Merge pull request #177 from aws/revert-164-master

Revert "Fix Cognito User Pools token refresh and failure handling"

Author: mreddyg

aws-android-sdk-cognitoidentityprovider/src/main/java/com/amazonaws/mobileconnectors/cognitoidentityprovider/CognitoUser.java

@@ -22,9 +22,7 @@
 import android.os.Handler;
 import android.util.Log;
 
-import com.amazonaws.AmazonClientException;
 import com.amazonaws.AmazonServiceException;
-import com.amazonaws.SDKGlobalConfiguration;
 import com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.AuthenticationContinuation;
 import com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.AuthenticationDetails;
 import com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.ForgotPasswordContinuation;
@@ -104,8 +102,6 @@
  */
 public class CognitoUser {
     private final String TAG = "CognitoUser";
-    /** Default threshold for refreshing session credentials */
-    public static final int DEFAULT_THRESHOLD_SECONDS = 500;
 
     /**
      * Application context.
@@ -623,24 +619,6 @@ public void getSession(final AuthenticationHandler callback) {
         }
     }
 
-    /**
-     * Returns true if a new session needs to be started. A new session
-     * is needed when no session has been started yet, or if the last session is
-     * within the configured refresh threshold.
-     *
-     * @return True if a new session needs to be started.
-     */
-    private boolean needsNewSession(CognitoUserSession userSession) {
-        if (userSession == null) {
-            return true;
-        }
-        long currentTime = System.currentTimeMillis()
-                - SDKGlobalConfiguration.getGlobalTimeOffset() * 1000;
-        long timeRemaining = userSession.getIdToken().getExpiration().getTime()
-                - currentTime;
-        return timeRemaining < (DEFAULT_THRESHOLD_SECONDS * 1000);
-    }
-
     /**
      * Call this method for valid, cached tokens for this user.
      *
@@ -651,36 +629,33 @@ private CognitoUserSession getCachedSession() {
             throw new CognitoNotAuthorizedException("User-ID is null");
         }
 
-        if (!needsNewSession(cipSession)) {
-            return cipSession;
+        if (cipSession != null) {
+            if (cipSession.isValid()) {
+                return cipSession;
+            }
         }
 
         // Read cached tokens
         CognitoUserSession cachedTokens = readCachedTokens();
 
-        // Return cached tokens if they are still valid with some margin
-        if (!needsNewSession(cachedTokens)) {
+        // Return cached tokens if they are still valid
+        if (cachedTokens.isValid()) {
             cipSession = cachedTokens;
-            return cipSession;
+            return  cipSession;
         }
 
+        // Clear any cached tokens, since none of them are valid.
+        clearCachedTokens();
+
         if (cachedTokens.getRefreshToken() != null) {
             // Use Refresh token to get new tokens
             try {
                 cipSession = refreshSessionInternal(cachedTokens.getRefreshToken());
                 cacheTokens(cipSession);
                 return cipSession;
-            } catch (CognitoNotAuthorizedException e) {
-                // Clear any cached tokens, since none of them are valid.
-                clearCachedTokens();
-                // Could not get new tokens from refresh. Should authenticate user.
-                throw new CognitoNotAuthorizedException("user is not authenticated",e);
-            } catch (AmazonClientException e) {
-                // General IO errors - not clearing cached tokens
-                throw new AmazonClientException("failed to get new tokens from refresh",e);
             } catch (Exception e) {
-                // Errors like NetworkOnMainThreadException etc - not clearing cached tokens.
-                throw new AmazonClientException("failed to get new tokens from refresh",e);
+                // Could not get new tokens from refresh. Should authenticate user.
+                throw new CognitoNotAuthorizedException("user is not authenticated");
             }
         }
         throw new CognitoNotAuthorizedException("user is not authenticated");
@@ -2043,7 +2018,7 @@ private CognitoUserSession refreshSessionInternal(CognitoRefreshToken refreshTok
                     cognitoIdentityProviderClient.refreshTokens(refreshTokensRequest);
             AuthenticationResultType authenticationResult = refreshTokensResult.getAuthenticationResult();
 
-            if (authenticationResult == null) {
+            if (authenticationResult != null) {
                 throw new CognitoNotAuthorizedException("user is not authenticated");
             }
 

aws-android-sdk-cognitoidentityprovider/src/main/java/com/amazonaws/mobileconnectors/cognitoidentityprovider/CognitoUserSession.java

@@ -17,7 +17,6 @@
 
 package com.amazonaws.mobileconnectors.cognitoidentityprovider;
 
-import com.amazonaws.SDKGlobalConfiguration;
 import com.amazonaws.mobileconnectors.cognitoidentityprovider.tokens.CognitoAccessToken;
 import com.amazonaws.mobileconnectors.cognitoidentityprovider.tokens.CognitoIdToken;
 import com.amazonaws.mobileconnectors.cognitoidentityprovider.tokens.CognitoRefreshToken;
@@ -28,8 +27,6 @@
  * This wraps all Cognito tokens for a user.
  */
 public class CognitoUserSession {
-    /** Default threshold for refreshing session credentials */
-    public static final int DEFAULT_THRESHOLD_SECONDS = 500;
     /**
      * Cognito identity token.
      */
@@ -91,8 +88,8 @@ public CognitoRefreshToken getRefreshToken() {
      * @return boolean to indicate if the access and id tokens have not expired.
      */
     public boolean isValid() {
-        Date currentTimeStamp = new Date(System.currentTimeMillis()
-                - SDKGlobalConfiguration.getGlobalTimeOffset() * 1000);
+        Date currentTimeStamp = new Date();
+        
         try {
             return (currentTimeStamp.before(idToken.getExpiration())
                     & currentTimeStamp.before(accessToken.getExpiration()));