[CognitoUserPools] Add new AuthenticationDetails constructor to handle SRP before custom auth flow

minbi · minbi · commit 0720f2a3e63a · 2019-02-07T11:17:10.000-08:00
diff --git a/aws-android-sdk-cognitoidentityprovider/src/main/java/com/amazonaws/mobileconnectors/cognitoidentityprovider/CognitoUser.java b/aws-android-sdk-cognitoidentityprovider/src/main/java/com/amazonaws/mobileconnectors/cognitoidentityprovider/CognitoUser.java
@@ -2383,11 +2383,29 @@ public void run() {
      */
     private Runnable startWithCustomAuth(final AuthenticationDetails authenticationDetails,
             final AuthenticationHandler callback, final boolean runInBackground) {
-        final InitiateAuthRequest initiateAuthRequest = initiateCustomAuthRequest(
-                authenticationDetails);
         try {
+            final AuthenticationHelper authenticationHelper = new AuthenticationHelper(this.getUserPoolId());
+            final InitiateAuthRequest initiateAuthRequest = initiateCustomAuthRequest(
+                    authenticationDetails,
+                    authenticationHelper);
             final InitiateAuthResult initiateAuthResult = cognitoIdentityProviderClient
                     .initiateAuth(initiateAuthRequest);
+            updateInternalUsername(initiateAuthResult.getChallengeParameters());
+            if (CognitoServiceConstants.CHLG_TYPE_USER_PASSWORD_VERIFIER
+                    .equals(initiateAuthResult.getChallengeName())) {
+                if (authenticationDetails.getPassword() == null) {
+                    throw new IllegalStateException("Failed to find password in " +
+                            "authentication details to response to PASSWORD_VERIFIER challenge");
+                }
+                final RespondToAuthChallengeRequest challengeRequest = userSrpAuthRequest(
+                        initiateAuthResult.getChallengeParameters(),
+                        authenticationDetails.getPassword(),
+                        initiateAuthResult.getChallengeName(),
+                        initiateAuthResult.getSession(),
+                        authenticationHelper
+                );
+                return respondToChallenge(challengeRequest, callback, runInBackground);
+            }
             return handleChallenge(initiateAuthResult, authenticationDetails, callback, runInBackground);
         } catch (final Exception e) {
             return new Runnable() {
@@ -2477,21 +2495,13 @@ public void run() {
                 }
             }
         } else if (CognitoServiceConstants.CHLG_TYPE_USER_PASSWORD_VERIFIER.equals(challengeName)) {
-            if (authenticationDetails == null || authenticationDetails.getPassword() == null) {
-                return nextTask;
-            }
-
-            nextTask = new Runnable() {
+            return new Runnable() {
                 @Override
                 public void run() {
-                    final RespondToAuthChallengeRequest challengeRequest = userSrpAuthRequest(
-                            challenge.getChallengeParameters(),
-                            authenticationDetails.getPassword(),
-                            challenge.getChallengeName(),
-                            challenge.getSession(),
-                            new AuthenticationHelper(pool.getUserPoolId())
-                    );
-                    respondToChallenge(challengeRequest, callback, runInBackground);
+                    callback.onFailure(new CognitoInternalErrorException(
+                            "Authentication failed due to an internal error: " +
+                                    "PASSWORD_VERIFIER challenge encountered not at the " +
+                                    "start of authentication flow"));
                 }
             };
         } else if (CognitoServiceConstants.CHLG_TYPE_SMS_MFA.equals(challengeName)
@@ -2623,7 +2633,7 @@ public void run() {
     private InitiateAuthRequest initiateUserPasswordAuthRequest(
             AuthenticationDetails authenticationDetails) {
 
-        if (StringUtils.isBlank(authenticationDetails.getUserId()) 
+        if (StringUtils.isBlank(authenticationDetails.getUserId())
                 || StringUtils.isBlank(authenticationDetails.getPassword())) {
             throw new CognitoNotAuthorizedException("User name and password are required");
         }
@@ -2768,8 +2778,8 @@ private InitiateAuthRequest initiateUserSrpAuthRequest(
      * @return {@link InitiateAuthRequest}, request to start with the user SRP
      *         authentication.
      */
-    private InitiateAuthRequest initiateCustomAuthRequest(
-            AuthenticationDetails authenticationDetails) {
+    private InitiateAuthRequest initiateCustomAuthRequest(final AuthenticationDetails authenticationDetails,
+                                                          final AuthenticationHelper authenticationHelper) {
         final InitiateAuthRequest authRequest = new InitiateAuthRequest();
         authRequest.setAuthFlow(CognitoServiceConstants.AUTH_TYPE_INIT_CUSTOM_AUTH);
         authRequest.setClientId(clientId);
@@ -2784,6 +2794,9 @@ private InitiateAuthRequest initiateCustomAuthRequest(
             secretHash = CognitoSecretHash.getSecretHash(authenticationDetails.getUserId(), clientId, clientSecret);
             authenticationParameters.put(CognitoServiceConstants.AUTH_PARAM_SECRET_HASH, secretHash);
         }
+        if (CognitoServiceConstants.AUTH_PARAM_SRP_A.equals(authenticationDetails.getCustomChallenge())) {
+            authenticationParameters.put(CognitoServiceConstants.AUTH_PARAM_SRP_A, authenticationHelper.getA().toString(16));
+        }
         authRequest.setAuthParameters(authenticationDetails.getAuthenticationParameters());
 
         if (authenticationDetails.getValidationData() != null
@@ -2842,7 +2855,7 @@ private InitiateAuthRequest initiateRefreshTokenAuthRequest(CognitoUserSession c
                 deviceKey = CognitoDeviceHelper.getDeviceKey(usernameInternal, pool.getUserPoolId(),
                         context);
             } else {
-                deviceKey = CognitoDeviceHelper.getDeviceKey(currSession.getUsername(), 
+                deviceKey = CognitoDeviceHelper.getDeviceKey(currSession.getUsername(),
                         pool.getUserPoolId(), context);
             }
         }
@@ -3096,8 +3109,8 @@ public void listDevices(int limit, String paginationToken, DevicesHandler callba
 
     /**
      * Returns the current device, if users in this pool can remember devices.
-     * If a deviceKey is not found with the userId, the deviceKey is searched 
-     * with the username in cached tokens, if any. 
+     * If a deviceKey is not found with the userId, the deviceKey is searched
+     * with the username in cached tokens, if any.
      * @return {@link CognitoDevice} if the device is available, null otherwise.
      */
     public CognitoDevice thisDevice() {
@@ -3109,7 +3122,7 @@ public CognitoDevice thisDevice() {
                 deviceKey = CognitoDeviceHelper.getDeviceKey(userId, pool.getUserPoolId(), context);
                 if (deviceKey == null) {
                     CognitoUserSession currSession = this.readCachedTokens();
-                    deviceKey = CognitoDeviceHelper.getDeviceKey(currSession.getUsername(), 
+                    deviceKey = CognitoDeviceHelper.getDeviceKey(currSession.getUsername(),
                             this.pool.getUserPoolId(), this.context);
                 }
             }
diff --git a/aws-android-sdk-cognitoidentityprovider/src/main/java/com/amazonaws/mobileconnectors/cognitoidentityprovider/continuations/AuthenticationDetails.java b/aws-android-sdk-cognitoidentityprovider/src/main/java/com/amazonaws/mobileconnectors/cognitoidentityprovider/continuations/AuthenticationDetails.java
@@ -53,6 +53,32 @@ public AuthenticationDetails(String userId, String password,
         setValidationData(validationData);
     }
 
+    /**
+     * Constructs a new object for custom authentication that starts with SRP protocol.
+     * The first to challenges to be answered are SRP_A and PASSWORD_VERIFIER.
+     *
+     * @param userId REQUIRED: User ID, NOTE: This will over ride the current user ID
+     * @param password REQUIRED: This will be used to answer the PASSWORD_VERIFIER challenge.
+     * @param authenticationParameters REQUIRED: Authentication details that are used in custom
+     *                                 authentication process
+     * @param validationData REQUIRED: Contains authentication parameters which are passed to
+     *                       triggered pre-auth lambda trigger.
+     */
+    public AuthenticationDetails(String userId, String password, Map<String, String> authenticationParameters,
+                                 Map<String, String> validationData) {
+        this.userId = userId;
+        this.password = password;
+        if (authenticationParameters != null) {
+            this.authenticationType = CognitoServiceConstants.CHLG_TYPE_CUSTOM_CHALLENGE;
+            this.authenticationParameters = authenticationParameters;
+            setAuthenticationParameter(CognitoServiceConstants.AUTH_PARAM_USERNAME, userId);
+            setCustomChallenge(CognitoServiceConstants.AUTH_PARAM_SRP_A);
+            setValidationData(validationData);
+        } else {
+            this.authenticationType = null;
+        }
+    }
+
     /**
      * Constructs a new object for custom authentication.
      *
@@ -156,6 +182,10 @@ public void setCustomChallenge(String customChallenge) {
                 customChallenge);
     }
 
+    public String getCustomChallenge() {
+        return this.authenticationParameters.get(CognitoServiceConstants.AUTH_PARAM_CHALLENGE_NAME);
+    }
+
     /**
      * Set the name of the authentication challenge.
      *
