From a79b52e9458b6a83c7110b580332fcb5bcdff284 Mon Sep 17 00:00:00 2001
From: Dmitry Proskurin <unknown>
Date: Fri, 7 Jul 2023 14:59:16 +0700
Subject: [PATCH] ChallengeName check and improvements

1. Direct ChallengeName check at response instead of requrest parameter device fields analyze.
2. Fix invalid parameters order for exceptions ctor's and use nameof.
3. Add request parameter validation to RespondToMfaAuthAsync method.
---
 .../CognitoUserAuthentication.cs               | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/Amazon.Extensions.CognitoAuthentication/CognitoUserAuthentication.cs b/src/Amazon.Extensions.CognitoAuthentication/CognitoUserAuthentication.cs
index 65fd559..565ea16 100644
--- a/src/Amazon.Extensions.CognitoAuthentication/CognitoUserAuthentication.cs
+++ b/src/Amazon.Extensions.CognitoAuthentication/CognitoUserAuthentication.cs
@@ -57,7 +57,7 @@ public virtual async Task<AuthFlowResponse> StartWithSrpAuthAsync(InitiateSrpAut
         {
             if (srpRequest == null || string.IsNullOrEmpty(srpRequest.Password))
             {
-                throw new ArgumentNullException("Password required for authentication.", "srpRequest");
+                throw new ArgumentNullException(nameof(srpRequest), "Password required for authentication.");
             }
 
             Tuple<BigInteger, BigInteger> tupleAa = AuthenticationHelper.CreateAaTuple();
@@ -89,14 +89,13 @@ public virtual async Task<AuthFlowResponse> StartWithSrpAuthAsync(InitiateSrpAut
 
             RespondToAuthChallengeResponse verifierResponse =
                 await Provider.RespondToAuthChallengeAsync(challengeRequest, cancellationToken).ConfigureAwait(false);
-            var isDeviceAuthRequest = verifierResponse.AuthenticationResult == null && (!string.IsNullOrEmpty(srpRequest.DeviceGroupKey)
-                || !string.IsNullOrEmpty(srpRequest.DevicePass));
+
             #region Device-level authentication
-            if (isDeviceAuthRequest)
+            if (verifierResponse.ChallengeName == ChallengeNameType.DEVICE_SRP_AUTH)
             {
                 if (string.IsNullOrEmpty(srpRequest.DeviceGroupKey) || string.IsNullOrEmpty(srpRequest.DevicePass))
                 {
-                    throw new ArgumentNullException("Device Group Key and Device Pass required for authentication.", "srpRequest");
+                    throw new ArgumentNullException(nameof(srpRequest), $"{nameof(srpRequest.DeviceGroupKey)} and {nameof(srpRequest.DevicePass)} required for authentication with challenge {ChallengeNameType.DEVICE_SRP_AUTH}");
                 }
 
                 #region Device SRP Auth
@@ -429,6 +428,15 @@ public async Task<AuthFlowResponse> RespondToMfaAuthAsync(RespondToMfaRequest mf
         /// if one exists</returns>
         public async Task<AuthFlowResponse> RespondToMfaAuthAsync(RespondToMfaRequest mfaRequest, CancellationToken cancellationToken)
         {
+            if (mfaRequest == null)
+            {
+                throw new ArgumentNullException(nameof(mfaRequest));
+            }
+            if (mfaRequest.ChallengeNameType != ChallengeNameType.SMS_MFA && mfaRequest.ChallengeNameType != ChallengeNameType.SOFTWARE_TOKEN_MFA)
+            {
+                throw new ArgumentException($"{ChallengeNameType.SMS_MFA} or {ChallengeNameType.SOFTWARE_TOKEN_MFA} at {nameof(mfaRequest.ChallengeNameType)} required.", nameof(mfaRequest));
+            }
+
             RespondToAuthChallengeRequest challengeRequest = new RespondToAuthChallengeRequest
             {
                 ChallengeResponses = new Dictionary<string, string>