/// <summary>
/// Internal method for updating the CognitoUser SessionTokens property if properly authenticated
/// </summary>
private void UpdateSessionIfAuthenticationComplete(ChallengeNameType challengeName, AuthenticationResultType authResult)
{
if (string.IsNullOrEmpty(challengeName))
{
CognitoUserSession cognitoUserSession = GetCognitoUserSession(authResult);
this.SessionTokens = cognitoUserSession;
}
}
/// <summary>
/// Constructs an AuthFlowResponse object
/// </summary>
/// <param name="sessionId">The authentication workflow session id.</param>
/// <param name="authenticationResult">The result of the Authentication workflow</param>
/// <param name="challengeName">The challenge name if any.</param>
/// <param name="challengeParameters">The challenge parameters if any.</param>
/// <param name="clientMetadata">The client metadata.</param>
public AuthFlowResponse(string sessionId, AuthenticationResultType authenticationResult, ChallengeNameType challengeName, IDictionary <string, string> challengeParameters, IDictionary <string, string> clientMetadata)
{
SessionID = sessionId;
ChallengeName = challengeName;
AuthenticationResult = authenticationResult;
ChallengeParameters = challengeParameters;
ClientMetadata = clientMetadata;
}
/// <summary>
/// Internal method which works out which Challenge Parameter to use based on the ChallengeTypeName
/// </summary>
/// <param name="challengeNameType">ChallengeTypeName from the challenge</param>
/// <returns>Returns the CognitoConstants for the given ChallengeTypeName</returns>
private string GetChallengeParamCodeName(ChallengeNameType challengeNameType)
{
if (challengeNameType == ChallengeNameType.SMS_MFA)
{
return(CognitoConstants.ChlgParamSmsMfaCode);
}
if (challengeNameType == ChallengeNameType.SOFTWARE_TOKEN_MFA)
{
return(CognitoConstants.ChlgParamSoftwareTokenMfaCode);
}
return(null);
}
/// <summary>
/// Check AuthenticationResult using ChallengeNameType
/// </summary>
/// <param name="challengeNameType"></param>
/// <returns>message</returns>
public string CheckChallenge(ChallengeNameType challengeNameType)
{
string message = string.Empty;
try
{
if (challengeNameType == ChallengeNameType.NEW_PASSWORD_REQUIRED)
{
message = DataResource.ACCOUNT_NOT_HAVING_PERMISSION;
}
else
{
message = DataResource.INVALID_CREDENTILAS;
}
return(message);
}
catch (Exception checkChallengeException)
{
LambdaLogger.Log(checkChallengeException.ToString());
return(message);
}
}
/// <summary>
/// Checks if the <param name="user"> can log in with the specified 2fa code challenge <paramref name="code"/>.
/// </summary>
/// <param name="user">The user try to log in with.</param>
/// <param name="code">The 2fa code to check</param>
/// <param name="challengeNameType">The ongoing Cognito challenge name type.</param>
/// <param name="authWorkflowSessionId">The ongoing Cognito authentication workflow id.</param>
/// <returns>The <see cref="Task"/> that represents the asynchronous operation, containing the AuthFlowResponse object linked to that authentication workflow.</returns>
public virtual Task <AuthFlowResponse> RespondToTwoFactorChallengeAsync(TUser user, string code, ChallengeNameType challengeNameType, string authWorkflowSessionId)
{
ThrowIfDisposed();
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
return(_userStore.RespondToTwoFactorChallengeAsync(user, code, challengeNameType, authWorkflowSessionId, CancellationToken));
}
internal static void UpdateSessionIfAuthenticationComplete(this CognitoUser user, ChallengeNameType challengeName,
AuthenticationResultType authResult)
{
_updateSessionMethod.Invoke(user, new object[] { challengeName, authResult });
}
/// <summary>
/// Checks if the <param name="user"> can log in with the specified 2fa code challenge <paramref name="code"/>.
/// </summary>
/// <param name="user">The user try to log in with.</param>
/// <param name="code">The 2fa code to check</param>
/// <param name="challengeNameType">The ongoing Cognito authentication challenge name type.</param>
/// <param name="authWorkflowSessionId">The ongoing Cognito authentication workflow id.</param>
/// <returns>The <see cref="Task"/> that represents the asynchronous operation, containing the AuthFlowResponse object linked to that authentication workflow.</returns>
public virtual async Task <AuthFlowResponse> RespondToTwoFactorChallengeAsync(TUser user, string code, ChallengeNameType challengeNameType, string authWorkflowSessionId, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
try
{
AuthFlowResponse context =
await user.RespondToMfaAuthAsync(new RespondToMfaRequest()
{
SessionID = authWorkflowSessionId,
MfaCode = code,
ChallengeNameType = challengeNameType
}).ConfigureAwait(false);
return(context);
}
catch (AmazonCognitoIdentityProviderException e)
{
throw new CognitoServiceException("Failed to respond to Cognito two factor challenge.", e);
}
}
