Search in sources :

Example 1 with RespondToAuthChallengeResult

use of com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult in project aws-sdk-android by aws-amplify.

the class CognitoUser method handleChallenge.

/**
 * Determines the next step from the challenge. This takes an object of type
 * {@link InitiateAuthResult} as parameter and creates an object of type
 * {@link RespondToAuthChallengeResult} and calls
 * {@code handleChallenge(RespondToAuthChallengeResult challenge, final AuthenticationHandler callback)}
 * method.
 *
 * @param clientMetadata A map of custom key-value pairs that is passed to the lambda function for
 *                       custom workflow.
 * @param authResult REQUIRED: Result from the {@code initiateAuth(...)}
 *            method.
 * @param callback REQUIRED: Callback for type {@link AuthenticationHandler}
 * @param runInBackground REQUIRED: Boolean to indicate the current
 *            threading.
 * @return {@link Runnable} for the next step in user authentication.
 */
private Runnable handleChallenge(final Map<String, String> clientMetadata, final InitiateAuthResult authResult, final AuthenticationDetails authenticationDetails, final AuthenticationHandler callback, final boolean runInBackground) {
    try {
        final RespondToAuthChallengeResult challenge = new RespondToAuthChallengeResult();
        challenge.setChallengeName(authResult.getChallengeName());
        challenge.setSession(authResult.getSession());
        challenge.setAuthenticationResult(authResult.getAuthenticationResult());
        challenge.setChallengeParameters(authResult.getChallengeParameters());
        return handleChallenge(clientMetadata, challenge, authenticationDetails, callback, runInBackground);
    } catch (final Exception e) {
        return new Runnable() {

            @Override
            public void run() {
                callback.onFailure(e);
            }
        };
    }
}
Also used : RespondToAuthChallengeResult(com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CognitoInternalErrorException(com.amazonaws.mobileconnectors.cognitoidentityprovider.exceptions.CognitoInternalErrorException) UserNotFoundException(com.amazonaws.services.cognitoidentityprovider.model.UserNotFoundException) CognitoParameterInvalidException(com.amazonaws.mobileconnectors.cognitoidentityprovider.exceptions.CognitoParameterInvalidException) NotAuthorizedException(com.amazonaws.services.cognitoidentityprovider.model.NotAuthorizedException) ResourceNotFoundException(com.amazonaws.services.cognitoidentityprovider.model.ResourceNotFoundException) InvalidParameterException(com.amazonaws.services.cognitoidentityprovider.model.InvalidParameterException) CognitoNotAuthorizedException(com.amazonaws.mobileconnectors.cognitoidentityprovider.exceptions.CognitoNotAuthorizedException)

Example 2 with RespondToAuthChallengeResult

use of com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult in project aws-sdk-android by aws-amplify.

the class CognitoIdentityProviderSignInUserTest method init.

@Before
public void init() throws Exception {
    // Initialization function
    MockitoAnnotations.initMocks(this);
    testPool = new CognitoUserPool(appContext, TEST_USER_POOL, TEST_CLIENT_ID, TEST_CLIENT_SECRET, mockCSIClient);
    testUser = testPool.getUser(TEST_USER_NAME);
    String challengeNameNull = null;
    // Set challenge (response from service) for user SRP auth
    Map<String, String> initUserSRPAuthchallengeParameters = new HashMap<String, String>();
    initUserSRPAuthchallengeParameters.put("SRP_B", BigInteger.valueOf(3).toString(16));
    initUserSRPAuthchallengeParameters.put("SALT", BigInteger.valueOf(3).toString(16));
    initUserSRPAuthchallengeParameters.put("SECRET_BLOCK", "TEST_SECRET_BLOCK");
    initUserSRPAuthchallengeParameters.put("USER_ID_FOR_SRP", TEST_USER_NAME);
    initUserSRPAuthchallengeParameters.put("USERNAME", TEST_USER_NAME);
    TEST_VALID_INITIATE_USER_SRP_AUTH_RESPONSE = new InitiateAuthResult();
    TEST_VALID_INITIATE_USER_SRP_AUTH_RESPONSE.setChallengeName("PASSWORD_VERIFIER");
    TEST_VALID_INITIATE_USER_SRP_AUTH_RESPONSE.setSession("DummySession");
    TEST_VALID_INITIATE_USER_SRP_AUTH_RESPONSE.setChallengeParameters(initUserSRPAuthchallengeParameters);
    TEST_VALID_INITIATE_USER_SRP_AUTH_RESPONSE.setAuthenticationResult(null);
    // Set challenge (response from service) for user MFA challenge
    Map<String, String> mfaChallengeParameters = new HashMap<String, String>();
    mfaChallengeParameters.put("username", TEST_USER_NAME);
    mfaChallengeParameters.put("CODE_DELIVERY_DESTINATION", TEST_CODE_DESTINA);
    mfaChallengeParameters.put("CODE_DELIVERY_DELIVERY_MEDIUM", TEST_CODE_DEL_MED);
    TEST_VALID_MFA_CHALLENGE_RESPONSE = new RespondToAuthChallengeResult();
    TEST_VALID_MFA_CHALLENGE_RESPONSE.setChallengeName("SMS_MFA");
    TEST_VALID_MFA_CHALLENGE_RESPONSE.setSession("DummyMFASession");
    TEST_VALID_MFA_CHALLENGE_RESPONSE.setChallengeParameters(mfaChallengeParameters);
    TEST_VALID_MFA_CHALLENGE_RESPONSE.setAuthenticationResult(null);
    // Set challenge (response from service) for device authentication
    Map<String, String> deviceAuthChallengeParameters = new HashMap<String, String>();
    deviceAuthChallengeParameters.put("username", TEST_USER_NAME);
    TEST_VALID_DEVICE_AUTH_RESPONSE = new RespondToAuthChallengeResult();
    TEST_VALID_DEVICE_AUTH_RESPONSE.setChallengeName("DEVICE_SRP_AUTH");
    TEST_VALID_DEVICE_AUTH_RESPONSE.setChallengeParameters(deviceAuthChallengeParameters);
    TEST_VALID_DEVICE_AUTH_RESPONSE.setAuthenticationResult(null);
    // Set challenge (response from service) for device SRP verification
    Map<String, String> deviceSRPChallengeParameters = new HashMap<String, String>();
    deviceSRPChallengeParameters.put("SRP_B", BigInteger.valueOf(3).toString(16));
    deviceSRPChallengeParameters.put("SALT", BigInteger.valueOf(3).toString(16));
    deviceSRPChallengeParameters.put("SECRET_BLOCK", "TEST_SECRET_BLOCK");
    deviceSRPChallengeParameters.put("USERNAME", TEST_USER_NAME);
    TEST_VALID_DEVICE_SRP_RESPONSE = new RespondToAuthChallengeResult();
    TEST_VALID_DEVICE_SRP_RESPONSE.setChallengeName("DEVICE_SRP_AUTH");
    TEST_VALID_DEVICE_SRP_RESPONSE.setChallengeParameters(deviceSRPChallengeParameters);
    TEST_VALID_DEVICE_SRP_RESPONSE.setAuthenticationResult(null);
    // Set challenge (response from service) with tokens and no device - for when authentication is successful
    AuthenticationResultType tokensWithoutDevice = new AuthenticationResultType();
    tokensWithoutDevice.setAccessToken(getValidJWT(3600L));
    tokensWithoutDevice.setIdToken(getValidJWT(3600L));
    tokensWithoutDevice.setRefreshToken(TEST_NEW_RTOKEN);
    tokensWithoutDevice.setTokenType("DUMMY");
    tokensWithoutDevice.setExpiresIn(10);
    tokensWithoutDevice.setNewDeviceMetadata(null);
    TEST_VALID_SUCCESSFUL_AUTH_RESPONSE = new RespondToAuthChallengeResult();
    TEST_VALID_SUCCESSFUL_AUTH_RESPONSE.setChallengeName(challengeNameNull);
    TEST_VALID_SUCCESSFUL_AUTH_RESPONSE.setChallengeParameters(null);
    TEST_VALID_SUCCESSFUL_AUTH_RESPONSE.setAuthenticationResult(tokensWithoutDevice);
    // Set challenge (response from service) with tokens and new device - for when authentication is successful
    NewDeviceMetadataType newUserDevice = new NewDeviceMetadataType();
    newUserDevice.setDeviceKey(TEST_DEVICE_KEY);
    newUserDevice.setDeviceGroupKey(TEST_DEV_GRP_KEY);
    AuthenticationResultType tokensWithNewDevice = new AuthenticationResultType();
    tokensWithNewDevice.setAccessToken(getValidJWT(3600L));
    tokensWithNewDevice.setIdToken(getValidJWT(3600L));
    tokensWithNewDevice.setRefreshToken(TEST_NEW_RTOKEN);
    tokensWithNewDevice.setTokenType("DUMMY");
    tokensWithNewDevice.setExpiresIn(10);
    tokensWithNewDevice.setNewDeviceMetadata(newUserDevice);
    TEST_VALID_SUCCESSFUL_AUTH_WITH_NEW_DEVICE_RESPONSE = new RespondToAuthChallengeResult();
    TEST_VALID_SUCCESSFUL_AUTH_WITH_NEW_DEVICE_RESPONSE.setChallengeName(challengeNameNull);
    TEST_VALID_SUCCESSFUL_AUTH_WITH_NEW_DEVICE_RESPONSE.setChallengeParameters(null);
    TEST_VALID_SUCCESSFUL_AUTH_WITH_NEW_DEVICE_RESPONSE.setAuthenticationResult(tokensWithNewDevice);
    // Set challenge (response from service) for user SRP auth
    Map<String, String> initUserPasswordAuthchallengeParameters = new HashMap<String, String>();
    initUserSRPAuthchallengeParameters.put("USER_ID_FOR_SRP", TEST_USER_NAME);
    initUserSRPAuthchallengeParameters.put("USERNAME", TEST_USER_NAME);
    TEST_VALID_INITIATE_USER_PASSWORD_AUTH_RESPONSE = new InitiateAuthResult();
    TEST_VALID_INITIATE_USER_PASSWORD_AUTH_RESPONSE.setChallengeName("PASSWORD_VERIFIER");
    TEST_VALID_INITIATE_USER_PASSWORD_AUTH_RESPONSE.setSession("DummySession");
    TEST_VALID_INITIATE_USER_PASSWORD_AUTH_RESPONSE.setChallengeParameters(initUserPasswordAuthchallengeParameters);
    TEST_VALID_INITIATE_USER_PASSWORD_AUTH_RESPONSE.setAuthenticationResult(tokensWithoutDevice);
    awsKeyValueStorageUtility = getAWSKeyValueStorageUtility(testPool);
}
Also used : NewDeviceMetadataType(com.amazonaws.services.cognitoidentityprovider.model.NewDeviceMetadataType) CognitoUserPool(com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUserPool) InitiateAuthResult(com.amazonaws.services.cognitoidentityprovider.model.InitiateAuthResult) HashMap(java.util.HashMap) RespondToAuthChallengeResult(com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult) AuthenticationResultType(com.amazonaws.services.cognitoidentityprovider.model.AuthenticationResultType) Before(org.junit.Before)

Example 3 with RespondToAuthChallengeResult

use of com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult in project aws-sdk-android by aws-amplify.

the class CognitoUser method deviceSrpAuthentication.

/**
 * Performs device SRP authentication to identify remembered devices.
 * Restarts authentication if the device verification does not succeed.
 *
 * @param clientMetadata A map of custom key-value pairs that is passed to the lambda function for
 *                       custom workflow.
 * @param challenge REQUIRED: {@link RespondToAuthChallengeResult}, contains
 *            the current challenge.
 * @param callback REQUIRED: {@link AuthenticationHandler} callback.
 * @param runInBackground REQUIRED: Boolean to indicate the current
 *            threading.
 * @return {@link Runnable} for the next step in user authentication.
 */
private Runnable deviceSrpAuthentication(final Map<String, String> clientMetadata, final RespondToAuthChallengeResult challenge, final AuthenticationHandler callback, final boolean runInBackground) {
    final String deviceSecret = CognitoDeviceHelper.getDeviceSecret(usernameInternal, pool.getUserPoolId(), context);
    final String deviceGroupKey = CognitoDeviceHelper.getDeviceGroupKey(usernameInternal, pool.getUserPoolId(), context);
    final AuthenticationHelper authenticationHelper = new AuthenticationHelper(deviceGroupKey);
    final RespondToAuthChallengeRequest devicesAuthRequest = initiateDevicesAuthRequest(clientMetadata, challenge, authenticationHelper);
    try {
        final RespondToAuthChallengeResult initiateDeviceAuthResult = cognitoIdentityProviderClient.respondToAuthChallenge(devicesAuthRequest);
        if (CognitoServiceConstants.CHLG_TYPE_DEVICE_PASSWORD_VERIFIER.equals(initiateDeviceAuthResult.getChallengeName())) {
            final RespondToAuthChallengeRequest challengeResponse = deviceSrpAuthRequest(clientMetadata, initiateDeviceAuthResult, deviceSecret, deviceGroupKey, authenticationHelper);
            final RespondToAuthChallengeResult deviceSRPAuthResult = cognitoIdentityProviderClient.respondToAuthChallenge(challengeResponse);
            return handleChallenge(clientMetadata, deviceSRPAuthResult, null, callback, runInBackground);
        } else {
            return handleChallenge(clientMetadata, initiateDeviceAuthResult, null, callback, runInBackground);
        }
    } catch (final NotAuthorizedException na) {
        final CognitoUser cognitoUser = this;
        CognitoDeviceHelper.clearCachedDevice(usernameInternal, pool.getUserPoolId(), context);
        return new Runnable() {

            @Override
            public void run() {
                final AuthenticationContinuation authenticationContinuation = new AuthenticationContinuation(cognitoUser, context, runInBackground, callback);
                authenticationContinuation.setClientMetaData(clientMetadata);
                callback.getAuthenticationDetails(authenticationContinuation, cognitoUser.getUserId());
            }
        };
    } catch (final Exception e) {
        return new Runnable() {

            @Override
            public void run() {
                callback.onFailure(e);
            }
        };
    }
}
Also used : MultiFactorAuthenticationContinuation(com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.MultiFactorAuthenticationContinuation) AuthenticationContinuation(com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.AuthenticationContinuation) RespondToAuthChallengeResult(com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult) RespondToAuthChallengeRequest(com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeRequest) NotAuthorizedException(com.amazonaws.services.cognitoidentityprovider.model.NotAuthorizedException) CognitoNotAuthorizedException(com.amazonaws.mobileconnectors.cognitoidentityprovider.exceptions.CognitoNotAuthorizedException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CognitoInternalErrorException(com.amazonaws.mobileconnectors.cognitoidentityprovider.exceptions.CognitoInternalErrorException) UserNotFoundException(com.amazonaws.services.cognitoidentityprovider.model.UserNotFoundException) CognitoParameterInvalidException(com.amazonaws.mobileconnectors.cognitoidentityprovider.exceptions.CognitoParameterInvalidException) NotAuthorizedException(com.amazonaws.services.cognitoidentityprovider.model.NotAuthorizedException) ResourceNotFoundException(com.amazonaws.services.cognitoidentityprovider.model.ResourceNotFoundException) InvalidParameterException(com.amazonaws.services.cognitoidentityprovider.model.InvalidParameterException) CognitoNotAuthorizedException(com.amazonaws.mobileconnectors.cognitoidentityprovider.exceptions.CognitoNotAuthorizedException)

Example 4 with RespondToAuthChallengeResult

use of com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult in project aws-sdk-android by aws-amplify.

the class CognitoUserPoolTest method setupMock.

private void setupMock(String userName) {
    HashMap<String, String> parameters = new HashMap<>();
    parameters.put(CognitoServiceConstants.CHLG_PARAM_USERNAME, userName);
    parameters.put(CognitoServiceConstants.CHLG_PARAM_SRP_B, "1");
    parameters.put(CognitoServiceConstants.CHLG_PARAM_SALT, "1234");
    parameters.put(CognitoServiceConstants.CHLG_PARAM_USER_ID_FOR_SRP, userName);
    when(mockProvider.initiateAuth(any(InitiateAuthRequest.class))).thenAnswer(answer -> {
        Log.i("Test", "Inside mock initiateAuth");
        return new InitiateAuthResult().withChallengeName(CognitoServiceConstants.CHLG_TYPE_USER_PASSWORD_VERIFIER).withChallengeParameters(parameters);
    });
    when(mockProvider.respondToAuthChallenge(any(RespondToAuthChallengeRequest.class))).thenAnswer(answer -> {
        String validJWT = getValidJWT(360);
        return new RespondToAuthChallengeResult().withAuthenticationResult(new AuthenticationResultType().withAccessToken(validJWT).withIdToken(validJWT));
    });
}
Also used : InitiateAuthRequest(com.amazonaws.services.cognitoidentityprovider.model.InitiateAuthRequest) InitiateAuthResult(com.amazonaws.services.cognitoidentityprovider.model.InitiateAuthResult) HashMap(java.util.HashMap) RespondToAuthChallengeResult(com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult) RespondToAuthChallengeRequest(com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeRequest) AuthenticationResultType(com.amazonaws.services.cognitoidentityprovider.model.AuthenticationResultType)

Example 5 with RespondToAuthChallengeResult

use of com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult in project aws-sdk-android by aws-amplify.

the class MultiFactorAuthenticationContinuationTest method setMetadataAndContinueTask.

/**
 * What happens when we try to pass client metadata into the handler?
 * @throws InterruptedException If {@link CountDownRunnable} is interrupted while pending result
 */
@Test
public void setMetadataAndContinueTask() throws InterruptedException {
    AuthenticationHandler handler = mock(AuthenticationHandler.class);
    CognitoUser user = mock(CognitoUser.class);
    String mfaCode = "mfa";
    Map<String, String> metadata = Collections.singletonMap("blacklives", "matter");
    RespondToAuthChallengeResult result = new RespondToAuthChallengeResult();
    MultiFactorAuthenticationContinuation multiFactorAuthenticationContinuation = new MultiFactorAuthenticationContinuation(user, getApplicationContext(), result, false, handler);
    multiFactorAuthenticationContinuation.setClientMetaData(metadata);
    multiFactorAuthenticationContinuation.setMfaCode(mfaCode);
    CountDownRunnable countDownRunnable = CountDownRunnable.create();
    doReturn(countDownRunnable).when(user).respondToMfaChallenge(eq(metadata), eq(mfaCode), eq(result), eq(handler), eq(false));
    // Act: continue task
    multiFactorAuthenticationContinuation.continueTask();
    // Assert: action was invoked
    assertTrue(countDownRunnable.await(5, TimeUnit.SECONDS));
    assertEquals(metadata, multiFactorAuthenticationContinuation.getClientMetaData());
}
Also used : RespondToAuthChallengeResult(com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult) AuthenticationHandler(com.amazonaws.mobileconnectors.cognitoidentityprovider.handlers.AuthenticationHandler) CognitoUser(com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser) Test(org.junit.Test)

Aggregations

RespondToAuthChallengeResult (com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeResult)5 CognitoInternalErrorException (com.amazonaws.mobileconnectors.cognitoidentityprovider.exceptions.CognitoInternalErrorException)2 CognitoNotAuthorizedException (com.amazonaws.mobileconnectors.cognitoidentityprovider.exceptions.CognitoNotAuthorizedException)2 CognitoParameterInvalidException (com.amazonaws.mobileconnectors.cognitoidentityprovider.exceptions.CognitoParameterInvalidException)2 AuthenticationResultType (com.amazonaws.services.cognitoidentityprovider.model.AuthenticationResultType)2 InitiateAuthResult (com.amazonaws.services.cognitoidentityprovider.model.InitiateAuthResult)2 InvalidParameterException (com.amazonaws.services.cognitoidentityprovider.model.InvalidParameterException)2 NotAuthorizedException (com.amazonaws.services.cognitoidentityprovider.model.NotAuthorizedException)2 ResourceNotFoundException (com.amazonaws.services.cognitoidentityprovider.model.ResourceNotFoundException)2 RespondToAuthChallengeRequest (com.amazonaws.services.cognitoidentityprovider.model.RespondToAuthChallengeRequest)2 UserNotFoundException (com.amazonaws.services.cognitoidentityprovider.model.UserNotFoundException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 HashMap (java.util.HashMap)2 CognitoUser (com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUser)1 CognitoUserPool (com.amazonaws.mobileconnectors.cognitoidentityprovider.CognitoUserPool)1 AuthenticationContinuation (com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.AuthenticationContinuation)1 MultiFactorAuthenticationContinuation (com.amazonaws.mobileconnectors.cognitoidentityprovider.continuations.MultiFactorAuthenticationContinuation)1 AuthenticationHandler (com.amazonaws.mobileconnectors.cognitoidentityprovider.handlers.AuthenticationHandler)1 InitiateAuthRequest (com.amazonaws.services.cognitoidentityprovider.model.InitiateAuthRequest)1 NewDeviceMetadataType (com.amazonaws.services.cognitoidentityprovider.model.NewDeviceMetadataType)1