From 1c263fabfd1ec804cab38e0a12c89421c9932ef2 Mon Sep 17 00:00:00 2001 From: Alessandro Bellanda Date: Thu, 14 Feb 2019 12:05:06 +0100 Subject: [PATCH 1/2] Optionally use of SECRET_HASH paramters (appClientSecret not null only) Added getAuthParameters Method --- src/CognitoClient.php | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/src/CognitoClient.php b/src/CognitoClient.php index 34ed701..c597e9a 100644 --- a/src/CognitoClient.php +++ b/src/CognitoClient.php @@ -72,11 +72,7 @@ public function authenticate($username, $password) try { $response = $this->client->adminInitiateAuth([ 'AuthFlow' => 'ADMIN_NO_SRP_AUTH', - 'AuthParameters' => [ - 'USERNAME' => $username, - 'PASSWORD' => $password, - 'SECRET_HASH' => $this->cognitoSecretHash($username), - ], + 'AuthParameters' => $this->getAuthParamters($username, $password,'PASSWORD'), 'ClientId' => $this->appClientId, 'UserPoolId' => $this->userPoolId, ]); @@ -124,11 +120,7 @@ public function respondToNewPasswordRequiredChallenge($username, $newPassword, $ { return $this->respondToAuthChallenge( self::CHALLENGE_NEW_PASSWORD_REQUIRED, - [ - 'NEW_PASSWORD' => $newPassword, - 'USERNAME' => $username, - 'SECRET_HASH' => $this->cognitoSecretHash($username), - ], + $this->getAuthParamters($username, $newPassword, 'NEW_PASSWORD'), $session ); } @@ -144,11 +136,7 @@ public function refreshAuthentication($username, $refreshToken) try { $response = $this->client->adminInitiateAuth([ 'AuthFlow' => 'REFRESH_TOKEN_AUTH', - 'AuthParameters' => [ - 'USERNAME' => $username, - 'REFRESH_TOKEN' => $refreshToken, - 'SECRET_HASH' => $this->cognitoSecretHash($username), - ], + 'AuthParameters' => $this->getAuthParamters($username, $refreshToken, 'REFRESH_TOKEN'), 'ClientId' => $this->appClientId, 'UserPoolId' => $this->userPoolId, ])->toArray(); @@ -568,4 +556,24 @@ private function buildAttributesArray(array $attributes): array } return $userAttributes; } + + /** + * @param $username + * @param $tokenOrPassword + * @param $tokenOrPasswordKey + * @return array + */ + private function getAuthParamters($username, $tokenOrPassword, $tokenOrPasswordKey) + { + $authParameters = [ + 'USERNAME' => $username, + $tokenOrPasswordKey => $tokenOrPassword, + ]; + + if (null !== $this->appClientSecret) { + $authParameters['SECRET_HASH'] = $this->cognitoSecretHash($username); + } + + return $authParameters; + } } From e60712acf311a3ae9435e98125417b8956572d9c Mon Sep 17 00:00:00 2001 From: Alessandro Bellanda Date: Thu, 14 Feb 2019 12:59:42 +0100 Subject: [PATCH 2/2] Added more methods --- src/CognitoClient.php | 114 ++++++++++++++++++++++++++++++------------ 1 file changed, 82 insertions(+), 32 deletions(-) diff --git a/src/CognitoClient.php b/src/CognitoClient.php index c597e9a..28121e9 100644 --- a/src/CognitoClient.php +++ b/src/CognitoClient.php @@ -1,4 +1,5 @@ client->adminInitiateAuth([ 'AuthFlow' => 'ADMIN_NO_SRP_AUTH', - 'AuthParameters' => $this->getAuthParamters($username, $password,'PASSWORD'), + 'AuthParameters' => $this->getAuthParamters($username, $password, 'PASSWORD'), 'ClientId' => $this->appClientId, 'UserPoolId' => $this->userPoolId, ]); @@ -178,12 +179,7 @@ public function changePassword($accessToken, $previousPassword, $proposedPasswor public function confirmUserRegistration($confirmationCode, $username) { try { - $this->client->confirmSignUp([ - 'ClientId' => $this->appClientId, - 'ConfirmationCode' => $confirmationCode, - 'SecretHash' => $this->cognitoSecretHash($username), - 'Username' => $username, - ]); + $this->client->confirmSignUp($this->getConfirmUserParamters($confirmationCode, $username)); } catch (CognitoIdentityProviderException $e) { throw CognitoResponseException::createFromCognitoException($e); } @@ -311,13 +307,7 @@ public function registerUser($username, $password, array $attributes = []) $userAttributes = $this->buildAttributesArray($attributes); try { - $response = $this->client->signUp([ - 'ClientId' => $this->appClientId, - 'Password' => $password, - 'SecretHash' => $this->cognitoSecretHash($username), - 'UserAttributes' => $userAttributes, - 'Username' => $username, - ]); + $response = $this->client->signUp($this->getSignUpParameters($username, $password, $userAttributes)); return $response['UserSub']; } catch (CognitoIdentityProviderException $e) { @@ -334,13 +324,7 @@ public function registerUser($username, $password, array $attributes = []) public function resetPassword($confirmationCode, $username, $proposedPassword) { try { - $this->client->confirmForgotPassword([ - 'ClientId' => $this->appClientId, - 'ConfirmationCode' => $confirmationCode, - 'Password' => $proposedPassword, - 'SecretHash' => $this->cognitoSecretHash($username), - 'Username' => $username, - ]); + $this->client->confirmForgotPassword($this->getConfirmForgotPasswordParameters($confirmationCode, $username, $proposedPassword)); } catch (CognitoIdentityProviderException $e) { throw CognitoResponseException::createFromCognitoException($e); } @@ -353,11 +337,7 @@ public function resetPassword($confirmationCode, $username, $proposedPassword) public function resendRegistrationConfirmationCode($username) { try { - $this->client->resendConfirmationCode([ - 'ClientId' => $this->appClientId, - 'SecretHash' => $this->cognitoSecretHash($username), - 'Username' => $username, - ]); + $this->client->resendConfirmationCode($this->getClientIdAndUsernameParameters($username)); } catch (CognitoIdentityProviderException $e) { throw CognitoResponseException::createFromCognitoException($e); } @@ -370,11 +350,7 @@ public function resendRegistrationConfirmationCode($username) public function sendForgottenPasswordRequest($username) { try { - $this->client->forgotPassword([ - 'ClientId' => $this->appClientId, - 'SecretHash' => $this->cognitoSecretHash($username), - 'Username' => $username, - ]); + $this->client->forgotPassword($this->getClientIdAndUsernameParameters($username)); } catch (CognitoIdentityProviderException $e) { throw CognitoResponseException::createFromCognitoException($e); } @@ -497,7 +473,7 @@ public function getGroupsForUsername($username) try { return $this->client->adminListGroupsForUser([ 'UserPoolId' => $this->userPoolId, - 'Username' => $username + 'Username' => $username ]); } catch (Exception $e) { throw CognitoResponseException::createFromCognitoException($e); @@ -576,4 +552,78 @@ private function getAuthParamters($username, $tokenOrPassword, $tokenOrPasswordK return $authParameters; } + + /** + * @param $username + * @param $confirmationCode + * @return array + */ + private function getConfirmUserParamters($confirmationCode, $username) + { + $confirmUserParameters = [ + 'ClientId' => $this->appClientId, + 'ConfirmationCode' => $confirmationCode, + 'Username' => $username, + ]; + + if (null !== $this->appClientSecret) { + $confirmUserParameters['SecretHash'] = $this->cognitoSecretHash($username); + } + + return $confirmUserParameters; + } + + /** + * @param $username + * @return array + */ + private function getClientIdAndUsernameParameters($username) + { + $clientIdAndUsernameParameters = [ + 'ClientId' => $this->appClientId, + 'Username' => $username, + ]; + + if (null !== $this->appClientSecret) { + $clientIdAndUsernameParameters['SecretHash'] = $this->cognitoSecretHash($username); + } + + return $clientIdAndUsernameParameters; + } + + /** + * @param $username + * @param $password + * @param $userAttributes + * @return array + */ + private function getSignUpParameters($username, $password, $userAttributes) + { + $clientIdAndUsernameParamters = $this->getClientIdAndUsernameParameters($username); + + $signUpParameters = [ + 'UserAttributes' => $userAttributes, + 'Password' => $password, + ]; + + return array_merge($clientIdAndUsernameParamters, $signUpParameters); + } + + /** + * @param $confirmationCode + * @param $username + * @param $proposedPassword + * @return array + */ + private function getConfirmForgotPasswordParameters($confirmationCode, $username, $proposedPassword) + { + $clientIdAndUsernameParamters = $this->getClientIdAndUsernameParameters($username); + + $confirmForgotPasswordParameters = [ + 'ConfirmationCode' => $confirmationCode, + 'Password' => $proposedPassword, + ]; + + return array_merge($clientIdAndUsernameParamters, $confirmForgotPasswordParameters); + } }