feat(lib): allow to configure and customize a password generator for the temporary password

ProGM · ProGM · commit 60733ec155ad · 2023-04-27T11:01:09.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,14 @@
 # Changelog
 All notable changes to this project made by Monade Team are documented in this file. For info refer to team@monade.io
 
+## [1.1.0] - 2023-04-27
+### Added
+- A password generator that follows [Cognito policies](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-policies.html)
+
+### Fixed
+- Allow passing a custom password generator
+- Override default password generated when explicitly passing one to the model
+
 ## [1.0.0] - 2023-03-30
 ### Added
 - `sync_from_cognito!` to create users in the local database from cognito
diff --git a/lib/cognito_rails.rb b/lib/cognito_rails.rb
@@ -15,6 +15,7 @@ module CognitoRails
   autoload :Model
   autoload :User
   autoload :JWT
+  autoload :PasswordGenerator
 
   # @private
   module ModelInitializer
diff --git a/lib/cognito_rails/config.rb b/lib/cognito_rails/config.rb
@@ -19,7 +19,7 @@ def aws_client_credentials
       # @!attribute default_user_class [w]
       #   @return [String,nil]
       attr_writer :aws_client_credentials, :skip_model_hooks, :aws_region,
-                  :aws_user_pool_id, :default_user_class
+                  :aws_user_pool_id, :default_user_class, :password_generator
 
       # @return [Boolean] skip model hooks
       def skip_model_hooks
@@ -49,6 +49,10 @@ def aws_user_pool_id
       def default_user_class
         @default_user_class || (raise 'Missing config default_user_class')
       end
+
+      def password_generator
+        @password_generator || CognitoRails::PasswordGenerator.method(:generate)
+      end
     end
   end
 end
diff --git a/lib/cognito_rails/password_generator.rb b/lib/cognito_rails/password_generator.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module CognitoRails
+  class PasswordGenerator
+    NUMERIC = (0..9).to_a.freeze
+    LOWER_CASE = ('a'..'z').to_a.freeze
+    UPPER_CASE = ('A'..'Z').to_a.freeze
+    SPECIAL = [
+      '^', '$', '*', '.', '[', ']', '{', '}',
+      '(', ')', '?', '"', '!', '@', '#', '%',
+      '&', '/', '\\', ',', '>', '<', "'", ':',
+      ';', '|', '_', '~', '`', '=', '+', '-'
+    ].freeze
+
+    # Generates a random password given a length range
+    #
+    # @param range [Range]
+    # @return [String]
+    def self.generate(range = 8..16)
+      password_length = rand(range)
+      numeric_count = rand(1..(password_length-3))
+
+      lower_case_count = rand(1..(password_length-(numeric_count+2)))
+      upper_case_count = rand(1..(password_length-(numeric_count + lower_case_count + 1)))
+      special_count = password_length-(numeric_count + lower_case_count + upper_case_count)
+
+      numeric_characters = numeric_count.times.map { NUMERIC.sample }
+      lower_case_characters = lower_case_count.times.map { LOWER_CASE.sample }
+      upper_case_characters = upper_case_count.times.map { UPPER_CASE.sample }
+      special_characters = special_count.times.map { SPECIAL.sample }
+
+      (numeric_characters + lower_case_characters + upper_case_characters + special_characters).shuffle.join
+    end
+  end
+end
diff --git a/lib/cognito_rails/user.rb b/lib/cognito_rails/user.rb
@@ -39,7 +39,7 @@ class User
     def initialize(attributes = {})
       attributes = attributes.with_indifferent_access
       self.email = attributes[:email]
-      self.password = attributes[:password] || SecureRandom.urlsafe_base64
+      self.password = attributes[:password] || Config.password_generator.call
       self.phone = attributes[:phone]
       self.user_class = attributes[:user_class] || Config.default_user_class.constantize
       self.custom_attributes = attributes[:custom_attributes]
diff --git a/lib/cognito_rails/version.rb b/lib/cognito_rails/version.rb
@@ -2,5 +2,5 @@
 
 module CognitoRails
   # @return [String] gem version
-  VERSION = '1.0.0'
+  VERSION = '1.1.0'
 end
diff --git a/spec/cognito_rails/password_generator_spec.rb b/spec/cognito_rails/password_generator_spec.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe CognitoRails::PasswordGenerator do
+  it 'generates a password' do
+    expect(described_class.generate).to be_a(String)
+  end
+
+  it 'generates a password with the correct length' do
+    1000.times do
+      expect(described_class.generate(8..8).length).to eq(8)
+    end
+  end
+
+  it 'contains at least one letter, one number, one upper case letter, one symbol' do
+    1000.times do
+      password = described_class.generate
+      expect(password).to match(/[a-z]/)
+      expect(password).to match(/[A-Z]/)
+      expect(password).to match(/[0-9]/)
+      include_symbol = CognitoRails::PasswordGenerator::SPECIAL.any? do |symbol|
+        password.include?(symbol)
+      end
+      expect(include_symbol).to be_truthy
+    end
+  end
+end
diff --git a/spec/cognito_rails/user_spec.rb b/spec/cognito_rails/user_spec.rb
@@ -82,6 +82,21 @@
       user.destroy!
     end
 
+    it 'uses the password generator defined in config' do
+      CognitoRails::Config.password_generator = -> { 'ciao' }
+      expect(CognitoRails::User).to receive(:cognito_client).at_least(:once).and_return(fake_cognito_client)
+
+      expect(fake_cognito_client).to receive(:admin_create_user).with(
+        hash_including(
+          temporary_password: 'ciao'
+        )
+      )
+      user = User.new(email: sample_cognito_email)
+      user.save!
+    ensure
+      CognitoRails::Config.password_generator = nil
+    end
+
     it 'uses the custom password passed as parameter' do
       expect(CognitoRails::User).to receive(:cognito_client).at_least(:once).and_return(fake_cognito_client)
 
