fix: updateUserAttributeSetting during add/update/push flows (#10773)

* chore: updates cdk version

* fix: updated attribute in CFN flow

* fix: updated unit tests

* fix: build all functions

* fix: updated template

* fix: revert build checks

* fix: cli package unit tests

* fix: check node memory allocated

* ci: fixing job naming

* chore: increase node memory to 4096mb

* chore: removes comments

* chore: added e2e tests

* chore: lint fixes and cleanup

* chore: lgtm errors

* fix: fixes import  naming

* fix: e2e tests snapshot

* chore: rebase from dev

* fix: auth unit test

* fix: addressed comments

Co-authored-by: [email protected] <[email protected]>

packages/amplify-appsync-simulator/package.json

@@ -32,7 +32,7 @@
  "@graphql-tools/schema": "^8.3.1",
  "@graphql-tools/utils": "^8.5.1",
  "amplify-velocity-template": "1.4.8",
- "aws-sdk": "^2.1113.0",
+ "aws-sdk": "^2.1169.0",
  "chalk": "^4.1.1",
  "cors": "^2.8.5",
  "dataloader": "^2.0.0",

packages/amplify-category-auth/package.json

@@ -29,16 +29,16 @@
  "dependencies": {
  "@aws-amplify/amplify-environment-parameters": "1.0.0",
  "@aws-amplify/cli-extensibility-helper": "2.3.34",
- "@aws-cdk/aws-cognito": "~1.124.0",
- "@aws-cdk/aws-iam": "~1.124.0",
- "@aws-cdk/aws-lambda": "~1.124.0",
- "@aws-cdk/core": "~1.124.0",
+ "@aws-cdk/aws-cognito": "^1.159.0",
+ "@aws-cdk/aws-iam": "^1.159.0",
+ "@aws-cdk/aws-lambda": "^1.159.0",
+ "@aws-cdk/core": "^1.159.0",
  "amplify-cli-core": "3.0.0",
  "amplify-headless-interface": "1.15.0",
  "amplify-prompts": "2.3.0",
  "amplify-util-headless-input": "1.9.5",
  "amplify-util-import": "2.2.36",
- "aws-sdk": "^2.1113.0",
+ "aws-sdk": "^2.1169.0",
  "chalk": "^4.1.1",
  "change-case": "^4.1.1",
  "enquirer": "^2.3.6",
@@ -71,4 +71,4 @@
  "node"
  ]
  }
-}
+}

packages/amplify-category-auth/resources/overrides-resource/auth/package.json

@@ -1,17 +1,16 @@
 {
- "name": "overrides-for-auth-resource",
- "version": "1.0.0",
- "description": "",
- "scripts": {
- "build": "tsc",
- "watch": "tsc -w",
- "test": "echo \"Error: no test specified\" && exit 1"
- },
- "dependencies": {
- "@aws-amplify/cli-extensibility-helper": "^2.0.0"
- },
- "devDependencies": {
- "typescript": "^4.2.4"
- }
+ "name": "overrides-for-auth-resource",
+ "version": "1.0.0",
+ "description": "",
+ "scripts": {
+ "build": "tsc",
+ "watch": "tsc -w",
+ "test": "echo \"Error: no test specified\" && exit 1"
+ },
+ "dependencies": {
+ "@aws-amplify/cli-extensibility-helper": "^2.0.0"
+ },
+ "devDependencies": {
+ "typescript": "^4.2.4"
  }
- 
+}

packages/amplify-category-auth/resources/overrides-resource/userPoolGroups/package.json

@@ -1,17 +1,16 @@
 {
- "name": "overrides",
- "version": "1.0.0",
- "description": "",
- "scripts": {
- "build": "tsc",
- "watch": "tsc -w",
- "test": "echo \"Error: no test specified\" && exit 1"
- },
- "dependencies": {
- "@aws-amplify/cli-extensibility-helper": "^2.0.0"
- },
- "devDependencies": {
- "typescript": "^4.2.4"
- }
+ "name": "overrides",
+ "version": "1.0.0",
+ "description": "",
+ "scripts": {
+ "build": "tsc",
+ "watch": "tsc -w",
+ "test": "echo \"Error: no test specified\" && exit 1"
+ },
+ "dependencies": {
+ "@aws-amplify/cli-extensibility-helper": "^2.0.0"
+ },
+ "devDependencies": {
+ "typescript": "^4.2.4"
  }
- 
+}

packages/amplify-category-auth/src/__tests__/provider-utils/awscloudformation/auth-stack-builder/__snapshots__/auth-stack-transform.test.ts.snap

@@ -307,6 +307,11 @@ Object {
  "Required": true,
  },
  ],
+ "UserAttributeUpdateSettings": Object {
+ "AttributesRequireVerificationBeforeUpdate": Array [
+ "email",
+ ],
+ },
  "UserPoolName": Object {
  "Fn::If": Array [
  "ShouldNotCreateEnvResources",
@@ -1946,6 +1951,11 @@ exports.handler = (event, context, callback) => {
  "SmsVerificationMessage": Object {
  "Ref": "smsVerificationMessage",
  },
+ "UserAttributeUpdateSettings": Object {
+ "AttributesRequireVerificationBeforeUpdate": Array [
+ "email",
+ ],
+ },
  "UserPoolName": Object {
  "Fn::If": Array [
  "ShouldNotCreateEnvResources",

packages/amplify-category-auth/src/__tests__/provider-utils/awscloudformation/auth-stack-builder/auth-cognito-stack-builder.test.ts

@@ -1,10 +1,69 @@
+/* eslint-disable @typescript-eslint/no-non-null-assertion */
+/* eslint-disable max-lines-per-function */
+import * as iam from '@aws-cdk/aws-iam';
+import * as cdk from '@aws-cdk/core';
 import { AmplifyAuthCognitoStack } from '../../../../provider-utils/awscloudformation/auth-stack-builder/auth-cognito-stack-builder';
 import { AuthStackSynthesizer } from '../../../../provider-utils/awscloudformation/auth-stack-builder/stack-synthesizer';
-import * as cdk from '@aws-cdk/core';
-import * as iam from '@aws-cdk/aws-iam';
+import { AttributeType } from '../../../../provider-utils/awscloudformation/service-walkthrough-types/awsCognito-user-input-types';
 import { CognitoStackOptions } from '../../../../provider-utils/awscloudformation/service-walkthrough-types/cognito-user-input-types';
 
 describe('generateCognitoStackResources', () => {
+ const props: CognitoStackOptions = {
+ identityPoolName: 'issue96802f106de3_identitypool_2f106de3',
+ allowUnauthenticatedIdentities: false,
+ resourceNameTruncated: 'issue92f106de3',
+ userPoolName: 'issue96802f106de3_userpool_2f106de3',
+ autoVerifiedAttributes: ['email'],
+ mfaConfiguration: 'OFF',
+ mfaTypes: ['SMS Text Message'],
+ smsAuthenticationMessage: 'Your authentication code is {####}',
+ smsVerificationMessage: 'Your verification code is {####}',
+ emailVerificationSubject: 'Your verification code',
+ emailVerificationMessage: 'Your verification code is {####}',
+ passwordPolicyMinLength: 8,
+ passwordPolicyCharacters: [],
+ requiredAttributes: ['email'],
+ aliasAttributes: [],
+ userpoolClientGenerateSecret: false,
+ userpoolClientRefreshTokenValidity: 30,
+ userpoolClientWriteAttributes: ['email'],
+ userpoolClientReadAttributes: ['email'],
+ userpoolClientLambdaRole: 'issue92f106de3_userpoolclient_lambda_role',
+ userpoolClientSetAttributes: false,
+ sharedId: '2f106de3',
+ resourceName: 'issue96802f106de32f106de3',
+ authSelections: 'identityPoolAndUserPool',
+ useDefault: 'manual',
+ thirdPartyAuth: false,
+ userPoolGroups: false,
+ adminQueries: false,
+ triggers: {
+ PreSignup: ['custom'],
+ },
+ hostedUI: false,
+ userPoolGroupList: [],
+ serviceName: 'Cognito',
+ usernameCaseSensitive: false,
+ useEnabledMfas: true,
+ authRoleArn: {
+ 'Fn::GetAtt': ['AuthRole', 'Arn'],
+ },
+ unauthRoleArn: {
+ 'Fn::GetAtt': ['UnauthRole', 'Arn'],
+ },
+ breakCircularDependency: false,
+ dependsOn: [
+ {
+ category: 'function',
+ resourceName: 'issue96802f106de32f106de3PreSignup',
+ attributes: ['Arn', 'Name'],
+ },
+ ],
+ permissions: [],
+ authTriggerConnections: [{ triggerType: 'PreSignUp', lambdaFunctionName: 'issue96802f106de32f106de3PreSignup' }],
+ authProviders: [],
+ };
+
  it('adds correct custom oauth lambda dependencies', () => {
  const testApp = new cdk.App();
  const cognitoStack = new AmplifyAuthCognitoStack(testApp, 'testCognitoStack', { synthesizer: new AuthStackSynthesizer() });
@@ -30,85 +89,56 @@ describe('generateCognitoStackResources', () => {
  it('adds correct preSignUp lambda config and permissions', () => {
  const testApp = new cdk.App();
  const cognitoStack = new AmplifyAuthCognitoStack(testApp, 'CognitoPreSignUpTriggerTest', { synthesizer: new AuthStackSynthesizer() });
- const props : CognitoStackOptions = {
- "identityPoolName": "issue96802f106de3_identitypool_2f106de3",
- "allowUnauthenticatedIdentities": false,
- "resourceNameTruncated": "issue92f106de3",
- "userPoolName": "issue96802f106de3_userpool_2f106de3",
- "autoVerifiedAttributes": [
- "email"
- ],
- "mfaConfiguration": "OFF",
- "mfaTypes": [
- "SMS Text Message"
- ],
- "smsAuthenticationMessage": "Your authentication code is {####}",
- "smsVerificationMessage": "Your verification code is {####}",
- "emailVerificationSubject": "Your verification code",
- "emailVerificationMessage": "Your verification code is {####}",
- "passwordPolicyMinLength": 8,
- "passwordPolicyCharacters": [],
- "requiredAttributes": [
- "email"
- ],
- "aliasAttributes": [],
- "userpoolClientGenerateSecret": false,
- "userpoolClientRefreshTokenValidity": 30,
- "userpoolClientWriteAttributes": [
- "email"
- ],
- "userpoolClientReadAttributes": [
- "email"
- ],
- "userpoolClientLambdaRole": "issue92f106de3_userpoolclient_lambda_role",
- "userpoolClientSetAttributes": false,
- "sharedId": "2f106de3",
- "resourceName": "issue96802f106de32f106de3",
- "authSelections": "identityPoolAndUserPool",
- "useDefault": "manual",
- "thirdPartyAuth": false,
- "userPoolGroups": false,
- "adminQueries": false,
- "triggers": {
- "PreSignup": [
- "custom"
- ]
- },
- "hostedUI": false,
- "userPoolGroupList": [],
- "serviceName": "Cognito",
- "usernameCaseSensitive": false,
- "useEnabledMfas": true,
- "authRoleArn": {
- "Fn::GetAtt": [
- "AuthRole",
- "Arn"
- ]
- },
- "unauthRoleArn": {
- "Fn::GetAtt": [
- "UnauthRole",
- "Arn"
- ]
- },
- "breakCircularDependency": false,
- "dependsOn": [
- {
- "category": "function",
- "resourceName": "issue96802f106de32f106de3PreSignup",
- "attributes": [
- "Arn",
- "Name"
- ]
- }
+ cognitoStack.generateCognitoStackResources(props);
+ expect(cognitoStack.userPool?.lambdaConfig).toHaveProperty('preSignUp');
+ expect(cognitoStack.lambdaConfigPermissions).toHaveProperty('UserPoolPreSignupLambdaInvokePermission');
+ });
+
+ it('disables updateAttributeSetting when autoVerified attributes not present', () => {
+ const testApp = new cdk.App();
+ const cognitoStack = new AmplifyAuthCognitoStack(testApp, 'CognitoPreSignUpTriggerTest', { synthesizer: new AuthStackSynthesizer() });
+ const updatedProps = { ...props };
+ delete updatedProps.autoVerifiedAttributes;
+ cognitoStack.generateCognitoStackResources(updatedProps);
+ expect(cognitoStack.userPool?.userAttributeUpdateSettings).toBeUndefined();
+ });
+
+ it('correctly adds updateAttributeSetting when autoVerifiedAttributes attributes is TOTP', () => {
+ const testApp = new cdk.App();
+ const cognitoStack = new AmplifyAuthCognitoStack(testApp, 'CognitoUpdateAttributesettingTest', {
+ synthesizer: new AuthStackSynthesizer(),
+ });
+ const updatedProps: CognitoStackOptions = {
+ ...props,
+ userAutoVerifiedAttributeUpdateSettings: [AttributeType.PHONE_NUMBER],
+ };
+ cognitoStack.generateCognitoStackResources(updatedProps);
+ expect(cognitoStack.userPool?.userAttributeUpdateSettings).toMatchInlineSnapshot(`
+ Object {
+ "attributesRequireVerificationBeforeUpdate": Array [
+ "email",
  ],
- "permissions": [],
- "authTriggerConnections": [
- {triggerType: "PreSignUp",lambdaFunctionName: "issue96802f106de32f106de3PreSignup"}
+ }
+ `);
+ });
+
+ it('correctly adds updateAttributeSetting when autoVerifiedAttributes attributes is email', () => {
+ const testApp = new cdk.App();
+ const cognitoStack = new AmplifyAuthCognitoStack(testApp, 'CognitoUpdateAttributesettingTesting1', {
+ synthesizer: new AuthStackSynthesizer(),
+ });
+ const updatedProps: CognitoStackOptions = {
+ ...props,
+ userAutoVerifiedAttributeUpdateSettings: [AttributeType.EMAIL],
+ };
+ cognitoStack.generateCognitoStackResources(updatedProps);
+ expect(cognitoStack.userPool?.userAttributeUpdateSettings).toMatchInlineSnapshot(`
+ Object {
+ "attributesRequireVerificationBeforeUpdate": Array [
+ "email",
  ],
- "authProviders": [],
  }
- cognitoStack.generateCognitoStackResources(props);
+ `);
  expect(cognitoStack.userPool!.lambdaConfig).toHaveProperty('preSignUp');
  expect(cognitoStack.userPoolClientWeb!.tokenValidityUnits).toHaveProperty('refreshToken');
  expect(cognitoStack.userPoolClient!.tokenValidityUnits).toHaveProperty('refreshToken');

packages/amplify-category-auth/src/__tests__/provider-utils/awscloudformation/auth-stack-builder/auth-stack-transform.test.ts

@@ -1,6 +1,6 @@
-import { AmplifyAuthTransform } from '../../../../provider-utils/awscloudformation/auth-stack-builder';
 import { $TSContext } from 'amplify-cli-core';
 import process from 'process';
+import { AmplifyAuthTransform } from '../../../../provider-utils/awscloudformation/auth-stack-builder';
 
 jest.mock('amplify-cli-core', () => ({
  ...(jest.requireActual('amplify-cli-core') as {}),
@@ -18,6 +18,8 @@ jest.mock('amplify-cli-core', () => ({
  JSONUtilities: {
  writeJson: jest.fn(),
  readJson: jest.fn(),
+ stringify: jest.fn().mockImplementation(JSON.stringify),
+ parse: jest.fn().mockImplementation(JSON.parse),
  },
  FeatureFlags: {
  getBoolean: jest.fn().mockReturnValue(true),
@@ -165,16 +167,12 @@ const getCLIInputPayload_mock = jest.fn().mockReturnValueOnce(inputPayload1).moc
 
 const isCLIInputsValid_mock = jest.fn().mockReturnValue('true');
 
-jest.mock('../../../../provider-utils/awscloudformation/auth-inputs-manager/auth-input-state.ts', () => {
- return {
- AuthInputState: jest.fn().mockImplementation(() => {
- return {
- getCLIInputPayload: getCLIInputPayload_mock,
- isCLIInputsValid: isCLIInputsValid_mock,
- };
- }),
- };
-});
+jest.mock('../../../../provider-utils/awscloudformation/auth-inputs-manager/auth-input-state.ts', () => ({
+ AuthInputState: jest.fn().mockImplementation(() => ({
+ getCLIInputPayload: getCLIInputPayload_mock,
+ isCLIInputsValid: isCLIInputsValid_mock,
+ })),
+}));
 
 const mockPolicy1 = {
  policyName: 'AddToGroupCognito',

packages/amplify-category-auth/src/__tests__/provider-utils/awscloudformation/auth-stack-builder/user-pool-group-stack-transform.test.ts

@@ -44,6 +44,8 @@ jest.mock('amplify-cli-core', () => ({
  ],
  },
  ]),
+ stringify: jest.fn().mockImplementation(JSON.stringify),
+ parse: jest.fn().mockImplementation(JSON.parse),
  },
  buildOverrideDir: jest.fn().mockResolvedValue(false),
  writeCFNTemplate: jest.fn(),