foo: creating passwordpolicy.ts

KogoCampus · Dec 23, 2024 · 38a03cd · 38a03cd
1 parent c63d1e5
commit 38a03cd
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 31 deletions.
diff --git a/cdk/src/lambda/handlers/passwordReset.ts b/cdk/src/lambda/handlers/passwordReset.ts
@@ -1,7 +1,8 @@
 import { APIGatewayProxyHandler } from 'aws-lambda';
-import { checkPasswordPolicy, doesUserExistByEmail, resetUserPassword } from '../../service/cognito';
+import { doesUserExistByEmail, resetUserPassword } from '../../service/cognito';
 import { successResponse, errorResponse, wrapHandler } from '../handlerUtil';
 import { getEmailVerifiedToken, deleteEmailVerifiedToken } from '../../service/email/emailVerifiedToken';
+import { CustomPasswordError, checkPasswordPolicy } from '../../service/passwordPolicy';
 
 const passwordReset: APIGatewayProxyHandler = async event => {
   const email = event.queryStringParameters?.email;
@@ -40,7 +41,7 @@ const passwordReset: APIGatewayProxyHandler = async event => {
 
     return successResponse({ message: 'Password reset successfully' });
   } catch (error) {
-    if (error instanceof Error) {
+    if (error instanceof CustomPasswordError) {
       return errorResponse(error.message, 400);
     }
     return errorResponse('Password reset failed', 500);

diff --git a/cdk/src/lambda/handlers/userRegistration.ts b/cdk/src/lambda/handlers/userRegistration.ts
@@ -1,7 +1,8 @@
 import { APIGatewayProxyHandler } from 'aws-lambda';
 import { successResponse, errorResponse, wrapHandler } from '../handlerUtil';
 import { getEmailVerifiedToken, deleteEmailVerifiedToken } from '../../service/email/emailVerifiedToken';
-import { checkPasswordPolicy, createUserInCognito } from '../../service/cognito';
+import { createUserInCognito } from '../../service/cognito';
+import { CustomPasswordError, checkPasswordPolicy } from '../../service/passwordPolicy';
 
 export const handler: APIGatewayProxyHandler = wrapHandler(async event => {
   const emailVerifiedToken = event.queryStringParameters?.emailVerifiedToken;
@@ -31,7 +32,7 @@ export const handler: APIGatewayProxyHandler = wrapHandler(async event => {
   try {
     await checkPasswordPolicy(password);
   } catch (error) {
-    if (error instanceof Error) {
+    if (error instanceof CustomPasswordError) {
       return errorResponse(error.message, 400);
     }
   }

diff --git a/cdk/src/service/cognito.ts b/cdk/src/service/cognito.ts
@@ -154,29 +154,3 @@ export async function resetUserPassword(email: string, newPassword: string): Pro
 
   await cognito.send(command);
 }
-
-export async function checkPasswordPolicy(password: string): Promise<void> {
-  if (password.length < 8) {
-    throw new Error('Password must be at least 8 characters');
-  }
-
-  if (password.length > 20) {
-    throw new Error('Password cannot exceed 20 characters');
-  }
-
-  if (!/[A-Z]/.test(password)) {
-    throw new Error('Password must contain at least one uppercase letter');
-  }
-
-  if (!/[a-z]/.test(password)) {
-    throw new Error('Password must contain at least one lowercase letter');
-  }
-
-  if (!/[!@#$%^&*(),.?":{}|<>]/.test(password)) {
-    throw new Error('Password must contain at least one special character');
-  }
-
-  if (!/[0-9]/.test(password)) {
-    throw new Error('Password must contain at least one number');
-  }
-}
diff --git a/cdk/src/service/passwordPolicy.ts b/cdk/src/service/passwordPolicy.ts
@@ -0,0 +1,32 @@
+export class CustomPasswordError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'CustomPasswordError';
+  }
+}
+
+export async function checkPasswordPolicy(password: string): Promise<void> {
+  if (password.length < 8) {
+    throw new CustomPasswordError('Password must be at least 8 characters');
+  }
+
+  if (password.length > 20) {
+    throw new CustomPasswordError('Password cannot exceed 20 characters');
+  }
+
+  if (!/[A-Z]/.test(password)) {
+    throw new CustomPasswordError('Password must contain at least one uppercase letter');
+  }
+
+  if (!/[a-z]/.test(password)) {
+    throw new CustomPasswordError('Password must contain at least one lowercase letter');
+  }
+
+  if (!/[!@#$%^&*(),.?":{}|<>]/.test(password)) {
+    throw new CustomPasswordError('Password must contain at least one special character');
+  }
+
+  if (!/[0-9]/.test(password)) {
+    throw new CustomPasswordError('Password must contain at least one number');
+  }
+}
diff --git a/cdk/test/lambda/handlers/passwordReset.test.ts b/cdk/test/lambda/handlers/passwordReset.test.ts
@@ -10,7 +10,8 @@ jest.mock('../../../src/service/email/emailVerifiedToken');
 describe('passwordReset', () => {
   const mockStoredEmailVerifiedToken = 'stored-email-verified-token';
   const mockEmail = '[email protected]';
-  const mockNewPassword = 'newPassword123';
+  const mockNewPassword = 'newPassword@!#123';
+  const mockInvalidPassword = 'newPassword';
 
   const invokeHandler = async (event: Partial<APIGatewayProxyEvent>) => {
     const context = {} as Context;
@@ -67,6 +68,16 @@ describe('passwordReset', () => {
     expect(handlerUtil.errorResponse).toHaveBeenCalledWith('New password is required', 400);
   });
 
+  it('should call errorResponse when password is shorter than 8 characters', async () => {
+    await invokeHandler({
+      queryStringParameters: { email: mockEmail, emailVerifiedToken: mockStoredEmailVerifiedToken },
+      body: JSON.stringify({ newPassword: mockInvalidPassword }),
+    });
+    expect(handlerUtil.errorResponse).toHaveBeenCalledWith(expect.stringMatching(/Password/), 400);
+    expect(resetUserPassword).not.toHaveBeenCalled();
+    expect(deleteEmailVerifiedToken).not.toHaveBeenCalled();
+  });
+
   it('should reset password successfully with valid inputs', async () => {
     await invokeHandler({
       queryStringParameters: { email: mockEmail, emailVerifiedToken: mockStoredEmailVerifiedToken },