use of com.amplifyframework.api.aws.AuthorizationType in project amplify-android by aws-amplify.
the class AuthRuleRequestDecoratorTest method ownerArgumentNotAddedForNonOwnerBasedAuth.
/**
* Verify owner argument is NOT added if authStrategy is not OWNER.
* @throws AmplifyException if a ModelSchema can't be derived from the Model class.
*/
@Test
public void ownerArgumentNotAddedForNonOwnerBasedAuth() throws AmplifyException {
final AuthorizationType mode = AuthorizationType.AMAZON_COGNITO_USER_POOLS;
// Public class opens up every operation to the public
for (SubscriptionType subscriptionType : SubscriptionType.values()) {
GraphQLRequest<Public> originalRequest = createRequest(Public.class, subscriptionType);
GraphQLRequest<Public> modifiedRequest = decorator.decorate(originalRequest, mode);
assertNull(getOwnerField(modifiedRequest));
}
// Private class only allows the correct IAM user
for (SubscriptionType subscriptionType : SubscriptionType.values()) {
GraphQLRequest<Private> originalRequest = createRequest(Private.class, subscriptionType);
GraphQLRequest<Private> modifiedRequest = decorator.decorate(originalRequest, mode);
assertNull(getOwnerField(modifiedRequest));
}
// Group class only has group-based auth enabled
for (SubscriptionType subscriptionType : SubscriptionType.values()) {
GraphQLRequest<Group> originalRequest = createRequest(Group.class, subscriptionType);
GraphQLRequest<Group> modifiedRequest = decorator.decorate(originalRequest, mode);
assertNull(getOwnerField(modifiedRequest));
}
// Custom auth with function provider does not add owner field.
for (SubscriptionType subscriptionType : SubscriptionType.values()) {
GraphQLRequest<CustomFunction> originalRequest = createRequest(CustomFunction.class, subscriptionType);
GraphQLRequest<CustomFunction> modifiedRequest = decorator.decorate(originalRequest, mode);
assertNull(getOwnerField(modifiedRequest));
}
}
use of com.amplifyframework.api.aws.AuthorizationType in project amplify-android by aws-amplify.
the class MultiAuthSyncEngineInstrumentationTest method configure.
/**
* Method used to configure each scenario.
* @param modelType The model type.
* @param signInToCognito Does the test scenario require the user to be logged in with user pools.
* @param signInWithOidc Does the test scenario require the user to be logged in with an OIDC provider.
* @param expectedAuthType The auth type that should succeed for the test.
* @throws AmplifyException No expected.
* @throws IOException Not expected.
*/
private void configure(Class<? extends Model> modelType, boolean signInToCognito, boolean signInWithOidc, AuthorizationType expectedAuthType) throws AmplifyException, IOException {
Amplify.addPlugin(new AndroidLoggingPlugin(LogLevel.VERBOSE));
String tag = modelType.getSimpleName();
MultiAuthTestModelProvider modelProvider = MultiAuthTestModelProvider.getInstance(Collections.singletonList(modelType));
SchemaRegistry schemaRegistry = SchemaRegistry.instance();
ModelSchema modelSchema = ModelSchema.fromModelClass(modelType);
schemaRegistry.register(modelType.getSimpleName(), modelSchema);
StrictMode.enable();
Context context = getApplicationContext();
@RawRes int configResourceId = Resources.getRawResourceId(context, "amplifyconfiguration");
AmplifyConfiguration amplifyConfiguration = AmplifyConfiguration.fromConfigFile(context, configResourceId);
readCredsFromConfig(context);
// Setup an auth plugin
CategoryConfiguration authCategoryConfiguration = amplifyConfiguration.forCategoryType(CategoryType.AUTH);
// Turn off persistence so the mobile client's state for one test does not interfere with the others.
try {
authCategoryConfiguration.getPluginConfig("awsCognitoAuthPlugin").getJSONObject("Auth").getJSONObject("Default").put("Persistence", false);
} catch (JSONException exception) {
exception.printStackTrace();
fail();
return;
}
AuthCategory authCategory = new AuthCategory();
AWSCognitoAuthPlugin authPlugin = new AWSCognitoAuthPlugin();
authCategory.addPlugin(authPlugin);
authCategory.configure(authCategoryConfiguration, context);
auth = SynchronousAuth.delegatingTo(authCategory);
if (signInToCognito) {
Log.v(tag, "Test requires signIn.");
AuthSignInResult authSignInResult = auth.signIn(cognitoUser, cognitoPassword);
if (!authSignInResult.isSignInComplete()) {
fail("Unable to complete initial sign-in");
}
}
if (signInWithOidc) {
oidcLogin();
if (token.get() == null) {
fail("Unable to autenticate with OIDC provider");
}
}
// Setup an API
DefaultCognitoUserPoolsAuthProvider cognitoProvider = new DefaultCognitoUserPoolsAuthProvider(authPlugin.getEscapeHatch());
CategoryConfiguration apiCategoryConfiguration = amplifyConfiguration.forCategoryType(CategoryType.API);
ApiAuthProviders apiAuthProviders = ApiAuthProviders.builder().cognitoUserPoolsAuthProvider(cognitoProvider).awsCredentialsProvider(authPlugin.getEscapeHatch()).oidcAuthProvider(token::get).build();
ApiCategory apiCategory = new ApiCategory();
requestInterceptor = new HttpRequestInterceptor(expectedAuthType);
apiCategory.addPlugin(AWSApiPlugin.builder().configureClient("DataStoreIntegTestsApi", okHttpClientBuilder -> okHttpClientBuilder.addInterceptor(requestInterceptor)).apiAuthProviders(apiAuthProviders).build());
apiCategory.configure(apiCategoryConfiguration, context);
api = SynchronousApi.delegatingTo(apiCategory);
// Setup DataStore
DataStoreConfiguration dsConfig = DataStoreConfiguration.builder().errorHandler(exception -> Log.e(tag, "DataStore error handler received an error.", exception)).syncExpression(modelSchema.getName(), () -> Where.id("FAKE_ID").getQueryPredicate()).build();
CategoryConfiguration dataStoreCategoryConfiguration = AmplifyConfiguration.fromConfigFile(context, configResourceId).forCategoryType(CategoryType.DATASTORE);
String databaseName = "IntegTest" + modelType.getSimpleName() + ".db";
SQLiteStorageAdapter sqLiteStorageAdapter = TestStorageAdapter.create(schemaRegistry, modelProvider, databaseName);
AWSDataStorePlugin awsDataStorePlugin = AWSDataStorePlugin.builder().storageAdapter(sqLiteStorageAdapter).modelProvider(modelProvider).apiCategory(apiCategory).authModeStrategy(AuthModeStrategyType.MULTIAUTH).schemaRegistry(schemaRegistry).dataStoreConfiguration(dsConfig).build();
DataStoreCategory dataStoreCategory = new DataStoreCategory();
dataStoreCategory.addPlugin(awsDataStorePlugin);
dataStoreCategory.configure(dataStoreCategoryConfiguration, context);
dataStoreCategory.initialize(context);
dataStore = SynchronousDataStore.delegatingTo(dataStoreCategory);
}
use of com.amplifyframework.api.aws.AuthorizationType in project amplify-android by aws-amplify.
the class AuthRuleRequestDecoratorTest method ownerArgumentAddedIfOwnerIsNotInCustomGroup.
/**
* Verify owner argument is added if model contains both owner-based and group-based
* authorization and the user is not in any read-restricted group.
* @throws AmplifyException if a ModelSchema can't be derived from the Model class.
*/
@Test
public void ownerArgumentAddedIfOwnerIsNotInCustomGroup() throws AmplifyException {
final AuthorizationType mode = AuthorizationType.OPENID_CONNECT;
final String expectedOwner = FakeOidcAuthProvider.SUB;
// but user is not in the read-restricted custom group.
for (SubscriptionType subscriptionType : SubscriptionType.values()) {
GraphQLRequest<OwnerNotInCustomGroup> originalRequest = createRequest(OwnerNotInCustomGroup.class, subscriptionType);
GraphQLRequest<OwnerNotInCustomGroup> modifiedRequest = decorator.decorate(originalRequest, mode);
assertEquals(expectedOwner, getOwnerField(modifiedRequest));
}
}
use of com.amplifyframework.api.aws.AuthorizationType in project amplify-android by aws-amplify.
the class AuthRuleRequestDecoratorTest method ownerArgumentNotAddedForNonRestrictedReadWithUserPools.
/**
* Verify owner argument is NOT required if the subscription type is not one of the restricted operations.
* @throws AmplifyException if a ModelSchema can't be derived from the Model class.
*/
@Test
public void ownerArgumentNotAddedForNonRestrictedReadWithUserPools() throws AmplifyException {
final AuthorizationType mode = AuthorizationType.AMAZON_COGNITO_USER_POOLS;
// OwnerCreate class only has restriction on CREATE
for (SubscriptionType subscriptionType : SubscriptionType.values()) {
GraphQLRequest<OwnerCreate> originalRequest = createRequest(OwnerCreate.class, subscriptionType);
GraphQLRequest<OwnerCreate> modifiedRequest = decorator.decorate(originalRequest, mode);
assertNull(getOwnerField(modifiedRequest));
}
// OwnerUpdate class only has restriction on UPDATE
for (SubscriptionType subscriptionType : SubscriptionType.values()) {
GraphQLRequest<OwnerUpdate> originalRequest = createRequest(OwnerUpdate.class, subscriptionType);
GraphQLRequest<OwnerUpdate> modifiedRequest = decorator.decorate(originalRequest, mode);
assertNull(getOwnerField(modifiedRequest));
}
// OwnerDelete class only has restriction on DELETE
for (SubscriptionType subscriptionType : SubscriptionType.values()) {
GraphQLRequest<OwnerDelete> originalRequest = createRequest(OwnerDelete.class, subscriptionType);
GraphQLRequest<OwnerDelete> modifiedRequest = decorator.decorate(originalRequest, mode);
assertNull(getOwnerField(modifiedRequest));
}
}
use of com.amplifyframework.api.aws.AuthorizationType in project amplify-android by aws-amplify.
the class AuthRuleRequestDecoratorTest method ownerArgumentAddedForRestrictedReadWithUserPools.
/**
* Verify that owner argument is required for all subscriptions if ModelOperation.READ is specified
* while using Cognito User Pools auth mode.
* @throws AmplifyException if a ModelSchema can't be derived from the Model class.
*/
@Test
public void ownerArgumentAddedForRestrictedReadWithUserPools() throws AmplifyException {
final AuthorizationType mode = AuthorizationType.AMAZON_COGNITO_USER_POOLS;
final String expectedOwner = FakeCognitoAuthProvider.USERNAME;
// Owner class has restriction on every operation including READ
for (SubscriptionType subscriptionType : SubscriptionType.values()) {
GraphQLRequest<Owner> originalRequest = createRequest(Owner.class, subscriptionType);
GraphQLRequest<Owner> modifiedRequest = decorator.decorate(originalRequest, mode);
assertEquals(expectedOwner, getOwnerField(modifiedRequest));
}
// OwnerRead class only has restriction on READ
for (SubscriptionType subscriptionType : SubscriptionType.values()) {
GraphQLRequest<OwnerRead> originalRequest = createRequest(OwnerRead.class, subscriptionType);
GraphQLRequest<OwnerRead> modifiedRequest = decorator.decorate(originalRequest, mode);
assertEquals(expectedOwner, getOwnerField(modifiedRequest));
}
}
Aggregations