Search in sources :

Example 6 with AuthorizationType

use of com.amplifyframework.api.aws.AuthorizationType in project amplify-android by aws-amplify.

the class AuthRuleRequestDecoratorTest method ownerArgumentNotAddedForNonOwnerBasedAuth.

/**
 * Verify owner argument is NOT added if authStrategy is not OWNER.
 * @throws AmplifyException if a ModelSchema can't be derived from the Model class.
 */
@Test
public void ownerArgumentNotAddedForNonOwnerBasedAuth() throws AmplifyException {
    final AuthorizationType mode = AuthorizationType.AMAZON_COGNITO_USER_POOLS;
    // Public class opens up every operation to the public
    for (SubscriptionType subscriptionType : SubscriptionType.values()) {
        GraphQLRequest<Public> originalRequest = createRequest(Public.class, subscriptionType);
        GraphQLRequest<Public> modifiedRequest = decorator.decorate(originalRequest, mode);
        assertNull(getOwnerField(modifiedRequest));
    }
    // Private class only allows the correct IAM user
    for (SubscriptionType subscriptionType : SubscriptionType.values()) {
        GraphQLRequest<Private> originalRequest = createRequest(Private.class, subscriptionType);
        GraphQLRequest<Private> modifiedRequest = decorator.decorate(originalRequest, mode);
        assertNull(getOwnerField(modifiedRequest));
    }
    // Group class only has group-based auth enabled
    for (SubscriptionType subscriptionType : SubscriptionType.values()) {
        GraphQLRequest<Group> originalRequest = createRequest(Group.class, subscriptionType);
        GraphQLRequest<Group> modifiedRequest = decorator.decorate(originalRequest, mode);
        assertNull(getOwnerField(modifiedRequest));
    }
    // Custom auth with function provider does not add owner field.
    for (SubscriptionType subscriptionType : SubscriptionType.values()) {
        GraphQLRequest<CustomFunction> originalRequest = createRequest(CustomFunction.class, subscriptionType);
        GraphQLRequest<CustomFunction> modifiedRequest = decorator.decorate(originalRequest, mode);
        assertNull(getOwnerField(modifiedRequest));
    }
}
Also used : SubscriptionType(com.amplifyframework.api.graphql.SubscriptionType) AuthorizationType(com.amplifyframework.api.aws.AuthorizationType) Test(org.junit.Test)

Example 7 with AuthorizationType

use of com.amplifyframework.api.aws.AuthorizationType in project amplify-android by aws-amplify.

the class MultiAuthSyncEngineInstrumentationTest method configure.

/**
 * Method used to configure each scenario.
 * @param modelType The model type.
 * @param signInToCognito Does the test scenario require the user to be logged in with user pools.
 * @param signInWithOidc Does the test scenario require the user to be logged in with an OIDC provider.
 * @param expectedAuthType The auth type that should succeed for the test.
 * @throws AmplifyException No expected.
 * @throws IOException Not expected.
 */
private void configure(Class<? extends Model> modelType, boolean signInToCognito, boolean signInWithOidc, AuthorizationType expectedAuthType) throws AmplifyException, IOException {
    Amplify.addPlugin(new AndroidLoggingPlugin(LogLevel.VERBOSE));
    String tag = modelType.getSimpleName();
    MultiAuthTestModelProvider modelProvider = MultiAuthTestModelProvider.getInstance(Collections.singletonList(modelType));
    SchemaRegistry schemaRegistry = SchemaRegistry.instance();
    ModelSchema modelSchema = ModelSchema.fromModelClass(modelType);
    schemaRegistry.register(modelType.getSimpleName(), modelSchema);
    StrictMode.enable();
    Context context = getApplicationContext();
    @RawRes int configResourceId = Resources.getRawResourceId(context, "amplifyconfiguration");
    AmplifyConfiguration amplifyConfiguration = AmplifyConfiguration.fromConfigFile(context, configResourceId);
    readCredsFromConfig(context);
    // Setup an auth plugin
    CategoryConfiguration authCategoryConfiguration = amplifyConfiguration.forCategoryType(CategoryType.AUTH);
    // Turn off persistence so the mobile client's state for one test does not interfere with the others.
    try {
        authCategoryConfiguration.getPluginConfig("awsCognitoAuthPlugin").getJSONObject("Auth").getJSONObject("Default").put("Persistence", false);
    } catch (JSONException exception) {
        exception.printStackTrace();
        fail();
        return;
    }
    AuthCategory authCategory = new AuthCategory();
    AWSCognitoAuthPlugin authPlugin = new AWSCognitoAuthPlugin();
    authCategory.addPlugin(authPlugin);
    authCategory.configure(authCategoryConfiguration, context);
    auth = SynchronousAuth.delegatingTo(authCategory);
    if (signInToCognito) {
        Log.v(tag, "Test requires signIn.");
        AuthSignInResult authSignInResult = auth.signIn(cognitoUser, cognitoPassword);
        if (!authSignInResult.isSignInComplete()) {
            fail("Unable to complete initial sign-in");
        }
    }
    if (signInWithOidc) {
        oidcLogin();
        if (token.get() == null) {
            fail("Unable to autenticate with OIDC provider");
        }
    }
    // Setup an API
    DefaultCognitoUserPoolsAuthProvider cognitoProvider = new DefaultCognitoUserPoolsAuthProvider(authPlugin.getEscapeHatch());
    CategoryConfiguration apiCategoryConfiguration = amplifyConfiguration.forCategoryType(CategoryType.API);
    ApiAuthProviders apiAuthProviders = ApiAuthProviders.builder().cognitoUserPoolsAuthProvider(cognitoProvider).awsCredentialsProvider(authPlugin.getEscapeHatch()).oidcAuthProvider(token::get).build();
    ApiCategory apiCategory = new ApiCategory();
    requestInterceptor = new HttpRequestInterceptor(expectedAuthType);
    apiCategory.addPlugin(AWSApiPlugin.builder().configureClient("DataStoreIntegTestsApi", okHttpClientBuilder -> okHttpClientBuilder.addInterceptor(requestInterceptor)).apiAuthProviders(apiAuthProviders).build());
    apiCategory.configure(apiCategoryConfiguration, context);
    api = SynchronousApi.delegatingTo(apiCategory);
    // Setup DataStore
    DataStoreConfiguration dsConfig = DataStoreConfiguration.builder().errorHandler(exception -> Log.e(tag, "DataStore error handler received an error.", exception)).syncExpression(modelSchema.getName(), () -> Where.id("FAKE_ID").getQueryPredicate()).build();
    CategoryConfiguration dataStoreCategoryConfiguration = AmplifyConfiguration.fromConfigFile(context, configResourceId).forCategoryType(CategoryType.DATASTORE);
    String databaseName = "IntegTest" + modelType.getSimpleName() + ".db";
    SQLiteStorageAdapter sqLiteStorageAdapter = TestStorageAdapter.create(schemaRegistry, modelProvider, databaseName);
    AWSDataStorePlugin awsDataStorePlugin = AWSDataStorePlugin.builder().storageAdapter(sqLiteStorageAdapter).modelProvider(modelProvider).apiCategory(apiCategory).authModeStrategy(AuthModeStrategyType.MULTIAUTH).schemaRegistry(schemaRegistry).dataStoreConfiguration(dsConfig).build();
    DataStoreCategory dataStoreCategory = new DataStoreCategory();
    dataStoreCategory.addPlugin(awsDataStorePlugin);
    dataStoreCategory.configure(dataStoreCategoryConfiguration, context);
    dataStoreCategory.initialize(context);
    dataStore = SynchronousDataStore.delegatingTo(dataStoreCategory);
}
Also used : MultiAuthTestModelProvider(com.amplifyframework.testmodels.multiauth.MultiAuthTestModelProvider) ApplicationProvider.getApplicationContext(androidx.test.core.app.ApplicationProvider.getApplicationContext) Context(android.content.Context) AmplifyException(com.amplifyframework.AmplifyException) ApplicationProvider.getApplicationContext(androidx.test.core.app.ApplicationProvider.getApplicationContext) AuthorizationType(com.amplifyframework.api.aws.AuthorizationType) PrivatePrivatePublicUPIAMIAMPost(com.amplifyframework.testmodels.multiauth.PrivatePrivatePublicUPIAMIAMPost) PublicPublicIAMAPIPost(com.amplifyframework.testmodels.multiauth.PublicPublicIAMAPIPost) AuthSignOutOptions(com.amplifyframework.auth.options.AuthSignOutOptions) DataStoreHubEventFilters.publicationOf(com.amplifyframework.datastore.DataStoreHubEventFilters.publicationOf) AndroidLoggingPlugin(com.amplifyframework.logging.AndroidLoggingPlugin) OwnerPublicUPAPIPost(com.amplifyframework.testmodels.multiauth.OwnerPublicUPAPIPost) JSONException(org.json.JSONException) AWSApiPlugin(com.amplifyframework.api.aws.AWSApiPlugin) JSONObject(org.json.JSONObject) AmplifyConfiguration(com.amplifyframework.core.AmplifyConfiguration) Map(java.util.Map) PrivateUPPost(com.amplifyframework.testmodels.multiauth.PrivateUPPost) Assert.fail(org.junit.Assert.fail) Log(android.util.Log) ResponseBody(okhttp3.ResponseBody) MultiAuthTestModelProvider(com.amplifyframework.testmodels.multiauth.MultiAuthTestModelProvider) Interceptor(okhttp3.Interceptor) AfterClass(org.junit.AfterClass) Request(okhttp3.Request) GroupUPPost(com.amplifyframework.testmodels.multiauth.GroupUPPost) HubChannel(com.amplifyframework.hub.HubChannel) SerializedModel(com.amplifyframework.core.model.SerializedModel) OwnerPublicOIDAPIPost(com.amplifyframework.testmodels.multiauth.OwnerPublicOIDAPIPost) OwnerPrivateUPIAMPost(com.amplifyframework.testmodels.multiauth.OwnerPrivateUPIAMPost) DefaultCognitoUserPoolsAuthProvider(com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider) UUID(java.util.UUID) ApiCategory(com.amplifyframework.api.ApiCategory) PrivatePublicComboUPPost(com.amplifyframework.testmodels.multiauth.PrivatePublicComboUPPost) Logger(com.amplifyframework.logging.Logger) CognitoJWTParser(com.amazonaws.mobileconnectors.cognitoidentityprovider.util.CognitoJWTParser) Assert.assertFalse(org.junit.Assert.assertFalse) RandomString(com.amplifyframework.testutils.random.RandomString) SynchronousAuth(com.amplifyframework.testutils.sync.SynchronousAuth) LogLevel(com.amplifyframework.logging.LogLevel) PublicAPIPost(com.amplifyframework.testmodels.multiauth.PublicAPIPost) Context(android.content.Context) GroupPrivatePublicUPIAMAPIPost(com.amplifyframework.testmodels.multiauth.GroupPrivatePublicUPIAMAPIPost) AuthCategory(com.amplifyframework.auth.AuthCategory) HashMap(java.util.HashMap) ApiAuthProviders(com.amplifyframework.api.aws.ApiAuthProviders) Resources(com.amplifyframework.testutils.Resources) HubAccumulator(com.amplifyframework.testutils.HubAccumulator) SynchronousApi(com.amplifyframework.testutils.sync.SynchronousApi) IdToken(com.google.auth.oauth2.IdToken) AtomicReference(java.util.concurrent.atomic.AtomicReference) Headers(okhttp3.Headers) RequestBody(okhttp3.RequestBody) SchemaRegistry(com.amplifyframework.core.model.SchemaRegistry) RawRes(androidx.annotation.RawRes) PrivatePublicUPIAMPost(com.amplifyframework.testmodels.multiauth.PrivatePublicUPIAMPost) AuthSignInResult(com.amplifyframework.auth.result.AuthSignInResult) Author(com.amplifyframework.testmodels.commentsblog.Author) ModelSchema(com.amplifyframework.core.model.ModelSchema) PrivatePublicComboAPIPost(com.amplifyframework.testmodels.multiauth.PrivatePublicComboAPIPost) Response(okhttp3.Response) CategoryConfiguration(com.amplifyframework.core.category.CategoryConfiguration) PublicIAMPost(com.amplifyframework.testmodels.multiauth.PublicIAMPost) Amplify(com.amplifyframework.core.Amplify) PrivatePrivatePublicUPIAMAPIPost(com.amplifyframework.testmodels.multiauth.PrivatePrivatePublicUPIAMAPIPost) SynchronousDataStore(com.amplifyframework.testutils.sync.SynchronousDataStore) Buffer(okio.Buffer) CategoryType(com.amplifyframework.core.category.CategoryType) GroupPrivateUPIAMPost(com.amplifyframework.testmodels.multiauth.GroupPrivateUPIAMPost) PrivatePublicUPAPIPost(com.amplifyframework.testmodels.multiauth.PrivatePublicUPAPIPost) Model(com.amplifyframework.core.model.Model) AWSCognitoAuthPlugin(com.amplifyframework.auth.cognito.AWSCognitoAuthPlugin) Test(org.junit.Test) IOException(java.io.IOException) Where(com.amplifyframework.core.model.query.Where) SQLiteStorageAdapter(com.amplifyframework.datastore.storage.sqlite.SQLiteStorageAdapter) GroupPublicUPIAMPost(com.amplifyframework.testmodels.multiauth.GroupPublicUPIAMPost) PrivatePrivateUPIAMPost(com.amplifyframework.testmodels.multiauth.PrivatePrivateUPIAMPost) TimeUnit(java.util.concurrent.TimeUnit) AuthModeStrategyType(com.amplifyframework.api.aws.AuthModeStrategyType) OwnerOIDCPost(com.amplifyframework.testmodels.multiauth.OwnerOIDCPost) OwnerPrivatePublicUPIAMAPIPost(com.amplifyframework.testmodels.multiauth.OwnerPrivatePublicUPIAMAPIPost) TestStorageAdapter(com.amplifyframework.datastore.storage.sqlite.TestStorageAdapter) PrivatePublicPublicUPAPIIAMPost(com.amplifyframework.testmodels.multiauth.PrivatePublicPublicUPAPIIAMPost) Resources.readJsonResourceFromId(com.amplifyframework.core.Resources.readJsonResourceFromId) DataStoreHubEventFilters.networkStatusFailure(com.amplifyframework.datastore.DataStoreHubEventFilters.networkStatusFailure) GroupPublicUPAPIPost(com.amplifyframework.testmodels.multiauth.GroupPublicUPAPIPost) OwnerUPPost(com.amplifyframework.testmodels.multiauth.OwnerUPPost) Collections(java.util.Collections) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) JSONArray(org.json.JSONArray) RawRes(androidx.annotation.RawRes) AmplifyConfiguration(com.amplifyframework.core.AmplifyConfiguration) DefaultCognitoUserPoolsAuthProvider(com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider) SQLiteStorageAdapter(com.amplifyframework.datastore.storage.sqlite.SQLiteStorageAdapter) CategoryConfiguration(com.amplifyframework.core.category.CategoryConfiguration) JSONException(org.json.JSONException) RandomString(com.amplifyframework.testutils.random.RandomString) AWSCognitoAuthPlugin(com.amplifyframework.auth.cognito.AWSCognitoAuthPlugin) AndroidLoggingPlugin(com.amplifyframework.logging.AndroidLoggingPlugin) ModelSchema(com.amplifyframework.core.model.ModelSchema) AuthCategory(com.amplifyframework.auth.AuthCategory) ApiCategory(com.amplifyframework.api.ApiCategory) ApiAuthProviders(com.amplifyframework.api.aws.ApiAuthProviders) AuthSignInResult(com.amplifyframework.auth.result.AuthSignInResult) SchemaRegistry(com.amplifyframework.core.model.SchemaRegistry)

Example 8 with AuthorizationType

use of com.amplifyframework.api.aws.AuthorizationType in project amplify-android by aws-amplify.

the class AuthRuleRequestDecoratorTest method ownerArgumentAddedIfOwnerIsNotInCustomGroup.

/**
 * Verify owner argument is added if model contains both owner-based and group-based
 * authorization and the user is not in any read-restricted group.
 * @throws AmplifyException if a ModelSchema can't be derived from the Model class.
 */
@Test
public void ownerArgumentAddedIfOwnerIsNotInCustomGroup() throws AmplifyException {
    final AuthorizationType mode = AuthorizationType.OPENID_CONNECT;
    final String expectedOwner = FakeOidcAuthProvider.SUB;
    // but user is not in the read-restricted custom group.
    for (SubscriptionType subscriptionType : SubscriptionType.values()) {
        GraphQLRequest<OwnerNotInCustomGroup> originalRequest = createRequest(OwnerNotInCustomGroup.class, subscriptionType);
        GraphQLRequest<OwnerNotInCustomGroup> modifiedRequest = decorator.decorate(originalRequest, mode);
        assertEquals(expectedOwner, getOwnerField(modifiedRequest));
    }
}
Also used : SubscriptionType(com.amplifyframework.api.graphql.SubscriptionType) AuthorizationType(com.amplifyframework.api.aws.AuthorizationType) Test(org.junit.Test)

Example 9 with AuthorizationType

use of com.amplifyframework.api.aws.AuthorizationType in project amplify-android by aws-amplify.

the class AuthRuleRequestDecoratorTest method ownerArgumentNotAddedForNonRestrictedReadWithUserPools.

/**
 * Verify owner argument is NOT required if the subscription type is not one of the restricted operations.
 * @throws AmplifyException if a ModelSchema can't be derived from the Model class.
 */
@Test
public void ownerArgumentNotAddedForNonRestrictedReadWithUserPools() throws AmplifyException {
    final AuthorizationType mode = AuthorizationType.AMAZON_COGNITO_USER_POOLS;
    // OwnerCreate class only has restriction on CREATE
    for (SubscriptionType subscriptionType : SubscriptionType.values()) {
        GraphQLRequest<OwnerCreate> originalRequest = createRequest(OwnerCreate.class, subscriptionType);
        GraphQLRequest<OwnerCreate> modifiedRequest = decorator.decorate(originalRequest, mode);
        assertNull(getOwnerField(modifiedRequest));
    }
    // OwnerUpdate class only has restriction on UPDATE
    for (SubscriptionType subscriptionType : SubscriptionType.values()) {
        GraphQLRequest<OwnerUpdate> originalRequest = createRequest(OwnerUpdate.class, subscriptionType);
        GraphQLRequest<OwnerUpdate> modifiedRequest = decorator.decorate(originalRequest, mode);
        assertNull(getOwnerField(modifiedRequest));
    }
    // OwnerDelete class only has restriction on DELETE
    for (SubscriptionType subscriptionType : SubscriptionType.values()) {
        GraphQLRequest<OwnerDelete> originalRequest = createRequest(OwnerDelete.class, subscriptionType);
        GraphQLRequest<OwnerDelete> modifiedRequest = decorator.decorate(originalRequest, mode);
        assertNull(getOwnerField(modifiedRequest));
    }
}
Also used : SubscriptionType(com.amplifyframework.api.graphql.SubscriptionType) AuthorizationType(com.amplifyframework.api.aws.AuthorizationType) Test(org.junit.Test)

Example 10 with AuthorizationType

use of com.amplifyframework.api.aws.AuthorizationType in project amplify-android by aws-amplify.

the class AuthRuleRequestDecoratorTest method ownerArgumentAddedForRestrictedReadWithUserPools.

/**
 * Verify that owner argument is required for all subscriptions if ModelOperation.READ is specified
 * while using Cognito User Pools auth mode.
 * @throws AmplifyException if a ModelSchema can't be derived from the Model class.
 */
@Test
public void ownerArgumentAddedForRestrictedReadWithUserPools() throws AmplifyException {
    final AuthorizationType mode = AuthorizationType.AMAZON_COGNITO_USER_POOLS;
    final String expectedOwner = FakeCognitoAuthProvider.USERNAME;
    // Owner class has restriction on every operation including READ
    for (SubscriptionType subscriptionType : SubscriptionType.values()) {
        GraphQLRequest<Owner> originalRequest = createRequest(Owner.class, subscriptionType);
        GraphQLRequest<Owner> modifiedRequest = decorator.decorate(originalRequest, mode);
        assertEquals(expectedOwner, getOwnerField(modifiedRequest));
    }
    // OwnerRead class only has restriction on READ
    for (SubscriptionType subscriptionType : SubscriptionType.values()) {
        GraphQLRequest<OwnerRead> originalRequest = createRequest(OwnerRead.class, subscriptionType);
        GraphQLRequest<OwnerRead> modifiedRequest = decorator.decorate(originalRequest, mode);
        assertEquals(expectedOwner, getOwnerField(modifiedRequest));
    }
}
Also used : SubscriptionType(com.amplifyframework.api.graphql.SubscriptionType) AuthorizationType(com.amplifyframework.api.aws.AuthorizationType) Test(org.junit.Test)

Aggregations

AuthorizationType (com.amplifyframework.api.aws.AuthorizationType)13 Test (org.junit.Test)13 SubscriptionType (com.amplifyframework.api.graphql.SubscriptionType)9 AuthRule (com.amplifyframework.core.model.AuthRule)3 MultiAuthorizationTypeIterator (com.amplifyframework.core.model.auth.MultiAuthorizationTypeIterator)3 Context (android.content.Context)1 Log (android.util.Log)1 RawRes (androidx.annotation.RawRes)1 ApplicationProvider.getApplicationContext (androidx.test.core.app.ApplicationProvider.getApplicationContext)1 CognitoJWTParser (com.amazonaws.mobileconnectors.cognitoidentityprovider.util.CognitoJWTParser)1 AmplifyException (com.amplifyframework.AmplifyException)1 ApiCategory (com.amplifyframework.api.ApiCategory)1 AWSApiPlugin (com.amplifyframework.api.aws.AWSApiPlugin)1 ApiAuthProviders (com.amplifyframework.api.aws.ApiAuthProviders)1 AuthModeStrategyType (com.amplifyframework.api.aws.AuthModeStrategyType)1 DefaultCognitoUserPoolsAuthProvider (com.amplifyframework.api.aws.sigv4.DefaultCognitoUserPoolsAuthProvider)1 AuthCategory (com.amplifyframework.auth.AuthCategory)1 AWSCognitoAuthPlugin (com.amplifyframework.auth.cognito.AWSCognitoAuthPlugin)1 AuthSignOutOptions (com.amplifyframework.auth.options.AuthSignOutOptions)1 AuthSignInResult (com.amplifyframework.auth.result.AuthSignInResult)1