From e4dc18513bb075f6f0d1e92d842133d99bdde742 Mon Sep 17 00:00:00 2001 From: Oleh Onufryk Date: Fri, 13 Dec 2024 21:12:06 +0200 Subject: [PATCH] gh-1246: support for public client operations --- .../cloud/cognito/CognitoTemplate.java | 25 +++++++++++++------ .../io/awspring/cloud/AuthController.java | 1 + 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java index e86236e8c..385849e33 100644 --- a/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java +++ b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java @@ -91,20 +91,31 @@ public ForgotPasswordResponse resetPassword(String username) { @Override public ConfirmForgotPasswordResponse confirmResetPassword(String username, String confirmationCode, String newPassword) { - ConfirmForgotPasswordRequest confirmForgotPasswordRequest = ConfirmForgotPasswordRequest.builder() - .clientId(clientId).username(username).password(newPassword).confirmationCode(confirmationCode) - .secretHash(CognitoUtils.calculateSecretHash(clientId, clientSecret, username)).build(); + ConfirmForgotPasswordRequest.Builder confirmForgotPasswordRequestBuilder = ConfirmForgotPasswordRequest + .builder().clientId(clientId).username(username).password(newPassword) + .confirmationCode(confirmationCode); + + if (this.clientSecret != null) { + confirmForgotPasswordRequestBuilder + .secretHash(CognitoUtils.calculateSecretHash(clientId, clientSecret, username)); + } + ConfirmForgotPasswordRequest confirmForgotPasswordRequest = confirmForgotPasswordRequestBuilder.build(); return cognitoIdentityProviderClient.confirmForgotPassword(confirmForgotPasswordRequest); } @Override public RespondToAuthChallengeResponse setPermanentPassword(String session, String username, String password) { + Map resetPasswordParametersMap = new HashMap<>(); + resetPasswordParametersMap.put(CognitoParameters.USERNAME_PARAM_NAME, username); + resetPasswordParametersMap.put(CognitoParameters.NEW_PASSWORD_PARAM_NAME, password); + + if (this.clientSecret != null) { + resetPasswordParametersMap.put(CognitoParameters.SECRET_HASH_PARAM_NAME, + CognitoUtils.calculateSecretHash(clientId, clientSecret, username)); + } RespondToAuthChallengeRequest respondToAuthChallengeRequest = RespondToAuthChallengeRequest.builder() .clientId(clientId).challengeName(ChallengeNameType.NEW_PASSWORD_REQUIRED).session(session) - .challengeResponses(Map.of(CognitoParameters.USERNAME_PARAM_NAME, username, - CognitoParameters.NEW_PASSWORD_PARAM_NAME, password, CognitoParameters.SECRET_HASH_PARAM_NAME, - CognitoUtils.calculateSecretHash(clientId, clientSecret, username))) - .build(); + .challengeResponses(resetPasswordParametersMap).build(); return cognitoIdentityProviderClient.respondToAuthChallenge(respondToAuthChallengeRequest); } diff --git a/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/java/io/awspring/cloud/AuthController.java b/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/java/io/awspring/cloud/AuthController.java index f4811a6bc..d9af3f949 100644 --- a/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/java/io/awspring/cloud/AuthController.java +++ b/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/java/io/awspring/cloud/AuthController.java @@ -60,6 +60,7 @@ LoginResponse login(@RequestBody LoginRequest loginRequest) { AuthResult authResult = new AuthResult(); authResult.setStatus(Status.SET_PASSWORD); loginResponse.setAuthResult(authResult); + return loginResponse; } AuthenticationResultType authenticationResultType = response.authenticationResult(); AuthResult authResult = new AuthResult();