Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optional SECRET_HASH #23

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Optional SECRET_HASH #23

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1c263fa
Optionally use of SECRET_HASH paramters (appClientSecret not null only)
Feb 14, 2019
e60712a
Added more methods
Feb 14, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
150 changes: 104 additions & 46 deletions src/CognitoClient.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<?php

namespace pmill\AwsCognito;

use Aws\CognitoIdentityProvider\CognitoIdentityProviderClient;
Expand Down Expand Up @@ -72,11 +73,7 @@ public function authenticate($username, $password)
try {
$response = $this->client->adminInitiateAuth([
'AuthFlow' => 'ADMIN_NO_SRP_AUTH',
'AuthParameters' => [
'USERNAME' => $username,
'PASSWORD' => $password,
'SECRET_HASH' => $this->cognitoSecretHash($username),
],
'AuthParameters' => $this->getAuthParamters($username, $password, 'PASSWORD'),
'ClientId' => $this->appClientId,
'UserPoolId' => $this->userPoolId,
]);
Expand Down Expand Up @@ -124,11 +121,7 @@ public function respondToNewPasswordRequiredChallenge($username, $newPassword, $
{
return $this->respondToAuthChallenge(
self::CHALLENGE_NEW_PASSWORD_REQUIRED,
[
'NEW_PASSWORD' => $newPassword,
'USERNAME' => $username,
'SECRET_HASH' => $this->cognitoSecretHash($username),
],
$this->getAuthParamters($username, $newPassword, 'NEW_PASSWORD'),
$session
);
}
Expand All @@ -144,11 +137,7 @@ public function refreshAuthentication($username, $refreshToken)
try {
$response = $this->client->adminInitiateAuth([
'AuthFlow' => 'REFRESH_TOKEN_AUTH',
'AuthParameters' => [
'USERNAME' => $username,
'REFRESH_TOKEN' => $refreshToken,
'SECRET_HASH' => $this->cognitoSecretHash($username),
],
'AuthParameters' => $this->getAuthParamters($username, $refreshToken, 'REFRESH_TOKEN'),
'ClientId' => $this->appClientId,
'UserPoolId' => $this->userPoolId,
])->toArray();
Expand Down Expand Up @@ -190,12 +179,7 @@ public function changePassword($accessToken, $previousPassword, $proposedPasswor
public function confirmUserRegistration($confirmationCode, $username)
{
try {
$this->client->confirmSignUp([
'ClientId' => $this->appClientId,
'ConfirmationCode' => $confirmationCode,
'SecretHash' => $this->cognitoSecretHash($username),
'Username' => $username,
]);
$this->client->confirmSignUp($this->getConfirmUserParamters($confirmationCode, $username));
} catch (CognitoIdentityProviderException $e) {
throw CognitoResponseException::createFromCognitoException($e);
}
Expand Down Expand Up @@ -323,13 +307,7 @@ public function registerUser($username, $password, array $attributes = [])
$userAttributes = $this->buildAttributesArray($attributes);

try {
$response = $this->client->signUp([
'ClientId' => $this->appClientId,
'Password' => $password,
'SecretHash' => $this->cognitoSecretHash($username),
'UserAttributes' => $userAttributes,
'Username' => $username,
]);
$response = $this->client->signUp($this->getSignUpParameters($username, $password, $userAttributes));

return $response['UserSub'];
} catch (CognitoIdentityProviderException $e) {
Expand All @@ -346,13 +324,7 @@ public function registerUser($username, $password, array $attributes = [])
public function resetPassword($confirmationCode, $username, $proposedPassword)
{
try {
$this->client->confirmForgotPassword([
'ClientId' => $this->appClientId,
'ConfirmationCode' => $confirmationCode,
'Password' => $proposedPassword,
'SecretHash' => $this->cognitoSecretHash($username),
'Username' => $username,
]);
$this->client->confirmForgotPassword($this->getConfirmForgotPasswordParameters($confirmationCode, $username, $proposedPassword));
} catch (CognitoIdentityProviderException $e) {
throw CognitoResponseException::createFromCognitoException($e);
}
Expand All @@ -365,11 +337,7 @@ public function resetPassword($confirmationCode, $username, $proposedPassword)
public function resendRegistrationConfirmationCode($username)
{
try {
$this->client->resendConfirmationCode([
'ClientId' => $this->appClientId,
'SecretHash' => $this->cognitoSecretHash($username),
'Username' => $username,
]);
$this->client->resendConfirmationCode($this->getClientIdAndUsernameParameters($username));
} catch (CognitoIdentityProviderException $e) {
throw CognitoResponseException::createFromCognitoException($e);
}
Expand All @@ -382,11 +350,7 @@ public function resendRegistrationConfirmationCode($username)
public function sendForgottenPasswordRequest($username)
{
try {
$this->client->forgotPassword([
'ClientId' => $this->appClientId,
'SecretHash' => $this->cognitoSecretHash($username),
'Username' => $username,
]);
$this->client->forgotPassword($this->getClientIdAndUsernameParameters($username));
} catch (CognitoIdentityProviderException $e) {
throw CognitoResponseException::createFromCognitoException($e);
}
Expand Down Expand Up @@ -509,7 +473,7 @@ public function getGroupsForUsername($username)
try {
return $this->client->adminListGroupsForUser([
'UserPoolId' => $this->userPoolId,
'Username' => $username
'Username' => $username
]);
} catch (Exception $e) {
throw CognitoResponseException::createFromCognitoException($e);
Expand Down Expand Up @@ -568,4 +532,98 @@ private function buildAttributesArray(array $attributes): array
}
return $userAttributes;
}

/**
* @param $username
* @param $tokenOrPassword
* @param $tokenOrPasswordKey
* @return array
*/
private function getAuthParamters($username, $tokenOrPassword, $tokenOrPasswordKey)
{
$authParameters = [
'USERNAME' => $username,
$tokenOrPasswordKey => $tokenOrPassword,
];

if (null !== $this->appClientSecret) {
$authParameters['SECRET_HASH'] = $this->cognitoSecretHash($username);
}

return $authParameters;
}

/**
* @param $username
* @param $confirmationCode
* @return array
*/
private function getConfirmUserParamters($confirmationCode, $username)
{
$confirmUserParameters = [
'ClientId' => $this->appClientId,
'ConfirmationCode' => $confirmationCode,
'Username' => $username,
];

if (null !== $this->appClientSecret) {
$confirmUserParameters['SecretHash'] = $this->cognitoSecretHash($username);
}

return $confirmUserParameters;
}

/**
* @param $username
* @return array
*/
private function getClientIdAndUsernameParameters($username)
{
$clientIdAndUsernameParameters = [
'ClientId' => $this->appClientId,
'Username' => $username,
];

if (null !== $this->appClientSecret) {
$clientIdAndUsernameParameters['SecretHash'] = $this->cognitoSecretHash($username);
}

return $clientIdAndUsernameParameters;
}

/**
* @param $username
* @param $password
* @param $userAttributes
* @return array
*/
private function getSignUpParameters($username, $password, $userAttributes)
{
$clientIdAndUsernameParamters = $this->getClientIdAndUsernameParameters($username);

$signUpParameters = [
'UserAttributes' => $userAttributes,
'Password' => $password,
];

return array_merge($clientIdAndUsernameParamters, $signUpParameters);
}

/**
* @param $confirmationCode
* @param $username
* @param $proposedPassword
* @return array
*/
private function getConfirmForgotPasswordParameters($confirmationCode, $username, $proposedPassword)
{
$clientIdAndUsernameParamters = $this->getClientIdAndUsernameParameters($username);

$confirmForgotPasswordParameters = [
'ConfirmationCode' => $confirmationCode,
'Password' => $proposedPassword,
];

return array_merge($clientIdAndUsernameParamters, $confirmForgotPasswordParameters);
}
}