ChallengeName check and improvements

1. Direct ChallengeName check at response instead of requrest parameter device fields analyze. 2. Fix invalid parameters order for exceptions ctor's and use nameof. 3. Add request parameter validation to RespondToMfaAuthAsync method.
aws · Oct 3, 2023 · a79b52e · a79b52e
1 parent 8824762
commit a79b52e
Showing 1 changed file with 13 additions and 5 deletions.
diff --git a/src/Amazon.Extensions.CognitoAuthentication/CognitoUserAuthentication.cs b/src/Amazon.Extensions.CognitoAuthentication/CognitoUserAuthentication.cs
@@ -57,7 +57,7 @@ public virtual async Task<AuthFlowResponse> StartWithSrpAuthAsync(InitiateSrpAut
         {
             if (srpRequest == null || string.IsNullOrEmpty(srpRequest.Password))
             {
-                throw new ArgumentNullException("Password required for authentication.", "srpRequest");
+                throw new ArgumentNullException(nameof(srpRequest), "Password required for authentication.");
             }
 
             Tuple<BigInteger, BigInteger> tupleAa = AuthenticationHelper.CreateAaTuple();
@@ -89,14 +89,13 @@ public virtual async Task<AuthFlowResponse> StartWithSrpAuthAsync(InitiateSrpAut
 
             RespondToAuthChallengeResponse verifierResponse =
                 await Provider.RespondToAuthChallengeAsync(challengeRequest, cancellationToken).ConfigureAwait(false);
-            var isDeviceAuthRequest = verifierResponse.AuthenticationResult == null && (!string.IsNullOrEmpty(srpRequest.DeviceGroupKey)
-                || !string.IsNullOrEmpty(srpRequest.DevicePass));
+
             #region Device-level authentication
-            if (isDeviceAuthRequest)
+            if (verifierResponse.ChallengeName == ChallengeNameType.DEVICE_SRP_AUTH)
             {
                 if (string.IsNullOrEmpty(srpRequest.DeviceGroupKey) || string.IsNullOrEmpty(srpRequest.DevicePass))
                 {
-                    throw new ArgumentNullException("Device Group Key and Device Pass required for authentication.", "srpRequest");
+                    throw new ArgumentNullException(nameof(srpRequest), $"{nameof(srpRequest.DeviceGroupKey)} and {nameof(srpRequest.DevicePass)} required for authentication with challenge {ChallengeNameType.DEVICE_SRP_AUTH}");
                 }
 
                 #region Device SRP Auth
@@ -429,6 +428,15 @@ public async Task<AuthFlowResponse> RespondToMfaAuthAsync(RespondToMfaRequest mf
         /// if one exists</returns>
         public async Task<AuthFlowResponse> RespondToMfaAuthAsync(RespondToMfaRequest mfaRequest, CancellationToken cancellationToken)
         {
+            if (mfaRequest == null)
+            {
+                throw new ArgumentNullException(nameof(mfaRequest));
+            }
+            if (mfaRequest.ChallengeNameType != ChallengeNameType.SMS_MFA && mfaRequest.ChallengeNameType != ChallengeNameType.SOFTWARE_TOKEN_MFA)
+            {
+                throw new ArgumentException($"{ChallengeNameType.SMS_MFA} or {ChallengeNameType.SOFTWARE_TOKEN_MFA} at {nameof(mfaRequest.ChallengeNameType)} required.", nameof(mfaRequest));
+            }
+
             RespondToAuthChallengeRequest challengeRequest = new RespondToAuthChallengeRequest
             {
                 ChallengeResponses = new Dictionary<string, string>