fix: auth to use validateUsingSource in place of auth filter to show …

…error message (aws-amplify#2523)

packages/amplify-e2e-tests/src/__tests__/rds-mysql-oidc-auth.test.ts

@@ -344,10 +344,11 @@ describe('RDS OIDC provider Auth tests', () => {
       await todoHelperNonOwner.update(`update${modelName}`, todoUpdated);
     }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoOwner on type Mutation"`);
 
-    const getResult = await todoHelperNonOwner.get({
-      id: todo['id'],
-    });
-    expect(getResult.data[`get${modelName}`]).toBeNull();
+    await expect(async () => {
+      const getResult = await todoHelperNonOwner.get({
+        id: todo['id'],
+      });
+    }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwner on type Query"`);
 
     const listTodosResult = await todoHelperNonOwner.list();
     checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -497,10 +498,11 @@ describe('RDS OIDC provider Auth tests', () => {
       await todoHelperNonOwner.update(`update${modelName}`, todoUpdated);
     }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoOwnerFieldString on type Mutation"`);
 
-    const getResult = await todoHelperNonOwner.get({
-      id: todo['id'],
-    });
-    expect(getResult.data[`get${modelName}`]).toBeNull();
+    await expect(async () => {
+      const getResult = await todoHelperNonOwner.get({
+        id: todo['id'],
+      });
+    }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwnerFieldString on type Query"`);
 
     const listTodosResult = await todoHelperNonOwner.list();
     checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -648,10 +650,11 @@ describe('RDS OIDC provider Auth tests', () => {
       await todoHelperNonOwner.update(`update${modelName}`, todoUpdated);
     }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoOwnerFieldList on type Mutation"`);
 
-    const getResult = await todoHelperNonOwner.get({
-      id: todo['id'],
-    });
-    expect(getResult.data[`get${modelName}`]).toBeNull();
+    await expect(async () => {
+      const getResult = await todoHelperNonOwner.get({
+        id: todo['id'],
+      });
+    }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwnerFieldList on type Query"`);
 
     const listTodosResult = await todoHelperNonOwner.list();
     checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -984,10 +987,11 @@ describe('RDS OIDC provider Auth tests', () => {
       await todoHelperNonAdmin.update(`update${modelName}`, todoUpdated);
     }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoGroupFieldString on type Mutation"`);
 
-    const getResult = await todoHelperNonAdmin.get({
-      id: todo['id'],
-    });
-    expect(getResult.data[`get${modelName}`]).toBeNull();
+    await expect(async () => {
+      const getResult = await todoHelperNonAdmin.get({
+        id: todo['id'],
+      });
+    }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoGroupFieldString on type Query"`);
 
     const listTodosResult = await todoHelperNonAdmin.list();
     checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -1096,10 +1100,11 @@ describe('RDS OIDC provider Auth tests', () => {
       await todoHelperNonAdmin.update(`update${modelName}`, todoUpdated);
     }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoGroupFieldList on type Mutation"`);
 
-    const getResult = await todoHelperNonAdmin.get({
-      id: todo['id'],
-    });
-    expect(getResult.data[`get${modelName}`]).toBeNull();
+    await expect(async () => {
+      const getResult = await todoHelperNonAdmin.get({
+        id: todo['id'],
+      });
+    }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoGroupFieldList on type Query"`);
 
     const listTodosResult = await todoHelperNonAdmin.list();
     checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);

packages/amplify-e2e-tests/src/rds-v2-tests-common/rds-auth-custom-claims-refersto-auth.ts

@@ -212,10 +212,11 @@ export const testCustomClaimsRefersTo = (engine: ImportedRDSType): void => {
         await todoHelperNonOwner.update(`update${modelName}`, todoUpdated);
       }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoOwner on type Mutation"`);
 
-      const getResult = await todoHelperNonOwner.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        await todoHelperNonOwner.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwner on type Query"`);
 
       const listTodosResult = await todoHelperNonOwner.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -295,10 +296,11 @@ export const testCustomClaimsRefersTo = (engine: ImportedRDSType): void => {
         `"GraphQL error: Not Authorized to access updateTodoOwnerFieldString on type Mutation"`,
       );
 
-      const getResult = await todoHelperNonOwner.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        await todoHelperNonOwner.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwnerFieldString on type Query"`);
 
       const listTodosResult = await todoHelperNonOwner.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -375,10 +377,11 @@ export const testCustomClaimsRefersTo = (engine: ImportedRDSType): void => {
         await todoHelperNonOwner.update(`update${modelName}`, todoUpdated);
       }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoOwnerFieldList on type Mutation"`);
 
-      const getResult = await todoHelperNonOwner.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        await todoHelperNonOwner.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwnerFieldList on type Query"`);
 
       const listTodosResult = await todoHelperNonOwner.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -579,10 +582,11 @@ export const testCustomClaimsRefersTo = (engine: ImportedRDSType): void => {
         `"GraphQL error: Not Authorized to access updateTodoGroupFieldString on type Mutation"`,
       );
 
-      const getResult = await todoHelperNonAdmin.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        await todoHelperNonAdmin.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoGroupFieldString on type Query"`);
 
       const listTodosResult = await todoHelperNonAdmin.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -659,10 +663,11 @@ export const testCustomClaimsRefersTo = (engine: ImportedRDSType): void => {
         await todoHelperNonAdmin.update(`update${modelName}`, todoUpdated);
       }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoGroupFieldList on type Mutation"`);
 
-      const getResult = await todoHelperNonAdmin.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonAdmin.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoGroupFieldList on type Query"`);
 
       const listTodosResult = await todoHelperNonAdmin.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);

packages/amplify-e2e-tests/src/rds-v2-tests-common/rds-auth-oidc.ts

@@ -351,10 +351,11 @@ export const testOIDCAuth = (engine: ImportedRDSType): void => {
         'GraphQL error: Not Authorized to access updateTodoOwner on type Mutation',
       );
 
-      const getResult = await todoHelperNonOwner.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonOwner.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwner on type Query"`);
 
       const listTodosResult = await todoHelperNonOwner.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -504,10 +505,11 @@ export const testOIDCAuth = (engine: ImportedRDSType): void => {
         'GraphQL error: Not Authorized to access updateTodoOwnerFieldString on type Mutation',
       );
 
-      const getResult = await todoHelperNonOwner.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonOwner.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwnerFieldString on type Query"`);
 
       const listTodosResult = await todoHelperNonOwner.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -655,10 +657,11 @@ export const testOIDCAuth = (engine: ImportedRDSType): void => {
         'GraphQL error: Not Authorized to access updateTodoOwnerFieldList on type Mutation',
       );
 
-      const getResult = await todoHelperNonOwner.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonOwner.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwnerFieldList on type Query"`);
 
       const listTodosResult = await todoHelperNonOwner.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -988,10 +991,11 @@ export const testOIDCAuth = (engine: ImportedRDSType): void => {
         'GraphQL error: Not Authorized to access updateTodoGroupFieldString on type Mutation',
       );
 
-      const getResult = await todoHelperNonAdmin.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonAdmin.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoGroupFieldString on type Query"`);
 
       const listTodosResult = await todoHelperNonAdmin.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -1100,10 +1104,11 @@ export const testOIDCAuth = (engine: ImportedRDSType): void => {
         'GraphQL error: Not Authorized to access updateTodoGroupFieldList on type Mutation',
       );
 
-      const getResult = await todoHelperNonAdmin.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonAdmin.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoGroupFieldList on type Query"`);
 
       const listTodosResult = await todoHelperNonAdmin.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);

packages/amplify-e2e-tests/src/rds-v2-tests-common/rds-auth-userpool.ts

@@ -325,10 +325,11 @@ export const testUserPoolAuth = (engine: ImportedRDSType): void => {
         await todoHelperNonOwner.update(`update${modelName}`, todoUpdated);
       }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoOwner on type Mutation"`);
 
-      const getResult = await todoHelperNonOwner.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonOwner.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwner on type Query"`);
 
       const listTodosResult = await todoHelperNonOwner.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -480,10 +481,11 @@ export const testUserPoolAuth = (engine: ImportedRDSType): void => {
         `"GraphQL error: Not Authorized to access updateTodoOwnerFieldString on type Mutation"`,
       );
 
-      const getResult = await todoHelperNonOwner.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonOwner.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwnerFieldString on type Query"`);
 
       const listTodosResult = await todoHelperNonOwner.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -633,10 +635,11 @@ export const testUserPoolAuth = (engine: ImportedRDSType): void => {
         await todoHelperNonOwner.update(`update${modelName}`, todoUpdated);
       }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoOwnerFieldList on type Mutation"`);
 
-      const getResult = await todoHelperNonOwner.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonOwner.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoOwnerFieldList on type Query"`);
 
       const listTodosResult = await todoHelperNonOwner.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -973,10 +976,11 @@ export const testUserPoolAuth = (engine: ImportedRDSType): void => {
         `"GraphQL error: Not Authorized to access updateTodoGroupFieldString on type Mutation"`,
       );
 
-      const getResult = await todoHelperNonAdmin.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonAdmin.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoGroupFieldString on type Query"`);
 
       const listTodosResult = await todoHelperNonAdmin.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);
@@ -1087,10 +1091,11 @@ export const testUserPoolAuth = (engine: ImportedRDSType): void => {
         await todoHelperNonAdmin.update(`update${modelName}`, todoUpdated);
       }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access updateTodoGroupFieldList on type Mutation"`);
 
-      const getResult = await todoHelperNonAdmin.get({
-        id: todo['id'],
-      });
-      expect(getResult.data[`get${modelName}`]).toBeNull();
+      await expect(async () => {
+        const getResult = await todoHelperNonAdmin.get({
+          id: todo['id'],
+        });
+      }).rejects.toThrowErrorMatchingInlineSnapshot(`"GraphQL error: Not Authorized to access getTodoGroupFieldList on type Query"`);
 
       const listTodosResult = await todoHelperNonAdmin.list();
       checkListItemExistence(listTodosResult, `list${modelName}s`, todo['id']);

packages/amplify-graphql-auth-transformer/src/__tests__/__snapshots__/iam-access.test.ts.snap

@@ -1931,6 +1931,7 @@ exports[`rds simple model with apiKey and iam access 7`] = `
   #if( !$authResult || ($authResult && !$authResult.authorized) )
     $util.unauthorized()
   #end
+  $util.qr($ctx.stash.put(\\"authRules\\", $authRules))
   #if( $authResult && !$util.isNullOrEmpty($authResult.authFilter) )
     #set( $ctx.stash.authFilter = $authResult.authFilter )
   #end
@@ -1975,6 +1976,7 @@ exports[`rds simple model with apiKey and iam access 9`] = `
   #if( !$authResult || ($authResult && !$authResult.authorized) )
     $util.unauthorized()
   #end
+  $util.qr($ctx.stash.put(\\"authRules\\", $authRules))
   #if( $authResult && !$util.isNullOrEmpty($authResult.authFilter) )
     #set( $ctx.stash.authFilter = $authResult.authFilter )
   #end
@@ -2276,6 +2278,7 @@ $util.qr($authRules.add({
 #if( !$authResult || ($authResult && !$authResult.authorized) )
   $util.unauthorized()
 #end
+$util.qr($ctx.stash.put(\\"authRules\\", $authRules))
 #if( $authResult && !$util.isNullOrEmpty($authResult.authFilter) )
   #set( $ctx.stash.authFilter = $authResult.authFilter )
 #end
@@ -2312,6 +2315,7 @@ $util.qr($authRules.add({
 #if( !$authResult || ($authResult && !$authResult.authorized) )
   $util.unauthorized()
 #end
+$util.qr($ctx.stash.put(\\"authRules\\", $authRules))
 #if( $authResult && !$util.isNullOrEmpty($authResult.authFilter) )
   #set( $ctx.stash.authFilter = $authResult.authFilter )
 #end
@@ -2617,6 +2621,7 @@ exports[`rds simple model with iam provider and iam access 7`] = `
   #if( !$authResult || ($authResult && !$authResult.authorized) )
     $util.unauthorized()
   #end
+  $util.qr($ctx.stash.put(\\"authRules\\", $authRules))
   #if( $authResult && !$util.isNullOrEmpty($authResult.authFilter) )
     #set( $ctx.stash.authFilter = $authResult.authFilter )
   #end
@@ -2662,6 +2667,7 @@ exports[`rds simple model with iam provider and iam access 9`] = `
   #if( !$authResult || ($authResult && !$authResult.authorized) )
     $util.unauthorized()
   #end
+  $util.qr($ctx.stash.put(\\"authRules\\", $authRules))
   #if( $authResult && !$util.isNullOrEmpty($authResult.authFilter) )
     #set( $ctx.stash.authFilter = $authResult.authFilter )
   #end
@@ -2998,6 +3004,7 @@ exports[`rds simple model with iam provider and iam access and non default AWS_I
   #if( !$authResult || ($authResult && !$authResult.authorized) )
     $util.unauthorized()
   #end
+  $util.qr($ctx.stash.put(\\"authRules\\", $authRules))
   #if( $authResult && !$util.isNullOrEmpty($authResult.authFilter) )
     #set( $ctx.stash.authFilter = $authResult.authFilter )
   #end
@@ -3043,6 +3050,7 @@ exports[`rds simple model with iam provider and iam access and non default AWS_I
   #if( !$authResult || ($authResult && !$authResult.authorized) )
     $util.unauthorized()
   #end
+  $util.qr($ctx.stash.put(\\"authRules\\", $authRules))
   #if( $authResult && !$util.isNullOrEmpty($authResult.authFilter) )
     #set( $ctx.stash.authFilter = $authResult.authFilter )
   #end
@@ -3351,6 +3359,7 @@ $util.qr($authRules.add({
 #if( !$authResult || ($authResult && !$authResult.authorized) )
   $util.unauthorized()
 #end
+$util.qr($ctx.stash.put(\\"authRules\\", $authRules))
 #if( $authResult && !$util.isNullOrEmpty($authResult.authFilter) )
   #set( $ctx.stash.authFilter = $authResult.authFilter )
 #end
@@ -3388,6 +3397,7 @@ $util.qr($authRules.add({
 #if( !$authResult || ($authResult && !$authResult.authorized) )
   $util.unauthorized()
 #end
+$util.qr($ctx.stash.put(\\"authRules\\", $authRules))
 #if( $authResult && !$util.isNullOrEmpty($authResult.authFilter) )
   #set( $ctx.stash.authFilter = $authResult.authFilter )
 #end