Merge pull request #7 from KogoCampus/KOGO-250/invalidAccessTokenHandler

[SM] - KOGO-250/exception thrown by invalid access token is not properly handled
KogoCampus · Dec 27, 2024 · 11041d0 · 11041d0
2 parents 72b8b32 + 6c14acf
commit 11041d0
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 7 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/cdk/src/lambda/handlers/authenticateUser.ts b/cdk/src/lambda/handlers/authenticateUser.ts
@@ -22,20 +22,34 @@ const authenticateUser: APIGatewayProxyHandler = async event => {
   try {
     switch (grantType) {
       case 'access_token': {
-        const userDetails = await getUserDetailsFromAccessToken(token);
-        const { key: schoolKey, data: schoolData } = getSchoolInfoByEmail(userDetails.email);
+        let userDetails;
+        try {
+          userDetails = await getUserDetailsFromAccessToken(token);
+        } catch (error) {
+          if (error instanceof Error) {
+            return errorResponse(error.message, 401);
+          }
+        }
+        const { key: schoolKey, data: schoolData } = getSchoolInfoByEmail(userDetails!.email);
 
         return successResponse({
           userdata: {
-            email: userDetails.email,
+            email: userDetails!.email,
             schoolKey,
             schoolData,
           },
         });
       }
       case 'refresh_token': {
-        const newAccessToken = await refreshAccessToken(token);
-        const userDetails = await getUserDetailsFromAccessToken(newAccessToken);
+        let newAccessToken;
+        try {
+          newAccessToken = await refreshAccessToken(token);
+        } catch (error) {
+          if (error instanceof Error) {
+            return errorResponse(error.message, 401);
+          }
+        }
+        const userDetails = await getUserDetailsFromAccessToken(newAccessToken!);
         const { key: schoolKey, data: schoolData } = getSchoolInfoByEmail(userDetails.email);
 
         return successResponse({

diff --git a/cdk/src/service/cognito.ts b/cdk/src/service/cognito.ts
@@ -6,6 +6,7 @@ import {
   GetUserCommand,
   AuthenticationResultType,
   ListUsersCommand,
+  GetUserCommandOutput,
 } from '@aws-sdk/client-cognito-identity-provider';
 import { settings } from '../settings';
 
@@ -96,7 +97,12 @@ export async function getUserDetailsFromAccessToken(accessToken: string): Promis
     AccessToken: accessToken,
   });
 
-  const response = await cognito.send(getUserCommand);
+  let response: GetUserCommandOutput;
+  try {
+    response = await cognito.send(getUserCommand);
+  } catch {
+    throw new Error('Access token is invalid or has expired.');
+  }
 
   if (response && response.Username && response.UserAttributes) {
     const email = response.UserAttributes.find(attr => attr.Name === 'email')?.Value;
@@ -122,7 +128,12 @@ export async function refreshAccessToken(refreshToken: string): Promise<string>
     },
   });
 
-  const response = await cognito.send(command);
+  let response;
+  try {
+    response = await cognito.send(command);
+  } catch {
+    throw new Error('Refresh token is invalid or has expired.');
+  }
 
   if (response.AuthenticationResult && response.AuthenticationResult.AccessToken) {
     return response.AuthenticationResult.AccessToken;