From 58107097d6238ad357a8edf2809df62e74803da7 Mon Sep 17 00:00:00 2001 From: Shiv Lakshminarayan Date: Sat, 17 Oct 2020 02:53:29 -0700 Subject: [PATCH 1/2] chore(cognito): reorganize identity providers structure so that UserPoolIdentityProviderBase is not exported we had split out identity providers to have a file per provider. however, in this organization we were exporting the base class which we did not intend to. the `UserPoolIdentityProviderBase` class cannot be moved to a separate file (i.e. private folder) as JSII will be unable to resolve type. following our typical pattern of containing all extensions of the base class within a single file `user-pool-idp.ts` and moved all the tests over as well. BREAKING CHANGE: the `UserPoolIdentityProviderBase` abstract class has been removed. Use the `UserPoolIdentityProvider*` classes directly. --- packages/@aws-cdk/aws-cognito/lib/index.ts | 3 +- .../@aws-cdk/aws-cognito/lib/user-pool-idp.ts | 387 ++++++++++++++++++ .../aws-cognito/lib/user-pool-idps/amazon.ts | 53 --- .../aws-cognito/lib/user-pool-idps/base.ts | 233 ----------- .../lib/user-pool-idps/facebook.ts | 58 --- .../aws-cognito/lib/user-pool-idps/google.ts | 53 --- .../aws-cognito/lib/user-pool-idps/index.ts | 4 - .../aws-cognito/test/user-pool-idp.test.ts | 295 +++++++++++++ .../aws-cognito/test/user-pool-idp.ts | 295 +++++++++++++ .../test/user-pool-idps/amazon.test.ts | 101 ----- .../test/user-pool-idps/base.test.ts | 94 ----- .../test/user-pool-idps/facebook.test.ts | 103 ----- .../test/user-pool-idps/google.test.ts | 101 ----- 13 files changed, 978 insertions(+), 802 deletions(-) delete mode 100644 packages/@aws-cdk/aws-cognito/lib/user-pool-idps/amazon.ts delete mode 100644 packages/@aws-cdk/aws-cognito/lib/user-pool-idps/base.ts delete mode 100644 packages/@aws-cdk/aws-cognito/lib/user-pool-idps/facebook.ts delete mode 100644 packages/@aws-cdk/aws-cognito/lib/user-pool-idps/google.ts delete mode 100644 packages/@aws-cdk/aws-cognito/lib/user-pool-idps/index.ts create mode 100644 packages/@aws-cdk/aws-cognito/test/user-pool-idp.test.ts create mode 100644 packages/@aws-cdk/aws-cognito/test/user-pool-idp.ts delete mode 100644 packages/@aws-cdk/aws-cognito/test/user-pool-idps/amazon.test.ts delete mode 100644 packages/@aws-cdk/aws-cognito/test/user-pool-idps/base.test.ts delete mode 100644 packages/@aws-cdk/aws-cognito/test/user-pool-idps/facebook.test.ts delete mode 100644 packages/@aws-cdk/aws-cognito/test/user-pool-idps/google.test.ts diff --git a/packages/@aws-cdk/aws-cognito/lib/index.ts b/packages/@aws-cdk/aws-cognito/lib/index.ts index 2da1e6121b69b..9aaccf45bf47e 100644 --- a/packages/@aws-cdk/aws-cognito/lib/index.ts +++ b/packages/@aws-cdk/aws-cognito/lib/index.ts @@ -4,5 +4,4 @@ export * from './user-pool'; export * from './user-pool-attr'; export * from './user-pool-client'; export * from './user-pool-domain'; -export * from './user-pool-idp'; -export * from './user-pool-idps'; \ No newline at end of file +export * from './user-pool-idp'; \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool-idp.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool-idp.ts index c569ccd778fd8..1cc5ccbea23b1 100644 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool-idp.ts +++ b/packages/@aws-cdk/aws-cognito/lib/user-pool-idp.ts @@ -1,5 +1,8 @@ import { IResource, Resource } from '@aws-cdk/core'; import { Construct } from 'constructs'; +import { CfnUserPoolIdentityProvider } from './cognito.generated'; +import { StandardAttributeNames } from './private/attr-names'; +import { IUserPool } from './user-pool'; /** * Represents a UserPoolIdentityProvider @@ -29,4 +32,388 @@ export class UserPoolIdentityProvider { } private constructor() {} +} + +/** + * An attribute available from a third party identity provider. + */ +export class ProviderAttribute { + /** The user id attribute provided by Amazon */ + public static readonly AMAZON_USER_ID = new ProviderAttribute('user_id'); + /** The email attribute provided by Amazon */ + public static readonly AMAZON_EMAIL = new ProviderAttribute('email'); + /** The name attribute provided by Amazon */ + public static readonly AMAZON_NAME = new ProviderAttribute('name'); + /** The postal code attribute provided by Amazon */ + public static readonly AMAZON_POSTAL_CODE = new ProviderAttribute('postal_code'); + + /** The user id attribute provided by Facebook */ + public static readonly FACEBOOK_ID = new ProviderAttribute('id'); + /** The birthday attribute provided by Facebook */ + public static readonly FACEBOOK_BIRTHDAY = new ProviderAttribute('birthday'); + /** The email attribute provided by Facebook */ + public static readonly FACEBOOK_EMAIL = new ProviderAttribute('email'); + /** The name attribute provided by Facebook */ + public static readonly FACEBOOK_NAME = new ProviderAttribute('name'); + /** The first name attribute provided by Facebook */ + public static readonly FACEBOOK_FIRST_NAME = new ProviderAttribute('first_name'); + /** The last name attribute provided by Facebook */ + public static readonly FACEBOOK_LAST_NAME = new ProviderAttribute('last_name'); + /** The middle name attribute provided by Facebook */ + public static readonly FACEBOOK_MIDDLE_NAME = new ProviderAttribute('middle_name'); + /** The gender attribute provided by Facebook */ + public static readonly FACEBOOK_GENDER = new ProviderAttribute('gender'); + /** The locale attribute provided by Facebook */ + public static readonly FACEBOOK_LOCALE = new ProviderAttribute('locale'); + + /** The name attribute provided by Google */ + public static readonly GOOGLE_NAMES = new ProviderAttribute('names'); + /** The gender attribute provided by Google */ + public static readonly GOOGLE_GENDER = new ProviderAttribute('gender'); + /** The birthday attribute provided by Google */ + public static readonly GOOGLE_BIRTHDAYS = new ProviderAttribute('birthdays'); + /** The birthday attribute provided by Google */ + public static readonly GOOGLE_PHONE_NUMBERS = new ProviderAttribute('phoneNumbers'); + /** The email attribute provided by Google */ + public static readonly GOOGLE_EMAIL = new ProviderAttribute('email'); + /** The name attribute provided by Google */ + public static readonly GOOGLE_NAME = new ProviderAttribute('name'); + /** The email attribute provided by Google */ + public static readonly GOOGLE_PICTURE = new ProviderAttribute('picture'); + /** The email attribute provided by Google */ + public static readonly GOOGLE_GIVEN_NAME = new ProviderAttribute('given_name'); + /** The email attribute provided by Google */ + public static readonly GOOGLE_FAMILY_NAME = new ProviderAttribute('family_name'); + + /** + * Use this to specify an attribute from the identity provider that is not pre-defined in the CDK. + * @param attributeName the attribute value string as recognized by the provider + */ + public static other(attributeName: string): ProviderAttribute { + return new ProviderAttribute(attributeName); + } + + /** The attribute value string as recognized by the provider. */ + public readonly attributeName: string; + + private constructor(attributeName: string) { + this.attributeName = attributeName; + } +} + +/** + * The mapping of user pool attributes to the attributes provided by the identity providers. + */ +export interface AttributeMapping { + /** + * The user's postal address is a required attribute. + * @default - not mapped + */ + readonly address?: ProviderAttribute; + + /** + * The user's birthday. + * @default - not mapped + */ + readonly birthdate?: ProviderAttribute; + + /** + * The user's e-mail address. + * @default - not mapped + */ + readonly email?: ProviderAttribute; + + /** + * The surname or last name of user. + * @default - not mapped + */ + readonly familyName?: ProviderAttribute; + + /** + * The user's gender. + * @default - not mapped + */ + readonly gender?: ProviderAttribute; + + /** + * The user's first name or give name. + * @default - not mapped + */ + readonly givenName?: ProviderAttribute; + + /** + * The user's locale. + * @default - not mapped + */ + readonly locale?: ProviderAttribute; + + /** + * The user's middle name. + * @default - not mapped + */ + readonly middleName?: ProviderAttribute; + + /** + * The user's full name in displayable form. + * @default - not mapped + */ + readonly fullname?: ProviderAttribute; + + /** + * The user's nickname or casual name. + * @default - not mapped + */ + readonly nickname?: ProviderAttribute; + + /** + * The user's telephone number. + * @default - not mapped + */ + readonly phoneNumber?: ProviderAttribute; + + /** + * The URL to the user's profile picture. + * @default - not mapped + */ + readonly profilePicture?: ProviderAttribute; + + /** + * The user's preferred username. + * @default - not mapped + */ + readonly preferredUsername?: ProviderAttribute; + + /** + * The URL to the user's profile page. + * @default - not mapped + */ + readonly profilePage?: ProviderAttribute; + + /** + * The user's time zone. + * @default - not mapped + */ + readonly timezone?: ProviderAttribute; + + /** + * Time, the user's information was last updated. + * @default - not mapped + */ + readonly lastUpdateTime?: ProviderAttribute; + + /** + * The URL to the user's web page or blog. + * @default - not mapped + */ + readonly website?: ProviderAttribute; + + /** + * Specify custom attribute mapping here and mapping for any standard attributes not supported yet. + * @default - no custom attribute mapping + */ + readonly custom?: { [key: string]: ProviderAttribute }; +} + +/** + * Properties to create a new instance of UserPoolIdentityProvider + */ +export interface UserPoolIdentityProviderProps { + /** + * The user pool to which this construct provides identities. + */ + readonly userPool: IUserPool; + + /** + * Mapping attributes from the identity provider to standard and custom attributes of the user pool. + * @default - no attribute mapping + */ + readonly attributeMapping?: AttributeMapping; +} + +/** + * Options to integrate with the various social identity providers. + */ +abstract class UserPoolIdentityProviderBase extends Resource implements IUserPoolIdentityProvider { + public abstract readonly providerName: string; + + public constructor(scope: Construct, id: string, private readonly props: UserPoolIdentityProviderProps) { + super(scope, id); + props.userPool.registerIdentityProvider(this); + } + + protected configureAttributeMapping(): any { + if (!this.props.attributeMapping) { + return undefined; + } + type SansCustom = Omit; + let mapping: { [key: string]: string } = {}; + mapping = Object.entries(this.props.attributeMapping) + .filter(([k, _]) => k !== 'custom') // 'custom' handled later separately + .reduce((agg, [k, v]) => { + return { ...agg, [StandardAttributeNames[k as keyof SansCustom]]: v.attributeName }; + }, mapping); + if (this.props.attributeMapping.custom) { + mapping = Object.entries(this.props.attributeMapping.custom).reduce((agg, [k, v]) => { + return { ...agg, [k]: v.attributeName }; + }, mapping); + } + if (Object.keys(mapping).length === 0) { return undefined; } + return mapping; + } +} + +/** + * Properties to initialize UserPoolAmazonIdentityProvider + */ +export interface UserPoolIdentityProviderAmazonProps extends UserPoolIdentityProviderProps { + /** + * The client id recognized by 'Login with Amazon' APIs. + * @see https://developer.amazon.com/docs/login-with-amazon/security-profile.html#client-identifier + */ + readonly clientId: string; + /** + * The client secret to be accompanied with clientId for 'Login with Amazon' APIs to authenticate the client. + * @see https://developer.amazon.com/docs/login-with-amazon/security-profile.html#client-identifier + */ + readonly clientSecret: string; + /** + * The types of user profile data to obtain for the Amazon profile. + * @see https://developer.amazon.com/docs/login-with-amazon/customer-profile.html + * @default [ profile ] + */ + readonly scopes?: string[]; +} + +/** + * Represents a identity provider that integrates with 'Login with Amazon' + * @resource AWS::Cognito::UserPoolIdentityProvider + */ +export class UserPoolIdentityProviderAmazon extends UserPoolIdentityProviderBase { + public readonly providerName: string; + + constructor(scope: Construct, id: string, props: UserPoolIdentityProviderAmazonProps) { + super(scope, id, props); + + const scopes = props.scopes ?? ['profile']; + + const resource = new CfnUserPoolIdentityProvider(this, 'Resource', { + userPoolId: props.userPool.userPoolId, + providerName: 'LoginWithAmazon', // must be 'LoginWithAmazon' when the type is 'LoginWithAmazon' + providerType: 'LoginWithAmazon', + providerDetails: { + client_id: props.clientId, + client_secret: props.clientSecret, + authorize_scopes: scopes.join(' '), + }, + attributeMapping: super.configureAttributeMapping(), + }); + + this.providerName = super.getResourceNameAttribute(resource.ref); + } +} + +/** + * Properties to initialize UserPoolFacebookIdentityProvider + */ +export interface UserPoolIdentityProviderFacebookProps extends UserPoolIdentityProviderProps { + /** + * The client id recognized by Facebook APIs. + */ + readonly clientId: string; + /** + * The client secret to be accompanied with clientUd for Facebook to authenticate the client. + * @see https://developers.facebook.com/docs/facebook-login/security#appsecret + */ + readonly clientSecret: string; + /** + * The list of facebook permissions to obtain for getting access to the Facebook profile. + * @see https://developers.facebook.com/docs/facebook-login/permissions + * @default [ public_profile ] + */ + readonly scopes?: string[]; + /** + * The Facebook API version to use + * @default - to the oldest version supported by Facebook + */ + readonly apiVersion?: string; +} + +/** +* Represents a identity provider that integrates with 'Facebook Login' +* @resource AWS::Cognito::UserPoolIdentityProvider +*/ +export class UserPoolIdentityProviderFacebook extends UserPoolIdentityProviderBase { + public readonly providerName: string; + + constructor(scope: Construct, id: string, props: UserPoolIdentityProviderFacebookProps) { + super(scope, id, props); + + const scopes = props.scopes ?? ['public_profile']; + + const resource = new CfnUserPoolIdentityProvider(this, 'Resource', { + userPoolId: props.userPool.userPoolId, + providerName: 'Facebook', // must be 'Facebook' when the type is 'Facebook' + providerType: 'Facebook', + providerDetails: { + client_id: props.clientId, + client_secret: props.clientSecret, + authorize_scopes: scopes.join(','), + api_version: props.apiVersion, + }, + attributeMapping: super.configureAttributeMapping(), + }); + + this.providerName = super.getResourceNameAttribute(resource.ref); + } +} + + +/** + * Properties to initialize UserPoolGoogleIdentityProvider + */ +export interface UserPoolIdentityProviderGoogleProps extends UserPoolIdentityProviderProps { + /** + * The client id recognized by Google APIs. + * @see https://developers.google.com/identity/sign-in/web/sign-in#specify_your_apps_client_id + */ + readonly clientId: string; + /** + * The client secret to be accompanied with clientId for Google APIs to authenticate the client. + * @see https://developers.google.com/identity/sign-in/web/sign-in + */ + readonly clientSecret: string; + /** + * The list of google permissions to obtain for getting access to the google profile + * @see https://developers.google.com/identity/sign-in/web/sign-in + * @default [ profile ] + */ + readonly scopes?: string[]; +} + +/** + * Represents a identity provider that integrates with 'Google' + * @resource AWS::Cognito::UserPoolIdentityProvider + */ +export class UserPoolIdentityProviderGoogle extends UserPoolIdentityProviderBase { + public readonly providerName: string; + + constructor(scope: Construct, id: string, props: UserPoolIdentityProviderGoogleProps) { + super(scope, id, props); + + const scopes = props.scopes ?? ['profile']; + + const resource = new CfnUserPoolIdentityProvider(this, 'Resource', { + userPoolId: props.userPool.userPoolId, + providerName: 'Google', // must be 'Google' when the type is 'Google' + providerType: 'Google', + providerDetails: { + client_id: props.clientId, + client_secret: props.clientSecret, + authorize_scopes: scopes.join(' '), + }, + attributeMapping: super.configureAttributeMapping(), + }); + + this.providerName = super.getResourceNameAttribute(resource.ref); + } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/amazon.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/amazon.ts deleted file mode 100644 index e6c0258d9346a..0000000000000 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/amazon.ts +++ /dev/null @@ -1,53 +0,0 @@ -import { Construct } from 'constructs'; -import { CfnUserPoolIdentityProvider } from '../cognito.generated'; -import { UserPoolIdentityProviderBase, UserPoolIdentityProviderProps } from './base'; - -/** - * Properties to initialize UserPoolAmazonIdentityProvider - */ -export interface UserPoolIdentityProviderAmazonProps extends UserPoolIdentityProviderProps { - /** - * The client id recognized by 'Login with Amazon' APIs. - * @see https://developer.amazon.com/docs/login-with-amazon/security-profile.html#client-identifier - */ - readonly clientId: string; - /** - * The client secret to be accompanied with clientId for 'Login with Amazon' APIs to authenticate the client. - * @see https://developer.amazon.com/docs/login-with-amazon/security-profile.html#client-identifier - */ - readonly clientSecret: string; - /** - * The types of user profile data to obtain for the Amazon profile. - * @see https://developer.amazon.com/docs/login-with-amazon/customer-profile.html - * @default [ profile ] - */ - readonly scopes?: string[]; -} - -/** - * Represents a identity provider that integrates with 'Login with Amazon' - * @resource AWS::Cognito::UserPoolIdentityProvider - */ -export class UserPoolIdentityProviderAmazon extends UserPoolIdentityProviderBase { - public readonly providerName: string; - - constructor(scope: Construct, id: string, props: UserPoolIdentityProviderAmazonProps) { - super(scope, id, props); - - const scopes = props.scopes ?? ['profile']; - - const resource = new CfnUserPoolIdentityProvider(this, 'Resource', { - userPoolId: props.userPool.userPoolId, - providerName: 'LoginWithAmazon', // must be 'LoginWithAmazon' when the type is 'LoginWithAmazon' - providerType: 'LoginWithAmazon', - providerDetails: { - client_id: props.clientId, - client_secret: props.clientSecret, - authorize_scopes: scopes.join(' '), - }, - attributeMapping: super.configureAttributeMapping(), - }); - - this.providerName = super.getResourceNameAttribute(resource.ref); - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/base.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/base.ts deleted file mode 100644 index e32f59eca2de5..0000000000000 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/base.ts +++ /dev/null @@ -1,233 +0,0 @@ -import { Resource } from '@aws-cdk/core'; -import { Construct } from 'constructs'; -import { StandardAttributeNames } from '../private/attr-names'; -import { IUserPool } from '../user-pool'; -import { IUserPoolIdentityProvider } from '../user-pool-idp'; - -/** - * An attribute available from a third party identity provider. - */ -export class ProviderAttribute { - /** The user id attribute provided by Amazon */ - public static readonly AMAZON_USER_ID = new ProviderAttribute('user_id'); - /** The email attribute provided by Amazon */ - public static readonly AMAZON_EMAIL = new ProviderAttribute('email'); - /** The name attribute provided by Amazon */ - public static readonly AMAZON_NAME = new ProviderAttribute('name'); - /** The postal code attribute provided by Amazon */ - public static readonly AMAZON_POSTAL_CODE = new ProviderAttribute('postal_code'); - - /** The user id attribute provided by Facebook */ - public static readonly FACEBOOK_ID = new ProviderAttribute('id'); - /** The birthday attribute provided by Facebook */ - public static readonly FACEBOOK_BIRTHDAY = new ProviderAttribute('birthday'); - /** The email attribute provided by Facebook */ - public static readonly FACEBOOK_EMAIL = new ProviderAttribute('email'); - /** The name attribute provided by Facebook */ - public static readonly FACEBOOK_NAME = new ProviderAttribute('name'); - /** The first name attribute provided by Facebook */ - public static readonly FACEBOOK_FIRST_NAME = new ProviderAttribute('first_name'); - /** The last name attribute provided by Facebook */ - public static readonly FACEBOOK_LAST_NAME = new ProviderAttribute('last_name'); - /** The middle name attribute provided by Facebook */ - public static readonly FACEBOOK_MIDDLE_NAME = new ProviderAttribute('middle_name'); - /** The gender attribute provided by Facebook */ - public static readonly FACEBOOK_GENDER = new ProviderAttribute('gender'); - /** The locale attribute provided by Facebook */ - public static readonly FACEBOOK_LOCALE = new ProviderAttribute('locale'); - - /** The name attribute provided by Google */ - public static readonly GOOGLE_NAMES = new ProviderAttribute('names'); - /** The gender attribute provided by Google */ - public static readonly GOOGLE_GENDER = new ProviderAttribute('gender'); - /** The birthday attribute provided by Google */ - public static readonly GOOGLE_BIRTHDAYS = new ProviderAttribute('birthdays'); - /** The birthday attribute provided by Google */ - public static readonly GOOGLE_PHONE_NUMBERS = new ProviderAttribute('phoneNumbers'); - /** The email attribute provided by Google */ - public static readonly GOOGLE_EMAIL = new ProviderAttribute('email'); - /** The name attribute provided by Google */ - public static readonly GOOGLE_NAME = new ProviderAttribute('name'); - /** The email attribute provided by Google */ - public static readonly GOOGLE_PICTURE = new ProviderAttribute('picture'); - /** The email attribute provided by Google */ - public static readonly GOOGLE_GIVEN_NAME = new ProviderAttribute('given_name'); - /** The email attribute provided by Google */ - public static readonly GOOGLE_FAMILY_NAME = new ProviderAttribute('family_name'); - - /** - * Use this to specify an attribute from the identity provider that is not pre-defined in the CDK. - * @param attributeName the attribute value string as recognized by the provider - */ - public static other(attributeName: string): ProviderAttribute { - return new ProviderAttribute(attributeName); - } - - /** The attribute value string as recognized by the provider. */ - public readonly attributeName: string; - - private constructor(attributeName: string) { - this.attributeName = attributeName; - } -} - -/** - * The mapping of user pool attributes to the attributes provided by the identity providers. - */ -export interface AttributeMapping { - /** - * The user's postal address is a required attribute. - * @default - not mapped - */ - readonly address?: ProviderAttribute; - - /** - * The user's birthday. - * @default - not mapped - */ - readonly birthdate?: ProviderAttribute; - - /** - * The user's e-mail address. - * @default - not mapped - */ - readonly email?: ProviderAttribute; - - /** - * The surname or last name of user. - * @default - not mapped - */ - readonly familyName?: ProviderAttribute; - - /** - * The user's gender. - * @default - not mapped - */ - readonly gender?: ProviderAttribute; - - /** - * The user's first name or give name. - * @default - not mapped - */ - readonly givenName?: ProviderAttribute; - - /** - * The user's locale. - * @default - not mapped - */ - readonly locale?: ProviderAttribute; - - /** - * The user's middle name. - * @default - not mapped - */ - readonly middleName?: ProviderAttribute; - - /** - * The user's full name in displayable form. - * @default - not mapped - */ - readonly fullname?: ProviderAttribute; - - /** - * The user's nickname or casual name. - * @default - not mapped - */ - readonly nickname?: ProviderAttribute; - - /** - * The user's telephone number. - * @default - not mapped - */ - readonly phoneNumber?: ProviderAttribute; - - /** - * The URL to the user's profile picture. - * @default - not mapped - */ - readonly profilePicture?: ProviderAttribute; - - /** - * The user's preferred username. - * @default - not mapped - */ - readonly preferredUsername?: ProviderAttribute; - - /** - * The URL to the user's profile page. - * @default - not mapped - */ - readonly profilePage?: ProviderAttribute; - - /** - * The user's time zone. - * @default - not mapped - */ - readonly timezone?: ProviderAttribute; - - /** - * Time, the user's information was last updated. - * @default - not mapped - */ - readonly lastUpdateTime?: ProviderAttribute; - - /** - * The URL to the user's web page or blog. - * @default - not mapped - */ - readonly website?: ProviderAttribute; - - /** - * Specify custom attribute mapping here and mapping for any standard attributes not supported yet. - * @default - no custom attribute mapping - */ - readonly custom?: { [key: string]: ProviderAttribute }; -} - -/** - * Properties to create a new instance of UserPoolIdentityProvider - */ -export interface UserPoolIdentityProviderProps { - /** - * The user pool to which this construct provides identities. - */ - readonly userPool: IUserPool; - - /** - * Mapping attributes from the identity provider to standard and custom attributes of the user pool. - * @default - no attribute mapping - */ - readonly attributeMapping?: AttributeMapping; -} - -/** - * Options to integrate with the various social identity providers. - */ -export abstract class UserPoolIdentityProviderBase extends Resource implements IUserPoolIdentityProvider { - public abstract readonly providerName: string; - - public constructor(scope: Construct, id: string, private readonly props: UserPoolIdentityProviderProps) { - super(scope, id); - props.userPool.registerIdentityProvider(this); - } - - protected configureAttributeMapping(): any { - if (!this.props.attributeMapping) { - return undefined; - } - type SansCustom = Omit; - let mapping: { [key: string]: string } = {}; - mapping = Object.entries(this.props.attributeMapping) - .filter(([k, _]) => k !== 'custom') // 'custom' handled later separately - .reduce((agg, [k, v]) => { - return { ...agg, [StandardAttributeNames[k as keyof SansCustom]]: v.attributeName }; - }, mapping); - if (this.props.attributeMapping.custom) { - mapping = Object.entries(this.props.attributeMapping.custom).reduce((agg, [k, v]) => { - return { ...agg, [k]: v.attributeName }; - }, mapping); - } - if (Object.keys(mapping).length === 0) { return undefined; } - return mapping; - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/facebook.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/facebook.ts deleted file mode 100644 index 144344253e065..0000000000000 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/facebook.ts +++ /dev/null @@ -1,58 +0,0 @@ -import { Construct } from 'constructs'; -import { CfnUserPoolIdentityProvider } from '../cognito.generated'; -import { UserPoolIdentityProviderBase, UserPoolIdentityProviderProps } from './base'; - -/** - * Properties to initialize UserPoolFacebookIdentityProvider - */ -export interface UserPoolIdentityProviderFacebookProps extends UserPoolIdentityProviderProps { - /** - * The client id recognized by Facebook APIs. - */ - readonly clientId: string; - /** - * The client secret to be accompanied with clientUd for Facebook to authenticate the client. - * @see https://developers.facebook.com/docs/facebook-login/security#appsecret - */ - readonly clientSecret: string; - /** - * The list of facebook permissions to obtain for getting access to the Facebook profile. - * @see https://developers.facebook.com/docs/facebook-login/permissions - * @default [ public_profile ] - */ - readonly scopes?: string[]; - /** - * The Facebook API version to use - * @default - to the oldest version supported by Facebook - */ - readonly apiVersion?: string; -} - -/** - * Represents a identity provider that integrates with 'Facebook Login' - * @resource AWS::Cognito::UserPoolIdentityProvider - */ -export class UserPoolIdentityProviderFacebook extends UserPoolIdentityProviderBase { - public readonly providerName: string; - - constructor(scope: Construct, id: string, props: UserPoolIdentityProviderFacebookProps) { - super(scope, id, props); - - const scopes = props.scopes ?? ['public_profile']; - - const resource = new CfnUserPoolIdentityProvider(this, 'Resource', { - userPoolId: props.userPool.userPoolId, - providerName: 'Facebook', // must be 'Facebook' when the type is 'Facebook' - providerType: 'Facebook', - providerDetails: { - client_id: props.clientId, - client_secret: props.clientSecret, - authorize_scopes: scopes.join(','), - api_version: props.apiVersion, - }, - attributeMapping: super.configureAttributeMapping(), - }); - - this.providerName = super.getResourceNameAttribute(resource.ref); - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/google.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/google.ts deleted file mode 100644 index 12275646691e8..0000000000000 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/google.ts +++ /dev/null @@ -1,53 +0,0 @@ -import { Construct } from 'constructs'; -import { CfnUserPoolIdentityProvider } from '../cognito.generated'; -import { UserPoolIdentityProviderBase, UserPoolIdentityProviderProps } from './base'; - -/** - * Properties to initialize UserPoolGoogleIdentityProvider - */ -export interface UserPoolIdentityProviderGoogleProps extends UserPoolIdentityProviderProps { - /** - * The client id recognized by Google APIs. - * @see https://developers.google.com/identity/sign-in/web/sign-in#specify_your_apps_client_id - */ - readonly clientId: string; - /** - * The client secret to be accompanied with clientId for Google APIs to authenticate the client. - * @see https://developers.google.com/identity/sign-in/web/sign-in - */ - readonly clientSecret: string; - /** - * The list of google permissions to obtain for getting access to the google profile - * @see https://developers.google.com/identity/sign-in/web/sign-in - * @default [ profile ] - */ - readonly scopes?: string[]; -} - -/** - * Represents a identity provider that integrates with 'Google' - * @resource AWS::Cognito::UserPoolIdentityProvider - */ -export class UserPoolIdentityProviderGoogle extends UserPoolIdentityProviderBase { - public readonly providerName: string; - - constructor(scope: Construct, id: string, props: UserPoolIdentityProviderGoogleProps) { - super(scope, id, props); - - const scopes = props.scopes ?? ['profile']; - - const resource = new CfnUserPoolIdentityProvider(this, 'Resource', { - userPoolId: props.userPool.userPoolId, - providerName: 'Google', // must be 'Google' when the type is 'Google' - providerType: 'Google', - providerDetails: { - client_id: props.clientId, - client_secret: props.clientSecret, - authorize_scopes: scopes.join(' '), - }, - attributeMapping: super.configureAttributeMapping(), - }); - - this.providerName = super.getResourceNameAttribute(resource.ref); - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/index.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/index.ts deleted file mode 100644 index dbc63a9854f37..0000000000000 --- a/packages/@aws-cdk/aws-cognito/lib/user-pool-idps/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -export * from './base'; -export * from './amazon'; -export * from './facebook'; -export * from './google'; \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/test/user-pool-idp.test.ts b/packages/@aws-cdk/aws-cognito/test/user-pool-idp.test.ts new file mode 100644 index 0000000000000..c997fa9d61190 --- /dev/null +++ b/packages/@aws-cdk/aws-cognito/test/user-pool-idp.test.ts @@ -0,0 +1,295 @@ +import '@aws-cdk/assert/jest'; +import { Stack } from '@aws-cdk/core'; +import { ProviderAttribute, UserPool, UserPoolIdentityProviderAmazon, UserPoolIdentityProviderFacebook, UserPoolIdentityProviderGoogle } from '../lib'; + +describe('UserPoolIdentityProvider', () => { + describe('amazon', () => { + test('defaults', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { + userPool: pool, + clientId: 'amzn-client-id', + clientSecret: 'amzn-client-secret', + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'LoginWithAmazon', + ProviderType: 'LoginWithAmazon', + ProviderDetails: { + client_id: 'amzn-client-id', + client_secret: 'amzn-client-secret', + authorize_scopes: 'profile', + }, + }); + }); + + test('scopes', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { + userPool: pool, + clientId: 'amzn-client-id', + clientSecret: 'amzn-client-secret', + scopes: ['scope1', 'scope2'], + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'LoginWithAmazon', + ProviderType: 'LoginWithAmazon', + ProviderDetails: { + client_id: 'amzn-client-id', + client_secret: 'amzn-client-secret', + authorize_scopes: 'scope1 scope2', + }, + }); + }); + + test('registered with user pool', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + const provider = new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { + userPool: pool, + clientId: 'amzn-client-id', + clientSecret: 'amzn-client-secret', + }); + + // THEN + expect(pool.identityProviders).toContain(provider); + }); + + test('attribute mapping', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { + userPool: pool, + clientId: 'amazn-client-id', + clientSecret: 'amzn-client-secret', + attributeMapping: { + givenName: ProviderAttribute.AMAZON_NAME, + address: ProviderAttribute.other('amzn-address'), + custom: { + customAttr1: ProviderAttribute.AMAZON_EMAIL, + customAttr2: ProviderAttribute.other('amzn-custom-attr'), + }, + }, + }); + + // THEN + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + AttributeMapping: { + given_name: 'name', + address: 'amzn-address', + customAttr1: 'email', + customAttr2: 'amzn-custom-attr', + }, + }); + }); + }); + + describe('facebook', () => { + test('defaults', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { + userPool: pool, + clientId: 'fb-client-id', + clientSecret: 'fb-client-secret', + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'Facebook', + ProviderType: 'Facebook', + ProviderDetails: { + client_id: 'fb-client-id', + client_secret: 'fb-client-secret', + authorize_scopes: 'public_profile', + }, + }); + }); + + test('scopes & api_version', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { + userPool: pool, + clientId: 'fb-client-id', + clientSecret: 'fb-client-secret', + scopes: ['scope1', 'scope2'], + apiVersion: 'version1', + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'Facebook', + ProviderType: 'Facebook', + ProviderDetails: { + client_id: 'fb-client-id', + client_secret: 'fb-client-secret', + authorize_scopes: 'scope1,scope2', + api_version: 'version1', + }, + }); + }); + + test('registered with user pool', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + const provider = new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { + userPool: pool, + clientId: 'fb-client-id', + clientSecret: 'fb-client-secret', + }); + + // THEN + expect(pool.identityProviders).toContain(provider); + }); + + test('attribute mapping', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { + userPool: pool, + clientId: 'fb-client-id', + clientSecret: 'fb-client-secret', + attributeMapping: { + givenName: ProviderAttribute.FACEBOOK_NAME, + address: ProviderAttribute.other('fb-address'), + custom: { + customAttr1: ProviderAttribute.FACEBOOK_EMAIL, + customAttr2: ProviderAttribute.other('fb-custom-attr'), + }, + }, + }); + + // THEN + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + AttributeMapping: { + given_name: 'name', + address: 'fb-address', + customAttr1: 'email', + customAttr2: 'fb-custom-attr', + }, + }); + }); + }); + + describe('google', () => { + test('defaults', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { + userPool: pool, + clientId: 'google-client-id', + clientSecret: 'google-client-secret', + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'Google', + ProviderType: 'Google', + ProviderDetails: { + client_id: 'google-client-id', + client_secret: 'google-client-secret', + authorize_scopes: 'profile', + }, + }); + }); + + test('scopes', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { + userPool: pool, + clientId: 'google-client-id', + clientSecret: 'google-client-secret', + scopes: ['scope1', 'scope2'], + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'Google', + ProviderType: 'Google', + ProviderDetails: { + client_id: 'google-client-id', + client_secret: 'google-client-secret', + authorize_scopes: 'scope1 scope2', + }, + }); + }); + + test('registered with user pool', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + const provider = new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { + userPool: pool, + clientId: 'google-client-id', + clientSecret: 'google-client-secret', + }); + + // THEN + expect(pool.identityProviders).toContain(provider); + }); + + test('attribute mapping', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { + userPool: pool, + clientId: 'google-client-id', + clientSecret: 'google-client-secret', + attributeMapping: { + givenName: ProviderAttribute.GOOGLE_NAME, + address: ProviderAttribute.other('google-address'), + custom: { + customAttr1: ProviderAttribute.GOOGLE_EMAIL, + customAttr2: ProviderAttribute.other('google-custom-attr'), + }, + }, + }); + + // THEN + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + AttributeMapping: { + given_name: 'name', + address: 'google-address', + customAttr1: 'email', + customAttr2: 'google-custom-attr', + }, + }); + }); + }); +}); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/test/user-pool-idp.ts b/packages/@aws-cdk/aws-cognito/test/user-pool-idp.ts new file mode 100644 index 0000000000000..c997fa9d61190 --- /dev/null +++ b/packages/@aws-cdk/aws-cognito/test/user-pool-idp.ts @@ -0,0 +1,295 @@ +import '@aws-cdk/assert/jest'; +import { Stack } from '@aws-cdk/core'; +import { ProviderAttribute, UserPool, UserPoolIdentityProviderAmazon, UserPoolIdentityProviderFacebook, UserPoolIdentityProviderGoogle } from '../lib'; + +describe('UserPoolIdentityProvider', () => { + describe('amazon', () => { + test('defaults', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { + userPool: pool, + clientId: 'amzn-client-id', + clientSecret: 'amzn-client-secret', + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'LoginWithAmazon', + ProviderType: 'LoginWithAmazon', + ProviderDetails: { + client_id: 'amzn-client-id', + client_secret: 'amzn-client-secret', + authorize_scopes: 'profile', + }, + }); + }); + + test('scopes', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { + userPool: pool, + clientId: 'amzn-client-id', + clientSecret: 'amzn-client-secret', + scopes: ['scope1', 'scope2'], + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'LoginWithAmazon', + ProviderType: 'LoginWithAmazon', + ProviderDetails: { + client_id: 'amzn-client-id', + client_secret: 'amzn-client-secret', + authorize_scopes: 'scope1 scope2', + }, + }); + }); + + test('registered with user pool', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + const provider = new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { + userPool: pool, + clientId: 'amzn-client-id', + clientSecret: 'amzn-client-secret', + }); + + // THEN + expect(pool.identityProviders).toContain(provider); + }); + + test('attribute mapping', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { + userPool: pool, + clientId: 'amazn-client-id', + clientSecret: 'amzn-client-secret', + attributeMapping: { + givenName: ProviderAttribute.AMAZON_NAME, + address: ProviderAttribute.other('amzn-address'), + custom: { + customAttr1: ProviderAttribute.AMAZON_EMAIL, + customAttr2: ProviderAttribute.other('amzn-custom-attr'), + }, + }, + }); + + // THEN + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + AttributeMapping: { + given_name: 'name', + address: 'amzn-address', + customAttr1: 'email', + customAttr2: 'amzn-custom-attr', + }, + }); + }); + }); + + describe('facebook', () => { + test('defaults', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { + userPool: pool, + clientId: 'fb-client-id', + clientSecret: 'fb-client-secret', + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'Facebook', + ProviderType: 'Facebook', + ProviderDetails: { + client_id: 'fb-client-id', + client_secret: 'fb-client-secret', + authorize_scopes: 'public_profile', + }, + }); + }); + + test('scopes & api_version', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { + userPool: pool, + clientId: 'fb-client-id', + clientSecret: 'fb-client-secret', + scopes: ['scope1', 'scope2'], + apiVersion: 'version1', + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'Facebook', + ProviderType: 'Facebook', + ProviderDetails: { + client_id: 'fb-client-id', + client_secret: 'fb-client-secret', + authorize_scopes: 'scope1,scope2', + api_version: 'version1', + }, + }); + }); + + test('registered with user pool', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + const provider = new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { + userPool: pool, + clientId: 'fb-client-id', + clientSecret: 'fb-client-secret', + }); + + // THEN + expect(pool.identityProviders).toContain(provider); + }); + + test('attribute mapping', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { + userPool: pool, + clientId: 'fb-client-id', + clientSecret: 'fb-client-secret', + attributeMapping: { + givenName: ProviderAttribute.FACEBOOK_NAME, + address: ProviderAttribute.other('fb-address'), + custom: { + customAttr1: ProviderAttribute.FACEBOOK_EMAIL, + customAttr2: ProviderAttribute.other('fb-custom-attr'), + }, + }, + }); + + // THEN + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + AttributeMapping: { + given_name: 'name', + address: 'fb-address', + customAttr1: 'email', + customAttr2: 'fb-custom-attr', + }, + }); + }); + }); + + describe('google', () => { + test('defaults', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { + userPool: pool, + clientId: 'google-client-id', + clientSecret: 'google-client-secret', + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'Google', + ProviderType: 'Google', + ProviderDetails: { + client_id: 'google-client-id', + client_secret: 'google-client-secret', + authorize_scopes: 'profile', + }, + }); + }); + + test('scopes', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { + userPool: pool, + clientId: 'google-client-id', + clientSecret: 'google-client-secret', + scopes: ['scope1', 'scope2'], + }); + + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + ProviderName: 'Google', + ProviderType: 'Google', + ProviderDetails: { + client_id: 'google-client-id', + client_secret: 'google-client-secret', + authorize_scopes: 'scope1 scope2', + }, + }); + }); + + test('registered with user pool', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + const provider = new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { + userPool: pool, + clientId: 'google-client-id', + clientSecret: 'google-client-secret', + }); + + // THEN + expect(pool.identityProviders).toContain(provider); + }); + + test('attribute mapping', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'userpool'); + + // WHEN + new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { + userPool: pool, + clientId: 'google-client-id', + clientSecret: 'google-client-secret', + attributeMapping: { + givenName: ProviderAttribute.GOOGLE_NAME, + address: ProviderAttribute.other('google-address'), + custom: { + customAttr1: ProviderAttribute.GOOGLE_EMAIL, + customAttr2: ProviderAttribute.other('google-custom-attr'), + }, + }, + }); + + // THEN + expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { + AttributeMapping: { + given_name: 'name', + address: 'google-address', + customAttr1: 'email', + customAttr2: 'google-custom-attr', + }, + }); + }); + }); +}); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/test/user-pool-idps/amazon.test.ts b/packages/@aws-cdk/aws-cognito/test/user-pool-idps/amazon.test.ts deleted file mode 100644 index a6995367a3ded..0000000000000 --- a/packages/@aws-cdk/aws-cognito/test/user-pool-idps/amazon.test.ts +++ /dev/null @@ -1,101 +0,0 @@ -import '@aws-cdk/assert/jest'; -import { Stack } from '@aws-cdk/core'; -import { ProviderAttribute, UserPool, UserPoolIdentityProviderAmazon } from '../../lib'; - -describe('UserPoolIdentityProvider', () => { - describe('amazon', () => { - test('defaults', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { - userPool: pool, - clientId: 'amzn-client-id', - clientSecret: 'amzn-client-secret', - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'LoginWithAmazon', - ProviderType: 'LoginWithAmazon', - ProviderDetails: { - client_id: 'amzn-client-id', - client_secret: 'amzn-client-secret', - authorize_scopes: 'profile', - }, - }); - }); - - test('scopes', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { - userPool: pool, - clientId: 'amzn-client-id', - clientSecret: 'amzn-client-secret', - scopes: ['scope1', 'scope2'], - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'LoginWithAmazon', - ProviderType: 'LoginWithAmazon', - ProviderDetails: { - client_id: 'amzn-client-id', - client_secret: 'amzn-client-secret', - authorize_scopes: 'scope1 scope2', - }, - }); - }); - - test('registered with user pool', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - const provider = new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { - userPool: pool, - clientId: 'amzn-client-id', - clientSecret: 'amzn-client-secret', - }); - - // THEN - expect(pool.identityProviders).toContain(provider); - }); - - test('attribute mapping', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { - userPool: pool, - clientId: 'amazn-client-id', - clientSecret: 'amzn-client-secret', - attributeMapping: { - givenName: ProviderAttribute.AMAZON_NAME, - address: ProviderAttribute.other('amzn-address'), - custom: { - customAttr1: ProviderAttribute.AMAZON_EMAIL, - customAttr2: ProviderAttribute.other('amzn-custom-attr'), - }, - }, - }); - - // THEN - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - AttributeMapping: { - given_name: 'name', - address: 'amzn-address', - customAttr1: 'email', - customAttr2: 'amzn-custom-attr', - }, - }); - }); - }); -}); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/test/user-pool-idps/base.test.ts b/packages/@aws-cdk/aws-cognito/test/user-pool-idps/base.test.ts deleted file mode 100644 index f4a6ba4ae7f04..0000000000000 --- a/packages/@aws-cdk/aws-cognito/test/user-pool-idps/base.test.ts +++ /dev/null @@ -1,94 +0,0 @@ -import '@aws-cdk/assert/jest'; -import { Stack } from '@aws-cdk/core'; -import { ProviderAttribute, UserPool, UserPoolIdentityProviderBase } from '../../lib'; - -class MyIdp extends UserPoolIdentityProviderBase { - public readonly providerName = 'MyProvider'; - public readonly mapping = this.configureAttributeMapping(); -} - -describe('UserPoolIdentityProvider', () => { - describe('attribute mapping', () => { - test('absent or empty', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'UserPool'); - - // WHEN - const idp1 = new MyIdp(stack, 'MyIdp1', { - userPool: pool, - }); - const idp2 = new MyIdp(stack, 'MyIdp2', { - userPool: pool, - attributeMapping: {}, - }); - - // THEN - expect(idp1.mapping).toBeUndefined(); - expect(idp2.mapping).toBeUndefined(); - }); - - test('standard attributes', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'UserPool'); - - // WHEN - const idp = new MyIdp(stack, 'MyIdp', { - userPool: pool, - attributeMapping: { - givenName: ProviderAttribute.FACEBOOK_NAME, - birthdate: ProviderAttribute.FACEBOOK_BIRTHDAY, - }, - }); - - // THEN - expect(idp.mapping).toStrictEqual({ - given_name: 'name', - birthdate: 'birthday', - }); - }); - - test('custom', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'UserPool'); - - // WHEN - const idp = new MyIdp(stack, 'MyIdp', { - userPool: pool, - attributeMapping: { - custom: { - 'custom-attr-1': ProviderAttribute.AMAZON_EMAIL, - 'custom-attr-2': ProviderAttribute.AMAZON_NAME, - }, - }, - }); - - // THEN - expect(idp.mapping).toStrictEqual({ - 'custom-attr-1': 'email', - 'custom-attr-2': 'name', - }); - }); - - test('custom provider attribute', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'UserPool'); - - // WHEN - const idp = new MyIdp(stack, 'MyIdp', { - userPool: pool, - attributeMapping: { - address: ProviderAttribute.other('custom-provider-attr'), - }, - }); - - // THEN - expect(idp.mapping).toStrictEqual({ - address: 'custom-provider-attr', - }); - }); - }); -}); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/test/user-pool-idps/facebook.test.ts b/packages/@aws-cdk/aws-cognito/test/user-pool-idps/facebook.test.ts deleted file mode 100644 index 3020bd117221f..0000000000000 --- a/packages/@aws-cdk/aws-cognito/test/user-pool-idps/facebook.test.ts +++ /dev/null @@ -1,103 +0,0 @@ -import '@aws-cdk/assert/jest'; -import { Stack } from '@aws-cdk/core'; -import { ProviderAttribute, UserPool, UserPoolIdentityProviderFacebook } from '../../lib'; - -describe('UserPoolIdentityProvider', () => { - describe('facebook', () => { - test('defaults', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { - userPool: pool, - clientId: 'fb-client-id', - clientSecret: 'fb-client-secret', - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'Facebook', - ProviderType: 'Facebook', - ProviderDetails: { - client_id: 'fb-client-id', - client_secret: 'fb-client-secret', - authorize_scopes: 'public_profile', - }, - }); - }); - - test('scopes & api_version', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { - userPool: pool, - clientId: 'fb-client-id', - clientSecret: 'fb-client-secret', - scopes: ['scope1', 'scope2'], - apiVersion: 'version1', - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'Facebook', - ProviderType: 'Facebook', - ProviderDetails: { - client_id: 'fb-client-id', - client_secret: 'fb-client-secret', - authorize_scopes: 'scope1,scope2', - api_version: 'version1', - }, - }); - }); - - test('registered with user pool', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - const provider = new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { - userPool: pool, - clientId: 'fb-client-id', - clientSecret: 'fb-client-secret', - }); - - // THEN - expect(pool.identityProviders).toContain(provider); - }); - - test('attribute mapping', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { - userPool: pool, - clientId: 'fb-client-id', - clientSecret: 'fb-client-secret', - attributeMapping: { - givenName: ProviderAttribute.FACEBOOK_NAME, - address: ProviderAttribute.other('fb-address'), - custom: { - customAttr1: ProviderAttribute.FACEBOOK_EMAIL, - customAttr2: ProviderAttribute.other('fb-custom-attr'), - }, - }, - }); - - // THEN - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - AttributeMapping: { - given_name: 'name', - address: 'fb-address', - customAttr1: 'email', - customAttr2: 'fb-custom-attr', - }, - }); - }); - }); -}); \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cognito/test/user-pool-idps/google.test.ts b/packages/@aws-cdk/aws-cognito/test/user-pool-idps/google.test.ts deleted file mode 100644 index 41700abe1c92d..0000000000000 --- a/packages/@aws-cdk/aws-cognito/test/user-pool-idps/google.test.ts +++ /dev/null @@ -1,101 +0,0 @@ -import '@aws-cdk/assert/jest'; -import { Stack } from '@aws-cdk/core'; -import { ProviderAttribute, UserPool, UserPoolIdentityProviderGoogle } from '../../lib'; - -describe('UserPoolIdentityProvider', () => { - describe('google', () => { - test('defaults', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { - userPool: pool, - clientId: 'google-client-id', - clientSecret: 'google-client-secret', - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'Google', - ProviderType: 'Google', - ProviderDetails: { - client_id: 'google-client-id', - client_secret: 'google-client-secret', - authorize_scopes: 'profile', - }, - }); - }); - - test('scopes', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { - userPool: pool, - clientId: 'google-client-id', - clientSecret: 'google-client-secret', - scopes: ['scope1', 'scope2'], - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'Google', - ProviderType: 'Google', - ProviderDetails: { - client_id: 'google-client-id', - client_secret: 'google-client-secret', - authorize_scopes: 'scope1 scope2', - }, - }); - }); - - test('registered with user pool', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - const provider = new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { - userPool: pool, - clientId: 'google-client-id', - clientSecret: 'google-client-secret', - }); - - // THEN - expect(pool.identityProviders).toContain(provider); - }); - - test('attribute mapping', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { - userPool: pool, - clientId: 'google-client-id', - clientSecret: 'google-client-secret', - attributeMapping: { - givenName: ProviderAttribute.GOOGLE_NAME, - address: ProviderAttribute.other('google-address'), - custom: { - customAttr1: ProviderAttribute.GOOGLE_EMAIL, - customAttr2: ProviderAttribute.other('google-custom-attr'), - }, - }, - }); - - // THEN - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - AttributeMapping: { - given_name: 'name', - address: 'google-address', - customAttr1: 'email', - customAttr2: 'google-custom-attr', - }, - }); - }); - }); -}); \ No newline at end of file From 19110abe17549734a4faafaef853ef98fdd9aff3 Mon Sep 17 00:00:00 2001 From: Shiv Lakshminarayan Date: Sat, 17 Oct 2020 03:18:15 -0700 Subject: [PATCH 2/2] remove incorrectly named file --- .../aws-cognito/test/user-pool-idp.ts | 295 ------------------ 1 file changed, 295 deletions(-) delete mode 100644 packages/@aws-cdk/aws-cognito/test/user-pool-idp.ts diff --git a/packages/@aws-cdk/aws-cognito/test/user-pool-idp.ts b/packages/@aws-cdk/aws-cognito/test/user-pool-idp.ts deleted file mode 100644 index c997fa9d61190..0000000000000 --- a/packages/@aws-cdk/aws-cognito/test/user-pool-idp.ts +++ /dev/null @@ -1,295 +0,0 @@ -import '@aws-cdk/assert/jest'; -import { Stack } from '@aws-cdk/core'; -import { ProviderAttribute, UserPool, UserPoolIdentityProviderAmazon, UserPoolIdentityProviderFacebook, UserPoolIdentityProviderGoogle } from '../lib'; - -describe('UserPoolIdentityProvider', () => { - describe('amazon', () => { - test('defaults', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { - userPool: pool, - clientId: 'amzn-client-id', - clientSecret: 'amzn-client-secret', - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'LoginWithAmazon', - ProviderType: 'LoginWithAmazon', - ProviderDetails: { - client_id: 'amzn-client-id', - client_secret: 'amzn-client-secret', - authorize_scopes: 'profile', - }, - }); - }); - - test('scopes', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { - userPool: pool, - clientId: 'amzn-client-id', - clientSecret: 'amzn-client-secret', - scopes: ['scope1', 'scope2'], - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'LoginWithAmazon', - ProviderType: 'LoginWithAmazon', - ProviderDetails: { - client_id: 'amzn-client-id', - client_secret: 'amzn-client-secret', - authorize_scopes: 'scope1 scope2', - }, - }); - }); - - test('registered with user pool', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - const provider = new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { - userPool: pool, - clientId: 'amzn-client-id', - clientSecret: 'amzn-client-secret', - }); - - // THEN - expect(pool.identityProviders).toContain(provider); - }); - - test('attribute mapping', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderAmazon(stack, 'userpoolidp', { - userPool: pool, - clientId: 'amazn-client-id', - clientSecret: 'amzn-client-secret', - attributeMapping: { - givenName: ProviderAttribute.AMAZON_NAME, - address: ProviderAttribute.other('amzn-address'), - custom: { - customAttr1: ProviderAttribute.AMAZON_EMAIL, - customAttr2: ProviderAttribute.other('amzn-custom-attr'), - }, - }, - }); - - // THEN - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - AttributeMapping: { - given_name: 'name', - address: 'amzn-address', - customAttr1: 'email', - customAttr2: 'amzn-custom-attr', - }, - }); - }); - }); - - describe('facebook', () => { - test('defaults', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { - userPool: pool, - clientId: 'fb-client-id', - clientSecret: 'fb-client-secret', - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'Facebook', - ProviderType: 'Facebook', - ProviderDetails: { - client_id: 'fb-client-id', - client_secret: 'fb-client-secret', - authorize_scopes: 'public_profile', - }, - }); - }); - - test('scopes & api_version', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { - userPool: pool, - clientId: 'fb-client-id', - clientSecret: 'fb-client-secret', - scopes: ['scope1', 'scope2'], - apiVersion: 'version1', - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'Facebook', - ProviderType: 'Facebook', - ProviderDetails: { - client_id: 'fb-client-id', - client_secret: 'fb-client-secret', - authorize_scopes: 'scope1,scope2', - api_version: 'version1', - }, - }); - }); - - test('registered with user pool', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - const provider = new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { - userPool: pool, - clientId: 'fb-client-id', - clientSecret: 'fb-client-secret', - }); - - // THEN - expect(pool.identityProviders).toContain(provider); - }); - - test('attribute mapping', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderFacebook(stack, 'userpoolidp', { - userPool: pool, - clientId: 'fb-client-id', - clientSecret: 'fb-client-secret', - attributeMapping: { - givenName: ProviderAttribute.FACEBOOK_NAME, - address: ProviderAttribute.other('fb-address'), - custom: { - customAttr1: ProviderAttribute.FACEBOOK_EMAIL, - customAttr2: ProviderAttribute.other('fb-custom-attr'), - }, - }, - }); - - // THEN - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - AttributeMapping: { - given_name: 'name', - address: 'fb-address', - customAttr1: 'email', - customAttr2: 'fb-custom-attr', - }, - }); - }); - }); - - describe('google', () => { - test('defaults', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { - userPool: pool, - clientId: 'google-client-id', - clientSecret: 'google-client-secret', - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'Google', - ProviderType: 'Google', - ProviderDetails: { - client_id: 'google-client-id', - client_secret: 'google-client-secret', - authorize_scopes: 'profile', - }, - }); - }); - - test('scopes', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { - userPool: pool, - clientId: 'google-client-id', - clientSecret: 'google-client-secret', - scopes: ['scope1', 'scope2'], - }); - - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - ProviderName: 'Google', - ProviderType: 'Google', - ProviderDetails: { - client_id: 'google-client-id', - client_secret: 'google-client-secret', - authorize_scopes: 'scope1 scope2', - }, - }); - }); - - test('registered with user pool', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - const provider = new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { - userPool: pool, - clientId: 'google-client-id', - clientSecret: 'google-client-secret', - }); - - // THEN - expect(pool.identityProviders).toContain(provider); - }); - - test('attribute mapping', () => { - // GIVEN - const stack = new Stack(); - const pool = new UserPool(stack, 'userpool'); - - // WHEN - new UserPoolIdentityProviderGoogle(stack, 'userpoolidp', { - userPool: pool, - clientId: 'google-client-id', - clientSecret: 'google-client-secret', - attributeMapping: { - givenName: ProviderAttribute.GOOGLE_NAME, - address: ProviderAttribute.other('google-address'), - custom: { - customAttr1: ProviderAttribute.GOOGLE_EMAIL, - customAttr2: ProviderAttribute.other('google-custom-attr'), - }, - }, - }); - - // THEN - expect(stack).toHaveResource('AWS::Cognito::UserPoolIdentityProvider', { - AttributeMapping: { - given_name: 'name', - address: 'google-address', - customAttr1: 'email', - customAttr2: 'google-custom-attr', - }, - }); - }); - }); -}); \ No newline at end of file