Skip to content

Commit

Permalink
SecretHash initialization fix
Browse files Browse the repository at this point in the history 
1. SecretHash now initialized with Username(if provided) in CognitoUser ctor.
2. Remove redundant SecretHash recalculation(Username changed only in 2 places).
3. Replace usage of raw strings to CognitoConstants & ChallengeNameType.
  • Loading branch information
@96malhar
Dmitry Proskurin authored and 96malhar committed Oct 3, 2023
1 parent 1cb383f commit d9469af
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 13 deletions.
10 changes: 5 additions & 5 deletions src/Amazon.Extensions.CognitoAuthentication/CognitoUser.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,13 +123,8 @@ public CognitoUser(string userID, string clientID,
}

this.ClientSecret = clientSecret;
if (!string.IsNullOrEmpty(clientSecret))
{
this.SecretHash = CognitoAuthHelper.GetUserPoolSecretHash(userID, clientID, clientSecret);
}

this.UserID = userID;
this.Username = userID;
if (!string.IsNullOrEmpty(username))
{
this.Username = username;
Expand All @@ -139,6 +134,11 @@ public CognitoUser(string userID, string clientID,
this.Username = userID;
}

if (!string.IsNullOrEmpty(clientSecret))
{
this.SecretHash = CognitoAuthHelper.GetUserPoolSecretHash(Username, clientID, clientSecret);
}

this.Status = status;

this.UserPool = pool;
Expand Down
13 changes: 5 additions & 8 deletions src/Amazon.Extensions.CognitoAuthentication/CognitoUserAuthentication.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ public virtual async Task<AuthFlowResponse> StartWithSrpAuthAsync(InitiateSrpAut
if (srpRequest.IsCustomAuthFlow)
{
initiateRequest.AuthFlow = AuthFlowType.CUSTOM_AUTH;
initiateRequest.AuthParameters.Add("CHALLENGE_NAME", "SRP_A");
initiateRequest.AuthParameters.Add(CognitoConstants.ChlgParamChallengeName, CognitoConstants.ChlgParamSrpA);
}
InitiateAuthResponse initiateResponse = await Provider.InitiateAuthAsync(initiateRequest, cancellationToken).ConfigureAwait(false);
UpdateUsernameAndSecretHash(initiateResponse.ChallengeParameters);
Expand Down Expand Up @@ -132,7 +132,7 @@ private RespondToAuthChallengeRequest CreateDeviceSrpAuthRequest(RespondToAuthCh

RespondToAuthChallengeRequest authChallengeRequest = new RespondToAuthChallengeRequest()
{
ChallengeName = "DEVICE_SRP_AUTH",
ChallengeName = ChallengeNameType.DEVICE_SRP_AUTH,
ClientId = ClientID,
Session = challenge.Session,
ChallengeResponses = new Dictionary<string, string>
Expand All @@ -143,9 +143,8 @@ private RespondToAuthChallengeRequest CreateDeviceSrpAuthRequest(RespondToAuthCh
}

};
if (!string.IsNullOrEmpty(ClientSecret))
if (!string.IsNullOrEmpty(SecretHash))
{
SecretHash = CognitoAuthHelper.GetUserPoolSecretHash(Username, ClientID, ClientSecret);
authChallengeRequest.ChallengeResponses.Add(CognitoConstants.ChlgParamSecretHash, SecretHash);
}
return authChallengeRequest;
Expand Down Expand Up @@ -192,9 +191,8 @@ private RespondToAuthChallengeRequest CreateDevicePasswordVerifierAuthRequest(Re
{CognitoConstants.ChlgParamDeviceKey, Device.DeviceKey }
};

if (!string.IsNullOrEmpty(ClientSecret))
if (!string.IsNullOrEmpty(SecretHash))
{
SecretHash = CognitoAuthHelper.GetUserPoolSecretHash(Username, ClientID, ClientSecret);
srpAuthResponses.Add(CognitoConstants.ChlgParamSecretHash, SecretHash);
}

Expand Down Expand Up @@ -814,9 +812,8 @@ private RespondToAuthChallengeRequest CreateSrpPasswordVerifierAuthRequest(Initi
{CognitoConstants.ChlgParamTimestamp, timeStr },
};

if (!string.IsNullOrEmpty(ClientSecret))
if (!string.IsNullOrEmpty(SecretHash))
{
SecretHash = CognitoAuthHelper.GetUserPoolSecretHash(Username, ClientID, ClientSecret);
srpAuthResponses.Add(CognitoConstants.ChlgParamSecretHash, SecretHash);
}

Expand Down

0 comments on commit d9469af

Please sign in to comment.