Skip to content

Force clear credentials when bypassCache: true #6581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
elorzafe merged 1 commit into from
Aug 17, 2020
Merged

Force clear credentials when bypassCache: true #6581

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
71 changes: 71 additions & 0 deletions packages/auth/__tests__/auth-creds-test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
import { AuthClass as Auth } from '../src/Auth';
import { Credentials } from '@aws-amplify/core';
import { AuthOptions } from '../src/types';
import {
CognitoUser,
CognitoUserPool,
CognitoUserSession,
CognitoAccessToken,
CognitoIdToken,
} from 'amazon-cognito-identity-js';
const authOptions: AuthOptions = {
userPoolId: 'us-west-2_0xxxxxxxx',
userPoolWebClientId: 'awsUserPoolsWebClientId',
region: 'region',
identityPoolId: 'awsCognitoIdentityPoolId',
mandatorySignIn: false,
};

describe('credentials syncing tests', () => {
it('BypassCache clear credentials', async () => {
const auth = new Auth(authOptions);

jest
.spyOn(CognitoUser.prototype, 'authenticateUser')
.mockImplementation((authenticationDetails, callback) => {
const session = new CognitoUserSession({
AccessToken: new CognitoAccessToken({ AccessToken: 'accesstoken' }),
IdToken: new CognitoIdToken({ IdToken: 'Idtoken' }),
});

callback.onSuccess(session, false);
});

jest
.spyOn(CognitoUserPool.prototype, 'getCurrentUser')
.mockImplementation(() => {
return new CognitoUser({
Pool: new CognitoUserPool({
UserPoolId: authOptions.userPoolId,
ClientId: authOptions.userPoolWebClientId,
}),
Username: 'test',
});
});

const session = new CognitoUserSession({
AccessToken: new CognitoAccessToken({ AccessToken: 'accesstoken' }),
IdToken: new CognitoIdToken({ IdToken: 'Idtoken' }),
});

jest
.spyOn(CognitoUser.prototype, 'getSession')
.mockImplementation(callback => {
callback(null, session);
});

const spyCredentials = jest
.spyOn(Credentials, 'set')
.mockImplementationOnce(c => c);

const username = 'test';
await auth.signIn({ username, password: 'test' });

const clearCredentialsSpy = jest.spyOn(Credentials, 'clear');
await auth.currentAuthenticatedUser({ bypassCache: true });

expect(clearCredentialsSpy).toHaveBeenCalled();

jest.clearAllMocks();
});
});
9 changes: 7 additions & 2 deletions packages/auth/src/Auth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1150,7 +1150,7 @@ export class AuthClass {
}

// refresh the session if the session expired.
user.getSession((err, session) => {
user.getSession(async (err, session) => {
if (err) {
logger.debug('Failed to get the user session', err);
rej(err);
Expand All @@ -1159,7 +1159,12 @@ export class AuthClass {

// get user data from Cognito
const bypassCache = params ? params.bypassCache : false;
// validate the token's scope fisrt before calling this function

if (bypassCache) {
await Credentials.clear();
}

// validate the token's scope first before calling this function
const { scope = '' } = session.getAccessToken().decodePayload();
if (scope.split(' ').includes(USER_ADMIN_SCOPE)) {
user.getUserData(
Expand Down