From 1279742774fa5bf8484e38c2bcb8c1951f153c45 Mon Sep 17 00:00:00 2001 From: Mark Sailes <45629314+msailes@users.noreply.github.com> Date: Tue, 11 Jun 2024 15:18:15 +0100 Subject: [PATCH] Adds the V2 version of the pre token generation event. (#465) --- ...nitoUserPoolPreTokenGenerationEventV2.java | 134 ++++++++++++++++++ .../lambda/runtime/tests/EventLoader.java | 4 + .../lambda/runtime/tests/EventLoaderTest.java | 15 +- ...er_pool_pre_token_generation_event_v2.json | 33 +++++ 4 files changed, 185 insertions(+), 1 deletion(-) create mode 100644 aws-lambda-java-events/src/main/java/com/amazonaws/services/lambda/runtime/events/CognitoUserPoolPreTokenGenerationEventV2.java create mode 100644 aws-lambda-java-tests/src/test/resources/cognito_user_pool_pre_token_generation_event_v2.json diff --git a/aws-lambda-java-events/src/main/java/com/amazonaws/services/lambda/runtime/events/CognitoUserPoolPreTokenGenerationEventV2.java b/aws-lambda-java-events/src/main/java/com/amazonaws/services/lambda/runtime/events/CognitoUserPoolPreTokenGenerationEventV2.java new file mode 100644 index 00000000..c7250570 --- /dev/null +++ b/aws-lambda-java-events/src/main/java/com/amazonaws/services/lambda/runtime/events/CognitoUserPoolPreTokenGenerationEventV2.java @@ -0,0 +1,134 @@ +/* Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. */ + +package com.amazonaws.services.lambda.runtime.events; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.EqualsAndHashCode; +import lombok.NoArgsConstructor; +import lombok.ToString; + +import java.util.Map; + +/** + * Represent the class for the Cognito User Pool Pre Token Generation Lambda Trigger V2 + *

+ * See Pre Token Generation Lambda Trigger + */ +@Data +@EqualsAndHashCode(callSuper = true) +@NoArgsConstructor +@ToString(callSuper = true) +public class CognitoUserPoolPreTokenGenerationEventV2 extends CognitoUserPoolEvent { + /** + * The request from the Amazon Cognito service. + */ + private Request request; + + /** + * The response from your Lambda trigger. + */ + private Response response; + + @Builder(setterPrefix = "with") + public CognitoUserPoolPreTokenGenerationEventV2( + String version, + String triggerSource, + String region, + String userPoolId, + String userName, + CallerContext callerContext, + Request request, + Response response) { + super(version, triggerSource, region, userPoolId, userName, callerContext); + this.request = request; + this.response = response; + } + + @Data + @EqualsAndHashCode(callSuper = true) + @NoArgsConstructor + @ToString(callSuper = true) + public static class Request extends CognitoUserPoolEvent.Request { + + private String[] scopes; + private GroupConfiguration groupConfiguration; + private Map clientMetadata; + + @Builder(setterPrefix = "with") + public Request(Map userAttributes, String[] scopes, GroupConfiguration groupConfiguration, Map clientMetadata) { + super(userAttributes); + this.scopes = scopes; + this.groupConfiguration = groupConfiguration; + this.clientMetadata = clientMetadata; + } + } + + @Data + @AllArgsConstructor + @Builder(setterPrefix = "with") + @NoArgsConstructor + public static class GroupConfiguration { + /** + * A list of the group names that are associated with the user that the identity token is issued for. + */ + private String[] groupsToOverride; + /** + * A list of the current IAM roles associated with these groups. + */ + private String[] iamRolesToOverride; + /** + * Indicates the preferred IAM role. + */ + private String preferredRole; + } + + @Data + @AllArgsConstructor + @Builder(setterPrefix = "with") + @NoArgsConstructor + public static class Response { + private ClaimsAndScopeOverrideDetails claimsAndScopeOverrideDetails; + } + + @Data + @AllArgsConstructor + @Builder(setterPrefix = "with") + @NoArgsConstructor + public static class ClaimsAndScopeOverrideDetails { + private IdTokenGeneration idTokenGeneration; + private AccessTokenGeneration accessTokenGeneration; + private GroupOverrideDetails groupOverrideDetails; + } + + @Data + @AllArgsConstructor + @Builder(setterPrefix = "with") + @NoArgsConstructor + public static class IdTokenGeneration { + private Map claimsToAddOrOverride; + private String[] claimsToSuppress; + } + + @Data + @AllArgsConstructor + @Builder(setterPrefix = "with") + @NoArgsConstructor + public static class AccessTokenGeneration { + private Map claimsToAddOrOverride; + private String[] claimsToSuppress; + private String[] scopesToAdd; + private String[] scopesToSuppress; + } + + @Data + @AllArgsConstructor + @Builder(setterPrefix = "with") + @NoArgsConstructor + public static class GroupOverrideDetails { + private Map groupsToOverride; + private Map iamRolesToOverride; + private String preferredRole; + } +} \ No newline at end of file diff --git a/aws-lambda-java-tests/src/main/java/com/amazonaws/services/lambda/runtime/tests/EventLoader.java b/aws-lambda-java-tests/src/main/java/com/amazonaws/services/lambda/runtime/tests/EventLoader.java index 7228fb90..aa600749 100644 --- a/aws-lambda-java-tests/src/main/java/com/amazonaws/services/lambda/runtime/tests/EventLoader.java +++ b/aws-lambda-java-tests/src/main/java/com/amazonaws/services/lambda/runtime/tests/EventLoader.java @@ -113,6 +113,10 @@ public static RabbitMQEvent loadRabbitMQEvent(String filename) { return loadEvent(filename, RabbitMQEvent.class); } + public static CognitoUserPoolPreTokenGenerationEventV2 loadCognitoUserPoolPreTokenGenerationEventV2(String filename) { + return loadEvent(filename, CognitoUserPoolPreTokenGenerationEventV2.class); + } + public static T loadEvent(String filename, Class targetClass) { if (!filename.endsWith("json")) { diff --git a/aws-lambda-java-tests/src/test/java/com/amazonaws/services/lambda/runtime/tests/EventLoaderTest.java b/aws-lambda-java-tests/src/test/java/com/amazonaws/services/lambda/runtime/tests/EventLoaderTest.java index 3177b9cc..1c9d17e1 100644 --- a/aws-lambda-java-tests/src/test/java/com/amazonaws/services/lambda/runtime/tests/EventLoaderTest.java +++ b/aws-lambda-java-tests/src/test/java/com/amazonaws/services/lambda/runtime/tests/EventLoaderTest.java @@ -14,7 +14,6 @@ import static java.time.Instant.ofEpochSecond; import static org.assertj.core.api.Assertions.*; -import static org.assertj.core.api.Assertions.from; import com.amazonaws.services.lambda.runtime.events.*; @@ -363,4 +362,18 @@ public void testLoadRabbitMQEvent() { assertThat(header1.get("bytes")).contains(118, 97, 108, 117, 101, 49); assertThat((Integer) headers.get("numberInHeader")).isEqualTo(10); } + + @Test + public void testLoadCognitoUserPoolPreTokenGenerationEventV2() { + CognitoUserPoolPreTokenGenerationEventV2 event = EventLoader.loadCognitoUserPoolPreTokenGenerationEventV2("cognito_user_pool_pre_token_generation_event_v2.json"); + assertThat(event).isNotNull(); + assertThat(event) + .returns("2", from(CognitoUserPoolPreTokenGenerationEventV2::getVersion)) + .returns("us-east-1", from(CognitoUserPoolPreTokenGenerationEventV2::getRegion)) + .returns("TokenGeneration_Authentication", from(CognitoUserPoolPreTokenGenerationEventV2::getTriggerSource)); + + CognitoUserPoolPreTokenGenerationEventV2.Request request = event.getRequest(); + String[] requestScopes = request.getScopes(); + assertThat("aws.cognito.signin.user.admin").isEqualTo(requestScopes[0]); + } } diff --git a/aws-lambda-java-tests/src/test/resources/cognito_user_pool_pre_token_generation_event_v2.json b/aws-lambda-java-tests/src/test/resources/cognito_user_pool_pre_token_generation_event_v2.json new file mode 100644 index 00000000..43f8e0f7 --- /dev/null +++ b/aws-lambda-java-tests/src/test/resources/cognito_user_pool_pre_token_generation_event_v2.json @@ -0,0 +1,33 @@ +{ + "version": "2", + "triggerSource": "TokenGeneration_Authentication", + "region": "us-east-1", + "userPoolId": "us-east-1_EXAMPLE", + "userName": "JaneDoe", + "callerContext": { + "awsSdkVersion": "aws-sdk-unknown-unknown", + "clientId": "1example23456789" + }, + "request": { + "userAttributes": { + "sub": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "cognito:user_status": "CONFIRMED", + "email_verified": "true", + "phone_number_verified": "true", + "phone_number": "+12065551212", + "family_name": "Zoe", + "email": "Jane.Doe@example.com" + }, + "groupConfiguration": { + "groupsToOverride": ["group-1", "group-2", "group-3"], + "iamRolesToOverride": ["arn:aws:iam::123456789012:role/sns_caller1", "arn:aws:iam::123456789012:role/sns_caller2", "arn:aws:iam::123456789012:role/sns_caller3"], + "preferredRole": ["arn:aws:iam::123456789012:role/sns_caller"] + }, + "scopes": [ + "aws.cognito.signin.user.admin", "openid", "email", "phone" + ] + }, + "response": { + "claimsAndScopeOverrideDetails": [] + } +} \ No newline at end of file