fix(auth): Delete user api get stuck on no network (#2656)

Author: royjit

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Actions/DeleteUser/DeleteUser.swift

@@ -47,7 +47,7 @@ struct DeleteUser: Action {
                 _ = try await client.deleteUser(input: input)
                 event = DeleteUserEvent(eventType: .signOutDeletedUser)
                 logVerbose("\(#fileID) Delete User succeeded", environment: environment)
-            } catch let error as DeleteUserOutputError {
+            } catch let error as AuthErrorConvertible {
                 event = DeleteUserEvent(eventType: .throwError(error.authError))
                 logVerbose("\(#fileID) Delete User failed \(error)", environment: environment)
             } catch let error {

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/ClientBehavior/AWSCognitoAuthPlugin+ClientBehavior.swift

@@ -159,7 +159,9 @@ extension AWSCognitoAuthPlugin: AuthCategoryBehavior {
     }
 
     public func deleteUser() async throws {
-        let task = AWSAuthDeleteUserTask(authStateMachine: self.authStateMachine)
+        let task = AWSAuthDeleteUserTask(
+            authStateMachine: self.authStateMachine,
+            authConfiguraiton: authConfiguration)
         _ = try await taskQueue.sync {
             return try await task.value
         }

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Operations/Helpers/FetchAuthSessionOperationHelper.swift

@@ -174,13 +174,18 @@ class FetchAuthSessionOperationHelper {
 
         switch error {
 
-        case .notAuthorized:
+        case .notAuthorized, .noCredentialsToRefresh:
             if !isSignedIn {
                 return AuthCognitoSignedOutSessionHelper.makeSessionWithNoGuestAccess()
             }
-        case .noCredentialsToRefresh:
-            if !isSignedIn {
-                return AuthCognitoSignedOutSessionHelper.makeSessionWithNoGuestAccess()
+
+        case .service(let error):
+            if let authError = (error as? AuthErrorConvertible)?.authError {
+                let session = AWSAuthCognitoSession(isSignedIn: isSignedIn,
+                                                    identityIdResult: .failure(authError),
+                                                    awsCredentialsResult: .failure(authError),
+                                                    cognitoTokensResult: .failure(authError))
+                return session
             }
         default: break
 

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Service/ErrorMapping/AuthErrorConvertible.swift

@@ -14,3 +14,9 @@ protocol AuthErrorConvertible {
 
     var authError: AuthError { get }
 }
+
+extension AuthError: AuthErrorConvertible {
+    var authError: AuthError {
+        return self
+    }
+}

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Service/ErrorMapping/SdkError+AuthError.swift

@@ -70,9 +70,13 @@ extension SdkError: AuthErrorConvertible {
             if let authError = error as? AuthErrorConvertible {
                 return authError.authError
             } else {
-                return AuthError.service(error.localizedDescription,
-                                         "",
-                                         AWSCognitoAuthError.network)
+                return AuthError.service(
+                    error.localizedDescription,
+                    """
+                    Check your network connection, retry when the network is available.
+                    HTTP Response stauts code: \(String(describing: httpResponse?.statusCode))
+                    """,
+                    AWSCognitoAuthError.network)
 
             }
 

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/StateMachine/CodeGen/Events/AuthEvents.swift

@@ -22,6 +22,8 @@ struct AuthEvent: StateMachineEvent {
         case authenticationConfigured(AuthConfiguration, AmplifyCredentials)
 
         case authorizationConfigured
+
+        case reconfigure(AuthConfiguration)
     }
 
     var id: String
@@ -38,6 +40,7 @@ struct AuthEvent: StateMachineEvent {
         case .authenticationConfigured: return "AuthEvent.authenticationConfigured"
         case .authorizationConfigured: return "AuthEvent.authorizationConfigured"
         case .validateCredentialAndConfiguration: return "AuthEvent.validateCredentialAndConfiguration"
+        case .reconfigure: return "AuthEvent.reconfigure"
         }
     }
 

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/StateMachine/Resolvers/AuthState/AuthState+Resolver.swift

@@ -80,6 +80,11 @@ extension AuthState {
                 return .init(newState: newState, actions: authNresolution.actions + authZresolution.actions)
 
             case .configured(let authenticationState, let authorizationState):
+                if case .reconfigure(let authConfiguration) = isAuthEvent(event)?.eventType {
+                    let newState = AuthState.configuringAuth
+                    let action = InitializeAuthConfiguration(authConfiguration: authConfiguration)
+                    return .init(newState: newState, actions: [action])
+                }
                 let authenticationResolver = AuthenticationState.Resolver()
                 let authorizationResolver = AuthorizationState.Resolver()
                 let authNresolution = authenticationResolver.resolve(oldState: authenticationState, byApplying: event)

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/StateMachine/Resolvers/RefreshSession/RefreshSessionState+Resolver.swift

@@ -18,6 +18,7 @@ extension RefreshSessionState {
                      byApplying event: StateMachineEvent) -> StateResolution<RefreshSessionState> {
 
             switch oldState {
+
             case .notStarted:
 
                 if case .refreshCognitoUserPool(let signedInData) = event.isRefreshSessionEvent {

AmplifyPlugins/Auth/Sources/AWSCognitoAuthPlugin/Task/AWSAuthDeleteUserTask.swift

@@ -12,20 +12,29 @@ import AWSPluginsCore
 class AWSAuthDeleteUserTask: AuthDeleteUserTask {
     private let authStateMachine: AuthStateMachine
     private let taskHelper: AWSAuthTaskHelper
+    private let configuration: AuthConfiguration
 
     var eventName: HubPayloadEventName {
         HubPayload.EventName.Auth.deleteUserAPI
     }
 
-    init(authStateMachine: AuthStateMachine) {
+    init(authStateMachine: AuthStateMachine,
+         authConfiguraiton: AuthConfiguration) {
         self.authStateMachine = authStateMachine
+        self.configuration = authConfiguraiton
         self.taskHelper = AWSAuthTaskHelper(authStateMachine: authStateMachine)
     }
 
     func execute() async throws {
         await taskHelper.didStateMachineConfigured()
         let accessToken = try await taskHelper.getAccessToken()
-        try await deleteUser(with: accessToken)
+
+        do {
+            try  await deleteUser(with: accessToken)
+        } catch {
+            await waitForReConfigure()
+            throw error
+        }
     }
 
     private func deleteUser(with token: String) async throws {
@@ -52,4 +61,10 @@ class AWSAuthDeleteUserTask: AuthDeleteUserTask {
             }
         }
     }
+
+    private func waitForReConfigure() async {
+        let event = AuthEvent(eventType: .reconfigure(configuration))
+        await authStateMachine.send(event)
+        await taskHelper.didStateMachineConfigured()
+    }
 }

AmplifyPlugins/Auth/Tests/AWSCognitoAuthPluginUnitTests/TaskTests/AuthenticationProviderDeleteUserTests.swift

@@ -12,6 +12,8 @@ import XCTest
 @testable import Amplify
 @testable import AWSCognitoAuthPlugin
 import AWSCognitoIdentityProvider
+import ClientRuntime
+import AwsCommonRuntimeKit
 
 class AuthenticationProviderDeleteUserTests: BasePluginTest {
 
@@ -34,6 +36,97 @@ class AuthenticationProviderDeleteUserTests: BasePluginTest {
         }
     }
 
+
+    /// Test a deleteUser with network error from service
+    ///
+    /// - Given: Given an auth plugin with mocked service. Mocked service should mock a
+    ///   network error
+    ///
+    /// - When:
+    ///    - I invoke deleteUser
+    /// - Then:
+    ///    - I should get a .service error with .network as underlying error
+    ///
+    func testOfflineDeleteUser() async {
+        mockIdentityProvider = MockIdentityProvider(
+            mockRevokeTokenResponse: { _ in
+                try RevokeTokenOutputResponse(httpResponse: .init(body: .empty, statusCode: .ok))
+            }, mockGlobalSignOutResponse: { _ in
+                try GlobalSignOutOutputResponse(httpResponse: .init(body: .empty, statusCode: .ok))
+            },
+            mockDeleteUserOutputResponse: { _ in
+                let crtError = ClientRuntime.ClientError.retryError(
+                    CRTError.crtError(
+                        AWSError(errorCode: 1059)))
+                throw SdkError<DeleteUserOutputError>.client(crtError)
+            }
+        )
+        do {
+            try await plugin.deleteUser()
+            XCTFail("Should not get success")
+        } catch {
+            guard case AuthError.service(_, _, let underlyingError) = error,
+                  case .network = (underlyingError as? AWSCognitoAuthError) else {
+                XCTFail("Should produce network error instead of \(error)")
+                return
+            }
+        }
+    }
+
+    /// Test a deleteUser with network error from service and retry with success on no network error
+    ///
+    /// - Given: Given an auth plugin with mocked service. Mocked service should mock a
+    ///   network error for the first call and mock an actual result on the second call
+    ///
+    /// - When:
+    ///    - I invoke deleteUser and retry it
+    /// - Then:
+    ///    - I should get a .service error with .network as underlying error for the first call
+    ///    - I should get a valid response for the second call
+    ///
+    func testOfflineDeleteUserAndRetry() async {
+        mockIdentityProvider = MockIdentityProvider(
+            mockRevokeTokenResponse: { _ in
+                try RevokeTokenOutputResponse(httpResponse: .init(body: .empty, statusCode: .ok))
+            }, mockGlobalSignOutResponse: { _ in
+                try GlobalSignOutOutputResponse(httpResponse: .init(body: .empty, statusCode: .ok))
+            },
+            mockDeleteUserOutputResponse: { _ in
+                let crtError = ClientRuntime.ClientError.retryError(
+                    CRTError.crtError(
+                        AWSError(errorCode: 1059)))
+                throw SdkError<DeleteUserOutputError>.client(crtError)
+            }
+        )
+        do {
+            try await plugin.deleteUser()
+            XCTFail("Should not get success")
+        } catch {
+            guard case AuthError.service(_, _, let underlyingError) = error,
+                  case .network = (underlyingError as? AWSCognitoAuthError) else {
+                XCTFail("Should produce network error instead of \(error)")
+                return
+            }
+        }
+
+        mockIdentityProvider = MockIdentityProvider(
+            mockRevokeTokenResponse: { _ in
+                try RevokeTokenOutputResponse(httpResponse: .init(body: .empty, statusCode: .ok))
+            }, mockGlobalSignOutResponse: { _ in
+                try GlobalSignOutOutputResponse(httpResponse: .init(body: .empty, statusCode: .ok))
+            },
+            mockDeleteUserOutputResponse: { _ in
+                try DeleteUserOutputResponse(httpResponse: .init(body: .empty, statusCode: .ok))
+            }
+        )
+        do {
+            try await plugin.deleteUser()
+            print("Delete user success")
+        } catch {
+            XCTFail("Received failure with error \(error)")
+        }
+    }
+
     // MARK: - Service Exceptions
 
     /// Test a deleteUser with `InternalErrorException` from service