Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: support unique credential cookie names #560

Merged
merged 17 commits into from
Jul 8, 2024
Merged

feat: support unique credential cookie names #560

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
667519b
feat: support unique credential cookie names
limhjgrace Jun 6, 2024
fae705a
chore: Update unique credential cookie name doc
limhjgrace Jun 7, 2024
3613b05
Update src/dispatch/Authentication.ts
limhjgrace Jun 10, 2024
b8c4da8
Update src/dispatch/Authentication.ts
limhjgrace Jun 10, 2024
b97d3c0
Update src/sessions/SessionManager.ts
limhjgrace Jun 10, 2024
5c3467e
fix: Set cookie name in constructor instead of retrieving at runtime
limhjgrace Jun 11, 2024
9685cb3
feat: use unique cookies for identity keys
limhjgrace Jun 11, 2024
6b796c0
fix: Pass in uniqueCookie boolean as param to Cognito client
limhjgrace Jun 11, 2024
09312e8
fix: Set unique cookie in unit test
limhjgrace Jun 11, 2024
2a035d6
chore: Smoke tests for unique cred cookies
limhjgrace Jun 11, 2024
c673402
fix: Uncomment cd.yaml sections and remove unnecessary additional sni…
limhjgrace Jun 12, 2024
ef47fdb
fix: Remove unnecessary param
limhjgrace Jun 12, 2024
83e0e7b
fix: Remove setting cookies to unique in html
limhjgrace Jun 12, 2024
bb1dc90
Merge branch 'main' into unique-cred-cookie
limhjgrace Jul 1, 2024
97d71b1
fix: Fix prettier formatting
limhjgrace Jul 1, 2024
f2c5612
fix: Refactor CognitoidentityClientConfig
limhjgrace Jul 1, 2024
c3e2e61
fix: Fix importing Orchestration
limhjgrace Jul 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 13 additions & 2 deletions src/dispatch/Authentication.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,22 @@ import { Config } from '../orchestration/Orchestration';
import { AwsCredentialIdentity } from '@aws-sdk/types';
import { FetchHttpHandler } from '@aws-sdk/fetch-http-handler';
import { CRED_KEY, CRED_RENEW_MS } from '../utils/constants';
import { getCookieName } from '../utils/cookies-utils';

export abstract class Authentication {
protected applicationId: string;
protected cognitoIdentityClient: CognitoIdentityClient;
protected config: Config;
protected credentials: AwsCredentialIdentity | undefined;

constructor(config: Config) {
constructor(config: Config, applicationId: string) {
const region: string = config.identityPoolId!.split(':')[0];
this.config = config;
this.cognitoIdentityClient = new CognitoIdentityClient({
limhjgrace marked this conversation as resolved.
Show resolved Hide resolved
fetchRequestHandler: new FetchHttpHandler(),
region
});
this.applicationId = applicationId;
limhjgrace marked this conversation as resolved.
Show resolved Hide resolved
}

/**
Expand Down Expand Up @@ -80,7 +83,15 @@ export abstract class Authentication {
return new Promise<AwsCredentialIdentity>((resolve, reject) => {
let credentials: AwsCredentialIdentity;
try {
credentials = JSON.parse(localStorage.getItem(CRED_KEY)!);
credentials = JSON.parse(
localStorage.getItem(
getCookieName(
this.config.cookieAttributes.unique,
CRED_KEY,
this.applicationId
)
)!
limhjgrace marked this conversation as resolved.
Show resolved Hide resolved
);
} catch (e) {
// Error retrieving, decoding or parsing the cred string -- abort
return reject();
Expand Down
11 changes: 8 additions & 3 deletions src/dispatch/BasicAuthentication.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@ import { FetchHttpHandler } from '@aws-sdk/fetch-http-handler';
import { StsClient } from './StsClient';
import { CRED_KEY } from '../utils/constants';
import { Authentication } from './Authentication';
import { getCookieName } from '../utils/cookies-utils';

export class BasicAuthentication extends Authentication {
private stsClient: StsClient;

constructor(config: Config) {
super(config);
constructor(config: Config, applicationId: string) {
super(config, applicationId);
const region: string = config.identityPoolId!.split(':')[0];
this.stsClient = new StsClient({
fetchRequestHandler: new FetchHttpHandler(),
Expand Down Expand Up @@ -51,7 +52,11 @@ export class BasicAuthentication extends Authentication {
this.credentials = credentials;
try {
localStorage.setItem(
CRED_KEY,
getCookieName(
this.config.cookieAttributes.unique,
CRED_KEY,
this.applicationId
),
JSON.stringify(credentials)
);
} catch (e) {
Expand Down
11 changes: 8 additions & 3 deletions src/dispatch/EnhancedAuthentication.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,11 @@ import { Config } from '../orchestration/Orchestration';
import { AwsCredentialIdentity } from '@aws-sdk/types';
import { CRED_KEY } from '../utils/constants';
import { Authentication } from './Authentication';
import { getCookieName } from '../utils/cookies-utils';

export class EnhancedAuthentication extends Authentication {
constructor(config: Config) {
super(config);
constructor(config: Config, applicationId: string) {
super(config, applicationId);
}
/**
* Provides credentials for an anonymous (guest) user. These credentials are retrieved from Cognito's enhanced
Expand Down Expand Up @@ -34,7 +35,11 @@ export class EnhancedAuthentication extends Authentication {
this.credentials = credentials;
try {
localStorage.setItem(
CRED_KEY,
getCookieName(
this.config.cookieAttributes.unique,
CRED_KEY,
this.applicationId
),
JSON.stringify(credentials)
);
} catch (e) {
Expand Down
171 changes: 125 additions & 46 deletions src/dispatch/__tests__/BasicAuthentication.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { BasicAuthentication } from '../BasicAuthentication';
import { CRED_KEY } from '../../utils/constants';
import { DEFAULT_CONFIG } from '../../test-utils/test-utils';
import { APPLICATION_ID, DEFAULT_CONFIG } from '../../test-utils/test-utils';

const assumeRole = jest.fn();
const mockGetId = jest.fn();
Expand Down Expand Up @@ -54,7 +54,7 @@ describe('BasicAuthentication tests', () => {
guestRoleArn: GUEST_ROLE_ARN
}
};
const auth = new BasicAuthentication(config);
const auth = new BasicAuthentication(config, APPLICATION_ID);

localStorage.setItem(
CRED_KEY,
Expand Down Expand Up @@ -88,7 +88,7 @@ describe('BasicAuthentication tests', () => {
guestRoleArn: GUEST_ROLE_ARN
}
};
const auth = new BasicAuthentication(config);
const auth = new BasicAuthentication(config, APPLICATION_ID);

localStorage.setItem(CRED_KEY, 'corrupt');

Expand All @@ -107,13 +107,16 @@ describe('BasicAuthentication tests', () => {

test('when credential is not in localStorage then authentication chain retrieves credential from basic authflow', async () => {
// Init
const auth = new BasicAuthentication({
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
});
const auth = new BasicAuthentication(
{
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
},
APPLICATION_ID
);

// Run
const credentials = await auth.ChainAnonymousCredentialsProvider();
Expand All @@ -139,7 +142,7 @@ describe('BasicAuthentication tests', () => {
}
};

const auth = new BasicAuthentication(config);
const auth = new BasicAuthentication(config, APPLICATION_ID);

localStorage.setItem(
CRED_KEY,
Expand Down Expand Up @@ -181,13 +184,16 @@ describe('BasicAuthentication tests', () => {
sessionToken: 'z'
});

const auth = new BasicAuthentication({
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
});
const auth = new BasicAuthentication(
{
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
},
APPLICATION_ID
);

// Run
await auth.ChainAnonymousCredentialsProvider();
Expand All @@ -210,13 +216,16 @@ describe('BasicAuthentication tests', () => {
throw e;
});
// Init
const auth = new BasicAuthentication({
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
});
const auth = new BasicAuthentication(
{
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
},
APPLICATION_ID
);

// Assert
return expect(auth.ChainAnonymousCredentialsProvider()).rejects.toEqual(
Expand All @@ -230,13 +239,16 @@ describe('BasicAuthentication tests', () => {
throw e;
});
// Init
const auth = new BasicAuthentication({
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
});
const auth = new BasicAuthentication(
{
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
},
APPLICATION_ID
);

// Assert
return expect(auth.ChainAnonymousCredentialsProvider()).rejects.toEqual(
Expand All @@ -250,13 +262,16 @@ describe('BasicAuthentication tests', () => {
throw e;
});
// Init
const auth = new BasicAuthentication({
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
});
const auth = new BasicAuthentication(
{
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
},
APPLICATION_ID
);

// Assert
expect(auth.ChainAnonymousCredentialsProvider()).rejects.toEqual(e);
Expand All @@ -272,7 +287,7 @@ describe('BasicAuthentication tests', () => {
guestRoleArn: GUEST_ROLE_ARN
}
};
const auth = new BasicAuthentication(config);
const auth = new BasicAuthentication(config, APPLICATION_ID);

// Run
await auth.ChainAnonymousCredentialsProvider();
Expand Down Expand Up @@ -321,7 +336,7 @@ describe('BasicAuthentication tests', () => {
guestRoleArn: GUEST_ROLE_ARN
}
};
const auth = new BasicAuthentication(config);
const auth = new BasicAuthentication(config, APPLICATION_ID);

// Run
await auth.ChainAnonymousCredentialsProvider();
Expand Down Expand Up @@ -358,7 +373,7 @@ describe('BasicAuthentication tests', () => {
guestRoleArn: GUEST_ROLE_ARN
}
};
const auth = new BasicAuthentication(config);
const auth = new BasicAuthentication(config, APPLICATION_ID);

// Run
const credentials = await auth.ChainAnonymousCredentialsProvider();
Expand Down Expand Up @@ -396,7 +411,7 @@ describe('BasicAuthentication tests', () => {
guestRoleArn: GUEST_ROLE_ARN
}
};
const auth = new BasicAuthentication(config);
const auth = new BasicAuthentication(config, APPLICATION_ID);

// Run
await auth.ChainAnonymousCredentialsProvider();
Expand All @@ -414,13 +429,77 @@ describe('BasicAuthentication tests', () => {
throw e;
});
// Init
const auth = new BasicAuthentication({
const auth = new BasicAuthentication(
{
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
}
},
APPLICATION_ID
);

// Run
const credentials = await auth.ChainAnonymousCredentialsProvider();

// Assert
expect(credentials).toEqual(
expect.objectContaining({
accessKeyId: 'x',
secretAccessKey: 'y',
sessionToken: 'z'
})
);
});

test('when unique cookie names are used then cookie name with application id appended is stored', async () => {
// Init
const config = {
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN
guestRoleArn: GUEST_ROLE_ARN,
allowCookies: true,
cookieAttributes: {
...DEFAULT_CONFIG.cookieAttributes,
...{ unique: true }
}
}
});
};
const auth = new BasicAuthentication(config, APPLICATION_ID);

// Run
await auth.ChainAnonymousCredentialsProvider();
const credentials = JSON.parse(
localStorage.getItem(`${CRED_KEY}_${APPLICATION_ID}`)!
);

// Assert
expect(credentials).toEqual(
expect.objectContaining({
accessKeyId: 'x',
secretAccessKey: 'y',
sessionToken: 'z'
})
);
});

test('when unique cookie names are used then cookie name with application id appended is retrieved', async () => {
// Init
const config = {
...DEFAULT_CONFIG,
...{
identityPoolId: IDENTITY_POOL_ID,
guestRoleArn: GUEST_ROLE_ARN,
allowCookies: true,
cookieAttributes: {
...DEFAULT_CONFIG.cookieAttributes,
...{ unique: true }
}
}
};
const auth = new BasicAuthentication(config, APPLICATION_ID);

// Run
const credentials = await auth.ChainAnonymousCredentialsProvider();
Expand Down
Loading
Loading