From 1279742774fa5bf8484e38c2bcb8c1951f153c45 Mon Sep 17 00:00:00 2001
From: Mark Sailes <45629314+msailes@users.noreply.github.com>
Date: Tue, 11 Jun 2024 15:18:15 +0100
Subject: [PATCH] Adds the V2 version of the pre token generation event. (#465)
---
...nitoUserPoolPreTokenGenerationEventV2.java | 134 ++++++++++++++++++
.../lambda/runtime/tests/EventLoader.java | 4 +
.../lambda/runtime/tests/EventLoaderTest.java | 15 +-
...er_pool_pre_token_generation_event_v2.json | 33 +++++
4 files changed, 185 insertions(+), 1 deletion(-)
create mode 100644 aws-lambda-java-events/src/main/java/com/amazonaws/services/lambda/runtime/events/CognitoUserPoolPreTokenGenerationEventV2.java
create mode 100644 aws-lambda-java-tests/src/test/resources/cognito_user_pool_pre_token_generation_event_v2.json
diff --git a/aws-lambda-java-events/src/main/java/com/amazonaws/services/lambda/runtime/events/CognitoUserPoolPreTokenGenerationEventV2.java b/aws-lambda-java-events/src/main/java/com/amazonaws/services/lambda/runtime/events/CognitoUserPoolPreTokenGenerationEventV2.java
new file mode 100644
index 00000000..c7250570
--- /dev/null
+++ b/aws-lambda-java-events/src/main/java/com/amazonaws/services/lambda/runtime/events/CognitoUserPoolPreTokenGenerationEventV2.java
@@ -0,0 +1,134 @@
+/* Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. */
+
+package com.amazonaws.services.lambda.runtime.events;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+import lombok.ToString;
+
+import java.util.Map;
+
+/**
+ * Represent the class for the Cognito User Pool Pre Token Generation Lambda Trigger V2
+ *
+ * See Pre Token Generation Lambda Trigger
+ */
+@Data
+@EqualsAndHashCode(callSuper = true)
+@NoArgsConstructor
+@ToString(callSuper = true)
+public class CognitoUserPoolPreTokenGenerationEventV2 extends CognitoUserPoolEvent {
+ /**
+ * The request from the Amazon Cognito service.
+ */
+ private Request request;
+
+ /**
+ * The response from your Lambda trigger.
+ */
+ private Response response;
+
+ @Builder(setterPrefix = "with")
+ public CognitoUserPoolPreTokenGenerationEventV2(
+ String version,
+ String triggerSource,
+ String region,
+ String userPoolId,
+ String userName,
+ CallerContext callerContext,
+ Request request,
+ Response response) {
+ super(version, triggerSource, region, userPoolId, userName, callerContext);
+ this.request = request;
+ this.response = response;
+ }
+
+ @Data
+ @EqualsAndHashCode(callSuper = true)
+ @NoArgsConstructor
+ @ToString(callSuper = true)
+ public static class Request extends CognitoUserPoolEvent.Request {
+
+ private String[] scopes;
+ private GroupConfiguration groupConfiguration;
+ private Map clientMetadata;
+
+ @Builder(setterPrefix = "with")
+ public Request(Map userAttributes, String[] scopes, GroupConfiguration groupConfiguration, Map clientMetadata) {
+ super(userAttributes);
+ this.scopes = scopes;
+ this.groupConfiguration = groupConfiguration;
+ this.clientMetadata = clientMetadata;
+ }
+ }
+
+ @Data
+ @AllArgsConstructor
+ @Builder(setterPrefix = "with")
+ @NoArgsConstructor
+ public static class GroupConfiguration {
+ /**
+ * A list of the group names that are associated with the user that the identity token is issued for.
+ */
+ private String[] groupsToOverride;
+ /**
+ * A list of the current IAM roles associated with these groups.
+ */
+ private String[] iamRolesToOverride;
+ /**
+ * Indicates the preferred IAM role.
+ */
+ private String preferredRole;
+ }
+
+ @Data
+ @AllArgsConstructor
+ @Builder(setterPrefix = "with")
+ @NoArgsConstructor
+ public static class Response {
+ private ClaimsAndScopeOverrideDetails claimsAndScopeOverrideDetails;
+ }
+
+ @Data
+ @AllArgsConstructor
+ @Builder(setterPrefix = "with")
+ @NoArgsConstructor
+ public static class ClaimsAndScopeOverrideDetails {
+ private IdTokenGeneration idTokenGeneration;
+ private AccessTokenGeneration accessTokenGeneration;
+ private GroupOverrideDetails groupOverrideDetails;
+ }
+
+ @Data
+ @AllArgsConstructor
+ @Builder(setterPrefix = "with")
+ @NoArgsConstructor
+ public static class IdTokenGeneration {
+ private Map claimsToAddOrOverride;
+ private String[] claimsToSuppress;
+ }
+
+ @Data
+ @AllArgsConstructor
+ @Builder(setterPrefix = "with")
+ @NoArgsConstructor
+ public static class AccessTokenGeneration {
+ private Map claimsToAddOrOverride;
+ private String[] claimsToSuppress;
+ private String[] scopesToAdd;
+ private String[] scopesToSuppress;
+ }
+
+ @Data
+ @AllArgsConstructor
+ @Builder(setterPrefix = "with")
+ @NoArgsConstructor
+ public static class GroupOverrideDetails {
+ private Map groupsToOverride;
+ private Map iamRolesToOverride;
+ private String preferredRole;
+ }
+}
\ No newline at end of file
diff --git a/aws-lambda-java-tests/src/main/java/com/amazonaws/services/lambda/runtime/tests/EventLoader.java b/aws-lambda-java-tests/src/main/java/com/amazonaws/services/lambda/runtime/tests/EventLoader.java
index 7228fb90..aa600749 100644
--- a/aws-lambda-java-tests/src/main/java/com/amazonaws/services/lambda/runtime/tests/EventLoader.java
+++ b/aws-lambda-java-tests/src/main/java/com/amazonaws/services/lambda/runtime/tests/EventLoader.java
@@ -113,6 +113,10 @@ public static RabbitMQEvent loadRabbitMQEvent(String filename) {
return loadEvent(filename, RabbitMQEvent.class);
}
+ public static CognitoUserPoolPreTokenGenerationEventV2 loadCognitoUserPoolPreTokenGenerationEventV2(String filename) {
+ return loadEvent(filename, CognitoUserPoolPreTokenGenerationEventV2.class);
+ }
+
public static T loadEvent(String filename, Class targetClass) {
if (!filename.endsWith("json")) {
diff --git a/aws-lambda-java-tests/src/test/java/com/amazonaws/services/lambda/runtime/tests/EventLoaderTest.java b/aws-lambda-java-tests/src/test/java/com/amazonaws/services/lambda/runtime/tests/EventLoaderTest.java
index 3177b9cc..1c9d17e1 100644
--- a/aws-lambda-java-tests/src/test/java/com/amazonaws/services/lambda/runtime/tests/EventLoaderTest.java
+++ b/aws-lambda-java-tests/src/test/java/com/amazonaws/services/lambda/runtime/tests/EventLoaderTest.java
@@ -14,7 +14,6 @@
import static java.time.Instant.ofEpochSecond;
import static org.assertj.core.api.Assertions.*;
-import static org.assertj.core.api.Assertions.from;
import com.amazonaws.services.lambda.runtime.events.*;
@@ -363,4 +362,18 @@ public void testLoadRabbitMQEvent() {
assertThat(header1.get("bytes")).contains(118, 97, 108, 117, 101, 49);
assertThat((Integer) headers.get("numberInHeader")).isEqualTo(10);
}
+
+ @Test
+ public void testLoadCognitoUserPoolPreTokenGenerationEventV2() {
+ CognitoUserPoolPreTokenGenerationEventV2 event = EventLoader.loadCognitoUserPoolPreTokenGenerationEventV2("cognito_user_pool_pre_token_generation_event_v2.json");
+ assertThat(event).isNotNull();
+ assertThat(event)
+ .returns("2", from(CognitoUserPoolPreTokenGenerationEventV2::getVersion))
+ .returns("us-east-1", from(CognitoUserPoolPreTokenGenerationEventV2::getRegion))
+ .returns("TokenGeneration_Authentication", from(CognitoUserPoolPreTokenGenerationEventV2::getTriggerSource));
+
+ CognitoUserPoolPreTokenGenerationEventV2.Request request = event.getRequest();
+ String[] requestScopes = request.getScopes();
+ assertThat("aws.cognito.signin.user.admin").isEqualTo(requestScopes[0]);
+ }
}
diff --git a/aws-lambda-java-tests/src/test/resources/cognito_user_pool_pre_token_generation_event_v2.json b/aws-lambda-java-tests/src/test/resources/cognito_user_pool_pre_token_generation_event_v2.json
new file mode 100644
index 00000000..43f8e0f7
--- /dev/null
+++ b/aws-lambda-java-tests/src/test/resources/cognito_user_pool_pre_token_generation_event_v2.json
@@ -0,0 +1,33 @@
+{
+ "version": "2",
+ "triggerSource": "TokenGeneration_Authentication",
+ "region": "us-east-1",
+ "userPoolId": "us-east-1_EXAMPLE",
+ "userName": "JaneDoe",
+ "callerContext": {
+ "awsSdkVersion": "aws-sdk-unknown-unknown",
+ "clientId": "1example23456789"
+ },
+ "request": {
+ "userAttributes": {
+ "sub": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+ "cognito:user_status": "CONFIRMED",
+ "email_verified": "true",
+ "phone_number_verified": "true",
+ "phone_number": "+12065551212",
+ "family_name": "Zoe",
+ "email": "Jane.Doe@example.com"
+ },
+ "groupConfiguration": {
+ "groupsToOverride": ["group-1", "group-2", "group-3"],
+ "iamRolesToOverride": ["arn:aws:iam::123456789012:role/sns_caller1", "arn:aws:iam::123456789012:role/sns_caller2", "arn:aws:iam::123456789012:role/sns_caller3"],
+ "preferredRole": ["arn:aws:iam::123456789012:role/sns_caller"]
+ },
+ "scopes": [
+ "aws.cognito.signin.user.admin", "openid", "email", "phone"
+ ]
+ },
+ "response": {
+ "claimsAndScopeOverrideDetails": []
+ }
+}
\ No newline at end of file