Example 6 with AuthRule
use of com.amplifyframework.core.model.AuthRule in project amplify-android by aws-amplify.
the class MultiAuthorizationTypeIteratorTest method testMultiOwnerRules.
/**
* If there are multiple owner based rules (a couple using userPools and one using oidc),
* it should only return 2 auth types (one for userPools and one for oidc).
*/
@Test
public void testMultiOwnerRules() {
Iterator<AuthorizationType> expectedAuthTypes = Arrays.asList(AuthorizationType.AMAZON_COGNITO_USER_POOLS, AuthorizationType.OPENID_CONNECT).iterator();
Iterator<Boolean> expectedIsOwnerFlags = Arrays.asList(true, true).iterator();
List<AuthRule> authRules = Arrays.asList(buildOwnerRule(AuthStrategy.Provider.OIDC, "differentOwner", "myClaim", Arrays.asList(ModelOperation.CREATE, ModelOperation.DELETE)), buildOwnerRule(null, null, null, null), buildOwnerRule(AuthStrategy.Provider.USER_POOLS, "differentOwnerField", null, Arrays.asList(ModelOperation.CREATE, ModelOperation.DELETE)));
MultiAuthorizationTypeIterator actualAuthTypeIterator = new MultiAuthorizationTypeIterator(authRules);
assertIteratorState(expectedAuthTypes, expectedIsOwnerFlags, actualAuthTypeIterator);
}
Also used :
MultiAuthorizationTypeIterator(com.amplifyframework.core.model.auth.MultiAuthorizationTypeIterator)
AuthorizationType(com.amplifyframework.api.aws.AuthorizationType)
AuthRule(com.amplifyframework.core.model.AuthRule)
Test(org.junit.Test)
Example 7 with AuthRule
use of com.amplifyframework.core.model.AuthRule in project amplify-android by aws-amplify.
the class AuthRuleRequestDecorator method decorate.
/**
* Decorate given GraphQL request instance with additional variables for owner-based or
* group-based authorization.
*
* This will only work if the request is compliant with the AppSync specifications.
* @param request an instance of {@link GraphQLRequest}.
* @param authType the mode of authorization being used to authorize the request
* @param <R> The type of data contained in the GraphQLResponse expected from this request.
* @return the input request with additional variables that specify model's owner and/or
* groups
* @throws ApiException If an error is encountered while processing the auth rules associated
* with the request or if the authorization fails
*/
public <R> GraphQLRequest<R> decorate(@NonNull GraphQLRequest<R> request, @NonNull AuthorizationType authType) throws ApiException {
if (!(request instanceof AppSyncGraphQLRequest)) {
return request;
}
AppSyncGraphQLRequest<R> appSyncRequest = (AppSyncGraphQLRequest<R>) request;
AuthRule ownerRuleWithReadRestriction = null;
Map<String, Set<String>> readAuthorizedGroupsMap = new HashMap<>();
// and it's not clear what a good solution would be until AppSync supports real time filters.
for (AuthRule authRule : appSyncRequest.getModelSchema().getAuthRules()) {
if (isReadRestrictingOwner(authRule)) {
if (ownerRuleWithReadRestriction == null) {
ownerRuleWithReadRestriction = authRule;
} else {
throw new ApiAuthException("Detected multiple owner type auth rules with a READ operation", "We currently do not support this use case. Please limit your type to just one owner " + "auth rule with a READ operation restriction.");
}
} else if (isReadRestrictingStaticGroup(authRule)) {
// Group read-restricting groups by the claim name
String groupClaim = authRule.getGroupClaimOrDefault();
List<String> groups = authRule.getGroups();
Set<String> readAuthorizedGroups = readAuthorizedGroupsMap.get(groupClaim);
if (readAuthorizedGroups != null) {
readAuthorizedGroups.addAll(groups);
} else {
readAuthorizedGroupsMap.put(groupClaim, new HashSet<>(groups));
}
}
}
// them.
if (ownerRuleWithReadRestriction != null && userNotInReadRestrictingGroups(readAuthorizedGroupsMap, authType)) {
String idClaim = ownerRuleWithReadRestriction.getIdentityClaimOrDefault();
String key = ownerRuleWithReadRestriction.getOwnerFieldOrDefault();
String value = getIdentityValue(idClaim, authType);
try {
return appSyncRequest.newBuilder().variable(key, "String!", value).build();
} catch (AmplifyException error) {
// This should not happen normally
throw new ApiAuthException("Failed to set owner field on AppSyncGraphQLRequest.", error, AmplifyException.REPORT_BUG_TO_AWS_SUGGESTION);
}
}
return request;
}
Also used :
ApiAuthException(com.amplifyframework.api.ApiException.ApiAuthException)
HashSet(java.util.HashSet)
Set(java.util.Set)
AmplifyException(com.amplifyframework.AmplifyException)
HashMap(java.util.HashMap)
AppSyncGraphQLRequest(com.amplifyframework.api.aws.AppSyncGraphQLRequest)
ArrayList(java.util.ArrayList)
List(java.util.List)
AuthRule(com.amplifyframework.core.model.AuthRule)
HashSet(java.util.HashSet)
Aggregations
AuthRule (com.amplifyframework.core.model.AuthRule)7
MultiAuthorizationTypeIterator (com.amplifyframework.core.model.auth.MultiAuthorizationTypeIterator)4
AmplifyException (com.amplifyframework.AmplifyException)3
AuthorizationType (com.amplifyframework.api.aws.AuthorizationType)3
HashMap (java.util.HashMap)3
Test (org.junit.Test)3
ModelField (com.amplifyframework.core.model.ModelField)2
ArrayList (java.util.ArrayList)2
List (java.util.List)2
NonNull (androidx.annotation.NonNull)1
ApiAuthException (com.amplifyframework.api.ApiException.ApiAuthException)1
AppSyncGraphQLRequest (com.amplifyframework.api.aws.AppSyncGraphQLRequest)1
Consumer (com.amplifyframework.core.Consumer)1
Model (com.amplifyframework.core.model.Model)1
ModelAssociation (com.amplifyframework.core.model.ModelAssociation)1
ModelOperation (com.amplifyframework.core.model.ModelOperation)1
ModelSchema (com.amplifyframework.core.model.ModelSchema)1
SerializedModel (com.amplifyframework.core.model.SerializedModel)1
AuthorizationTypeIterator (com.amplifyframework.core.model.auth.AuthorizationTypeIterator)1
HashSet (java.util.HashSet)1
