": authResponse.challengeParameters ?? [:],
+            "challengeParameters": authResponse.parameters ?? [:],
             "signInEventData": signInEventData.debugDictionary
         ]
     }

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/SignIn/VerifySignInChallenge.swift

@@ -19,12 +19,41 @@ struct VerifySignInChallenge: Action {
 
     let signInMethod: SignInMethod
 
+    let currentSignInStep: AuthSignInStep
+
     func execute(withDispatcher dispatcher: EventDispatcher, environment: Environment) async {
         logVerbose("\(#fileID) Starting execution", environment: environment)
         let username = challenge.username
         var deviceMetadata = DeviceMetadata.noData
 
         do {
+
+            if case .continueSignInWithMFASetupSelection = currentSignInStep {
+                let newChallenge = RespondToAuthChallenge(
+                    challenge: .mfaSetup,
+                    username: challenge.username,
+                    session: challenge.session,
+                    parameters: ["MFAS_CAN_SETUP": "[\"\(confirmSignEventData.answer)\"]"])
+
+                let event: SignInEvent
+                guard let mfaType = MFAType(rawValue: confirmSignEventData.answer) else {
+                    throw SignInError.inputValidation(field: "Unknown MFA type")
+                }
+
+                switch mfaType {
+                case .email:
+                    event = SignInEvent(eventType: .receivedChallenge(newChallenge))
+                case .totp:
+                    event = SignInEvent(eventType: .initiateTOTPSetup(username, newChallenge))
+                default:
+                    throw SignInError.unknown(message: "MFA Type not supported for setup")
+                }
+
+                logVerbose("\(#fileID) Sending event \(event)", environment: environment)
+                await dispatcher.send(event)
+                return
+            }
+
             let userpoolEnv = try environment.userPoolEnvironment()
             let username = challenge.username
             let session = challenge.session
@@ -64,7 +93,7 @@ struct VerifySignInChallenge: Action {
             // Remove the saved device details and retry verify challenge
             await DeviceMetadataHelper.removeDeviceMetaData(for: username, with: environment)
             let event = SignInChallengeEvent(
-                eventType: .retryVerifyChallengeAnswer(confirmSignEventData)
+                eventType: .retryVerifyChallengeAnswer(confirmSignEventData, currentSignInStep)
             )
             logVerbose("\(#fileID) Sending event \(event)", environment: environment)
             await dispatcher.send(event)

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Models/AuthChallengeType.swift

@@ -22,6 +22,8 @@ enum AuthChallengeType {
 
     case setUpMFA
 
+    case emailMFA
+
     case unknown(CognitoIdentityProviderClientTypes.ChallengeNameType)
 
 }
@@ -41,6 +43,8 @@ extension CognitoIdentityProviderClientTypes.ChallengeNameType: Codable {
             return .selectMFAType
         case .mfaSetup:
             return .setUpMFA
+        case .emailOtp:
+            return .emailMFA
         default:
             return .unknown(self)
         }