From d884098cb601bce523efd5161c40b92f890bc4bf Mon Sep 17 00:00:00 2001 From: Oleh Onufryk Date: Fri, 11 Oct 2024 15:04:52 +0300 Subject: [PATCH 1/3] AWS Cognito Autoconfiguration --- pom.xml | 2 + spring-cloud-aws-autoconfigure/pom.xml | 5 ++ .../cognito/CognitoAutoConfiguration.java | 69 ++++++++++++++++ .../cognito/CognitoClientCustomizer.java | 23 ++++++ .../cognito/CognitoProperties.java | 80 +++++++++++++++++++ .../autoconfigure/cognito/package-info.java | 22 +++++ ...ot.autoconfigure.AutoConfiguration.imports | 1 + .../cognito/CognitoAutoConfigurationTest.java | 74 +++++++++++++++++ spring-cloud-aws-cognito/pom.xml | 37 +++++++++ spring-cloud-aws-dependencies/pom.xml | 12 +++ .../spring-cloud-aws-starter-cognito/pom.xml | 26 ++++++ 11 files changed, 351 insertions(+) create mode 100644 spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfiguration.java create mode 100644 spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoClientCustomizer.java create mode 100644 spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoProperties.java create mode 100644 spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/package-info.java create mode 100644 spring-cloud-aws-autoconfigure/src/test/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfigurationTest.java create mode 100644 spring-cloud-aws-cognito/pom.xml create mode 100644 spring-cloud-aws-starters/spring-cloud-aws-starter-cognito/pom.xml diff --git a/pom.xml b/pom.xml index aea04d5ee..546683c43 100644 --- a/pom.xml +++ b/pom.xml @@ -44,6 +44,7 @@ spring-cloud-aws-sqs spring-cloud-aws-dynamodb spring-cloud-aws-s3 + spring-cloud-aws-cognito spring-cloud-aws-testcontainers spring-cloud-aws-starters/spring-cloud-aws-starter spring-cloud-aws-starters/spring-cloud-aws-starter-dynamodb @@ -54,6 +55,7 @@ spring-cloud-aws-starters/spring-cloud-aws-starter-ses spring-cloud-aws-starters/spring-cloud-aws-starter-sns spring-cloud-aws-starters/spring-cloud-aws-starter-sqs + spring-cloud-aws-starters/spring-cloud-aws-starter-cognito spring-cloud-aws-samples spring-cloud-aws-test spring-cloud-aws-modulith diff --git a/spring-cloud-aws-autoconfigure/pom.xml b/spring-cloud-aws-autoconfigure/pom.xml index 7f17e16ee..2ce18a8f9 100644 --- a/spring-cloud-aws-autoconfigure/pom.xml +++ b/spring-cloud-aws-autoconfigure/pom.xml @@ -86,6 +86,11 @@ spring-cloud-aws-s3 true + + io.awspring.cloud + spring-cloud-aws-cognito + true + software.amazon.dax amazon-dax-client diff --git a/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfiguration.java b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfiguration.java new file mode 100644 index 000000000..43e2b032a --- /dev/null +++ b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfiguration.java @@ -0,0 +1,69 @@ +/* + * Copyright 2013-2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.awspring.cloud.autoconfigure.cognito; + +import io.awspring.cloud.autoconfigure.AwsSyncClientCustomizer; +import io.awspring.cloud.autoconfigure.core.AwsAutoConfiguration; +import io.awspring.cloud.autoconfigure.core.AwsClientBuilderConfigurer; +import io.awspring.cloud.autoconfigure.core.AwsConnectionDetails; +import io.awspring.cloud.autoconfigure.core.CredentialsProviderAutoConfiguration; +import io.awspring.cloud.autoconfigure.core.RegionProviderAutoConfiguration; +import io.awspring.cloud.cognito.CognitoTemplate; +import org.springframework.beans.factory.ObjectProvider; +import org.springframework.boot.autoconfigure.AutoConfiguration; +import org.springframework.boot.autoconfigure.AutoConfigureAfter; +import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.Bean; +import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; + +/** + * {@link AutoConfiguration Auto-Configuration} for AWS Cognito integration. + * + * @author Oleh Onufryk + * @since 3.3.0 + */ + +@AutoConfiguration +@EnableConfigurationProperties(CognitoProperties.class) +@ConditionalOnClass({ CognitoIdentityProviderClient.class }) +@AutoConfigureAfter({ CredentialsProviderAutoConfiguration.class, RegionProviderAutoConfiguration.class, + AwsAutoConfiguration.class }) +@ConditionalOnProperty(name = "spring.cloud.aws.cognito.enabled", havingValue = "true", matchIfMissing = true) +public class CognitoAutoConfiguration { + + @Bean + @ConditionalOnMissingBean + public CognitoIdentityProviderClient cognitoIdentityProviderClient(CognitoProperties cognitoProperties, + AwsClientBuilderConfigurer awsClientBuilderConfigurer, ObjectProvider customizers, + ObjectProvider awsSyncClientCustomizers, + ObjectProvider connectionDetails) { + return awsClientBuilderConfigurer.configureSyncClient(CognitoIdentityProviderClient.builder(), + cognitoProperties, connectionDetails.getIfAvailable(), customizers.orderedStream(), + awsSyncClientCustomizers.orderedStream()).build(); + } + + @Bean + @ConditionalOnMissingBean + @ConditionalOnProperty(name = {"spring.cloud.aws.cognito.clientId", "spring.cloud.aws.cognito.userPoolId"}) + public CognitoTemplate cognitoTemplate(CognitoProperties cognitoProperties, + CognitoIdentityProviderClient cognitoIdentityProviderClient) { + return new CognitoTemplate(cognitoIdentityProviderClient, cognitoProperties.getClientId(), + cognitoProperties.getUserPoolId()); + } +} diff --git a/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoClientCustomizer.java b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoClientCustomizer.java new file mode 100644 index 000000000..c2e72316f --- /dev/null +++ b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoClientCustomizer.java @@ -0,0 +1,23 @@ +/* + * Copyright 2013-2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.awspring.cloud.autoconfigure.cognito; + +import io.awspring.cloud.autoconfigure.AwsClientCustomizer; +import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClientBuilder; + +@FunctionalInterface +public interface CognitoClientCustomizer extends AwsClientCustomizer { +} diff --git a/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoProperties.java b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoProperties.java new file mode 100644 index 000000000..7a937d4c0 --- /dev/null +++ b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoProperties.java @@ -0,0 +1,80 @@ +/* + * Copyright 2013-2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.awspring.cloud.autoconfigure.cognito; + +import io.awspring.cloud.autoconfigure.AwsClientProperties; +import org.springframework.boot.context.properties.ConfigurationProperties; + +@ConfigurationProperties(CognitoProperties.CONFIG_PREFIX) +public class CognitoProperties extends AwsClientProperties { + + /** + * Configuration prefix. + */ + public static final String CONFIG_PREFIX = "spring.cloud.aws.cognito"; + + /** + * Enables Cognito integration. + */ + private boolean enabled = true; + + /** + * The user pool ID. + */ + private String userPoolId; + + /** + * The client ID. + */ + private String clientId; + + /** + * The client secret. + */ + private String clientSecret; + + public boolean isEnabled() { + return enabled; + } + + public void setEnabled(boolean enabled) { + this.enabled = enabled; + } + + public String getUserPoolId() { + return userPoolId; + } + + public void setUserPoolId(String userPoolId) { + this.userPoolId = userPoolId; + } + + public String getClientId() { + return clientId; + } + + public void setClientId(String clientId) { + this.clientId = clientId; + } + + public String getClientSecret() { + return clientSecret; + } + + public void setClientSecret(String clientSecret) { + this.clientSecret = clientSecret; + } +} diff --git a/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/package-info.java b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/package-info.java new file mode 100644 index 000000000..81c589992 --- /dev/null +++ b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2013-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * {@link org.springframework.boot.context.config.ConfigDataLoader} implementation for AWS Cognito. + */ +@org.springframework.lang.NonNullApi +@org.springframework.lang.NonNullFields +package io.awspring.cloud.autoconfigure.cognito; diff --git a/spring-cloud-aws-autoconfigure/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/spring-cloud-aws-autoconfigure/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports index a52f7b419..614488500 100644 --- a/spring-cloud-aws-autoconfigure/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports +++ b/spring-cloud-aws-autoconfigure/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports @@ -14,3 +14,4 @@ io.awspring.cloud.autoconfigure.config.secretsmanager.SecretsManagerReloadAutoCo io.awspring.cloud.autoconfigure.config.secretsmanager.SecretsManagerAutoConfiguration io.awspring.cloud.autoconfigure.config.parameterstore.ParameterStoreReloadAutoConfiguration io.awspring.cloud.autoconfigure.config.parameterstore.ParameterStoreAutoConfiguration +io.awspring.cloud.autoconfigure.cognito.CognitoAutoConfiguration diff --git a/spring-cloud-aws-autoconfigure/src/test/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfigurationTest.java b/spring-cloud-aws-autoconfigure/src/test/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfigurationTest.java new file mode 100644 index 000000000..de0d4c0a8 --- /dev/null +++ b/spring-cloud-aws-autoconfigure/src/test/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfigurationTest.java @@ -0,0 +1,74 @@ +/* + * Copyright 2013-2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.awspring.cloud.autoconfigure.cognito; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; + +import io.awspring.cloud.autoconfigure.core.AwsAutoConfiguration; +import io.awspring.cloud.autoconfigure.core.CredentialsProviderAutoConfiguration; +import io.awspring.cloud.autoconfigure.core.RegionProviderAutoConfiguration; +import org.junit.jupiter.api.Test; +import org.springframework.boot.autoconfigure.AutoConfigurations; +import org.springframework.boot.test.context.TestConfiguration; +import org.springframework.boot.test.context.runner.ApplicationContextRunner; +import org.springframework.context.annotation.Bean; +import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; + +/** + * Test for {@link CognitoAutoConfiguration} + */ +class CognitoAutoConfigurationTest { + + private final ApplicationContextRunner runner = new ApplicationContextRunner() + .withPropertyValues("spring.cloud.aws.region.static:eu-west-1") + .withConfiguration(AutoConfigurations.of(RegionProviderAutoConfiguration.class, + CredentialsProviderAutoConfiguration.class, CognitoAutoConfiguration.class, + AwsAutoConfiguration.class)); + + @Test + void cognitoAutoConfigurationIsDisabled() { + this.runner.withPropertyValues("spring.cloud.aws.cognito.enabled:false") + .run(context -> assertThat(context).doesNotHaveBean(CognitoIdentityProviderClient.class)); + } + + @Test + void cognitoAutoConfigurationIsEnabled() { + this.runner.withPropertyValues("spring.cloud.aws.cognito.enabled:true") + .run(context -> assertThat(context).hasSingleBean(CognitoIdentityProviderClient.class)); + } + + @Test + void createCognitoClientBeanByDefault() { + this.runner.run(context -> assertThat(context).hasSingleBean(CognitoAutoConfiguration.class)); + } + + @Test + void usesCustomBeanWhenProvided() { + this.runner.withUserConfiguration(CustomCognitoConfiguration.class).run(context -> { + assertThat(context).hasSingleBean(CognitoIdentityProviderClient.class); + assertThat(context.getBean(CognitoIdentityProviderClient.class)).isNotNull(); + }); + } + + @TestConfiguration + static class CustomCognitoConfiguration { + @Bean + CognitoIdentityProviderClient cognitoIdentityProviderClient() { + return mock(CognitoIdentityProviderClient.class); + } + } +} diff --git a/spring-cloud-aws-cognito/pom.xml b/spring-cloud-aws-cognito/pom.xml new file mode 100644 index 000000000..c1faec731 --- /dev/null +++ b/spring-cloud-aws-cognito/pom.xml @@ -0,0 +1,37 @@ + + + 4.0.0 + + + io.awspring.cloud + spring-cloud-aws + 3.3.0-SNAPSHOT + + + spring-cloud-aws-cognito + Spring Cloud AWS Cognito Integration + + + + software.amazon.awssdk + cognitoidentityprovider + + + software.amazon.awssdk + netty-nio-client + + + software.amazon.awssdk + apache-client + + + + + org.springframework + spring-core + + + + diff --git a/spring-cloud-aws-dependencies/pom.xml b/spring-cloud-aws-dependencies/pom.xml index 0c3d7d77f..e0303d851 100644 --- a/spring-cloud-aws-dependencies/pom.xml +++ b/spring-cloud-aws-dependencies/pom.xml @@ -82,6 +82,12 @@ true + + software.amazon.awssdk + cognitoidentityprovider + ${awssdk-v2.version} + + io.awspring.cloud spring-cloud-aws-core @@ -136,6 +142,12 @@ ${project.version} + + io.awspring.cloud + spring-cloud-aws-cognito + ${project.version} + + io.awspring.cloud spring-cloud-aws-testcontainers diff --git a/spring-cloud-aws-starters/spring-cloud-aws-starter-cognito/pom.xml b/spring-cloud-aws-starters/spring-cloud-aws-starter-cognito/pom.xml new file mode 100644 index 000000000..a88da0268 --- /dev/null +++ b/spring-cloud-aws-starters/spring-cloud-aws-starter-cognito/pom.xml @@ -0,0 +1,26 @@ + + + + spring-cloud-aws + io.awspring.cloud + 3.3.0-SNAPSHOT + ../../pom.xml + + 4.0.0 + + spring-cloud-aws-starter-cognito + Spring Cloud AWS Cognito Starter + + + + io.awspring.cloud + spring-cloud-aws-cognito + + + io.awspring.cloud + spring-cloud-aws-starter + + + From 53feeb30e719c426f94377c1843b12ac1e513bfa Mon Sep 17 00:00:00 2001 From: Oleh Onufryk Date: Mon, 21 Oct 2024 23:29:08 +0300 Subject: [PATCH 2/3] gh-1246: AWS Cognito Integration 1.0 --- .../cognito/CognitoAutoConfiguration.java | 4 +- .../cognito/CognitoProperties.java | 7 ++ .../cloud/cognito/CognitoAuthOperations.java | 78 +++++++++++++ .../cloud/cognito/CognitoParameters.java | 49 ++++++++ .../cloud/cognito/CognitoTemplate.java | 110 ++++++++++++++++++ .../awspring/cloud/cognito/CognitoUtils.java | 50 ++++++++ .../awspring/cloud/cognito/package-info.java | 22 ++++ spring-cloud-aws-dependencies/pom.xml | 6 + 8 files changed, 324 insertions(+), 2 deletions(-) create mode 100644 spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoAuthOperations.java create mode 100644 spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoParameters.java create mode 100644 spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java create mode 100644 spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoUtils.java create mode 100644 spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/package-info.java diff --git a/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfiguration.java b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfiguration.java index 43e2b032a..99a3efc62 100644 --- a/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfiguration.java +++ b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoAutoConfiguration.java @@ -60,10 +60,10 @@ public CognitoIdentityProviderClient cognitoIdentityProviderClient(CognitoProper @Bean @ConditionalOnMissingBean - @ConditionalOnProperty(name = {"spring.cloud.aws.cognito.clientId", "spring.cloud.aws.cognito.userPoolId"}) + @ConditionalOnProperty(name = { "spring.cloud.aws.cognito.client-id", "spring.cloud.aws.cognito.user-pool-id" }) public CognitoTemplate cognitoTemplate(CognitoProperties cognitoProperties, CognitoIdentityProviderClient cognitoIdentityProviderClient) { return new CognitoTemplate(cognitoIdentityProviderClient, cognitoProperties.getClientId(), - cognitoProperties.getUserPoolId()); + cognitoProperties.getUserPoolId(), cognitoProperties.getClientSecret()); } } diff --git a/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoProperties.java b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoProperties.java index 7a937d4c0..a122a070c 100644 --- a/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoProperties.java +++ b/spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/cognito/CognitoProperties.java @@ -18,6 +18,13 @@ import io.awspring.cloud.autoconfigure.AwsClientProperties; import org.springframework.boot.context.properties.ConfigurationProperties; +/** + * Configuration properties for AWS Cognito Integration + * + * @author Oleh Onufryk + * @since 3.3.0 + */ + @ConfigurationProperties(CognitoProperties.CONFIG_PREFIX) public class CognitoProperties extends AwsClientProperties { diff --git a/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoAuthOperations.java b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoAuthOperations.java new file mode 100644 index 000000000..797f0c1e3 --- /dev/null +++ b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoAuthOperations.java @@ -0,0 +1,78 @@ +/* + * Copyright 2013-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.awspring.cloud.cognito; + +import java.util.List; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminCreateUserResponse; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthResponse; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AttributeType; +import software.amazon.awssdk.services.cognitoidentityprovider.model.ConfirmForgotPasswordResponse; +import software.amazon.awssdk.services.cognitoidentityprovider.model.ForgotPasswordResponse; +import software.amazon.awssdk.services.cognitoidentityprovider.model.RespondToAuthChallengeResponse; + +/** + * An Interface for the most common Cognito auth operations + * + * @author Oleh Onufryk + * @since 3.3.0 + */ + +public interface CognitoAuthOperations { + + /** + * Logs in a user using username and password + * @param username - the username + * @param password - the password + * @return {@link AdminInitiateAuthResponse} a result of login operation from the AWS Cognito + */ + AdminInitiateAuthResponse login(String username, String password); + + /** + * Creates a new user with provided attributes + * @param username - the username + * @param attributeTypes - the list of user attributes defined by user pool + * @return {@link AdminCreateUserResponse} a result of user creation operation from the AWS Cognito + */ + AdminCreateUserResponse createUser(String username, List attributeTypes); + + /** + * Resets password for a user + * @param username - the username + * @return {@link ForgotPasswordResponse} a result of password reset operation from the AWS Cognito + */ + ForgotPasswordResponse resetPassword(String username); + + /** + * Confirms password reset + * @param username - the username + * @param confirmationCode - the confirmation code for password reset operation + * @param newPassword - the new password + * @return {@link ConfirmForgotPasswordResponse} a result of password reset confirmation operation from the AWS + * Cognito + */ + ConfirmForgotPasswordResponse confirmResetPassword(String username, String confirmationCode, String newPassword); + + /** + * Sets a permanent password for a new user + * @param session - the session id returned by the login operation + * @param username - the username of the user + * @param password - the permanent password for user's account + * @return {@link RespondToAuthChallengeResponse} a result of setting permanent password operation from the AWS + * Cognito + */ + RespondToAuthChallengeResponse setPermanentPassword(String session, String username, String password); + +} diff --git a/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoParameters.java b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoParameters.java new file mode 100644 index 000000000..96a79954a --- /dev/null +++ b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoParameters.java @@ -0,0 +1,49 @@ +/* + * Copyright 2013-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.awspring.cloud.cognito; + +/** + * Parameters used in AWS Cognito operations. + * + * @author Oleh Onufryk + * @since 3.3.0 + */ + +public final class CognitoParameters { + + private CognitoParameters() { + } + + /** + * Parameter represents username for a user. + */ + public static final String USERNAME_PARAM_NAME = "USERNAME"; + + /** + * Parameter represents password for a user. + */ + public static final String PASSWORD_PARAM_NAME = "PASSWORD"; + + /** + * Parameter represents a compute secret hash for a user. + */ + public static final String SECRET_HASH_PARAM_NAME = "SECRET_HASH"; + + /** + * Parameter represents a new password for a user. + */ + public static final String NEW_PASSWORD_PARAM_NAME = "NEW_PASSWORD"; +} diff --git a/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java new file mode 100644 index 000000000..79a6a5711 --- /dev/null +++ b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java @@ -0,0 +1,110 @@ +/* + * Copyright 2013-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.awspring.cloud.cognito; + +import java.util.List; +import java.util.Map; +import org.springframework.util.Assert; +import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminCreateUserRequest; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminCreateUserResponse; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthRequest; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthResponse; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AttributeType; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AuthFlowType; +import software.amazon.awssdk.services.cognitoidentityprovider.model.ChallengeNameType; +import software.amazon.awssdk.services.cognitoidentityprovider.model.ConfirmForgotPasswordRequest; +import software.amazon.awssdk.services.cognitoidentityprovider.model.ConfirmForgotPasswordResponse; +import software.amazon.awssdk.services.cognitoidentityprovider.model.ForgotPasswordRequest; +import software.amazon.awssdk.services.cognitoidentityprovider.model.ForgotPasswordResponse; +import software.amazon.awssdk.services.cognitoidentityprovider.model.RespondToAuthChallengeRequest; +import software.amazon.awssdk.services.cognitoidentityprovider.model.RespondToAuthChallengeResponse; + +/** + * Higher level abstraction over {@link CognitoIdentityProviderClient} providing methods for the most common auth + * operations + * + * @author Oleh Onufryk + * @since 3.3.0 + */ + +public class CognitoTemplate implements CognitoAuthOperations { + + private final CognitoIdentityProviderClient cognitoIdentityProviderClient; + private final String clientId; + private final String userPoolId; + private final String clientSecret; + + public CognitoTemplate(CognitoIdentityProviderClient cognitoIdentityProviderClient, String clientId, + String userPoolId, String clientSecret) { + Assert.notNull(cognitoIdentityProviderClient, "cognitoIdentityProviderClient is required"); + Assert.notNull(clientId, "clientId is required"); + Assert.notNull(userPoolId, "userPoolId is required"); + this.cognitoIdentityProviderClient = cognitoIdentityProviderClient; + this.clientId = clientId; + this.userPoolId = userPoolId; + this.clientSecret = clientSecret; + } + + @Override + public AdminInitiateAuthResponse login(String username, String password) { + AdminInitiateAuthRequest adminInitiateAuthRequest = AdminInitiateAuthRequest.builder().userPoolId(userPoolId) + .clientId(clientId).authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH) + .authParameters(resolveAuthParameters(username, password)).build(); + return cognitoIdentityProviderClient.adminInitiateAuth(adminInitiateAuthRequest); + } + + @Override + public AdminCreateUserResponse createUser(String username, List attributeTypes) { + AdminCreateUserRequest createUserRequest = AdminCreateUserRequest.builder().userPoolId(userPoolId) + .username(username).userAttributes(attributeTypes).build(); + return cognitoIdentityProviderClient.adminCreateUser(createUserRequest); + } + + @Override + public ForgotPasswordResponse resetPassword(String username) { + ForgotPasswordRequest forgotPasswordRequest = ForgotPasswordRequest.builder().clientId(clientId) + .username(username).build(); + + return cognitoIdentityProviderClient.forgotPassword(forgotPasswordRequest); + } + + @Override + public ConfirmForgotPasswordResponse confirmResetPassword(String username, String confirmationCode, + String newPassword) { + ConfirmForgotPasswordRequest confirmForgotPasswordRequest = ConfirmForgotPasswordRequest.builder() + .clientId(clientId).username(username).password(newPassword).confirmationCode(confirmationCode) + .secretHash(CognitoUtils.calculateSecretHash(clientId, clientSecret, username)).build(); + return cognitoIdentityProviderClient.confirmForgotPassword(confirmForgotPasswordRequest); + } + + @Override + public RespondToAuthChallengeResponse setPermanentPassword(String session, String username, String password) { + RespondToAuthChallengeRequest respondToAuthChallengeRequest = RespondToAuthChallengeRequest.builder() + .clientId(clientId).challengeName(ChallengeNameType.NEW_PASSWORD_REQUIRED) + .challengeResponses(Map.of(CognitoParameters.USERNAME_PARAM_NAME, username, + CognitoParameters.NEW_PASSWORD_PARAM_NAME, password, CognitoParameters.SECRET_HASH_PARAM_NAME, + CognitoUtils.calculateSecretHash(clientId, clientSecret, username))) + .build(); + return cognitoIdentityProviderClient.respondToAuthChallenge(respondToAuthChallengeRequest); + } + + private Map resolveAuthParameters(String username, String password) { + return Map.of(CognitoParameters.USERNAME_PARAM_NAME, username, CognitoParameters.PASSWORD_PARAM_NAME, password, + CognitoParameters.SECRET_HASH_PARAM_NAME, + CognitoUtils.calculateSecretHash(clientId, clientSecret, username)); + } +} diff --git a/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoUtils.java b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoUtils.java new file mode 100644 index 000000000..7547c3343 --- /dev/null +++ b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoUtils.java @@ -0,0 +1,50 @@ +/* + * Copyright 2013-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.awspring.cloud.cognito; + +import java.nio.charset.StandardCharsets; +import java.util.Base64; +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; + +/** + * Utility class for Cognito operations. + * + * @author Oleh Onufryk + * @since 3.3.0 + */ +public class CognitoUtils { + + private CognitoUtils() { + } + + // https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#cognito-user-pools-computing-secret-hash + public static String calculateSecretHash(String userPoolClientId, String userPoolClientSecret, String userName) { + final String HMAC_SHA256_ALGORITHM = "HmacSHA256"; + SecretKeySpec signingKey = new SecretKeySpec(userPoolClientSecret.getBytes(StandardCharsets.UTF_8), + HMAC_SHA256_ALGORITHM); + try { + Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM); + mac.init(signingKey); + mac.update(userName.getBytes(StandardCharsets.UTF_8)); + byte[] rawHmac = mac.doFinal(userPoolClientId.getBytes(StandardCharsets.UTF_8)); + return Base64.getEncoder().encodeToString(rawHmac); + } + catch (Exception e) { + throw new RuntimeException("Error while calculating secret hash for " + userName); + } + } +} diff --git a/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/package-info.java b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/package-info.java new file mode 100644 index 000000000..01bad4a7c --- /dev/null +++ b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/package-info.java @@ -0,0 +1,22 @@ +/* + * Copyright 2013-2022 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * AWS Cognito integration. + */ +@org.springframework.lang.NonNullApi +@org.springframework.lang.NonNullFields +package io.awspring.cloud.cognito; diff --git a/spring-cloud-aws-dependencies/pom.xml b/spring-cloud-aws-dependencies/pom.xml index e0303d851..69fcbf61a 100644 --- a/spring-cloud-aws-dependencies/pom.xml +++ b/spring-cloud-aws-dependencies/pom.xml @@ -220,6 +220,12 @@ ${project.version} + + io.awspring.cloud + spring-cloud-aws-starter-cognito + ${project.version} + + io.awspring.cloud spring-cloud-aws-test From 8de3eec1113f83abd0e9cad398aea65c39307a63 Mon Sep 17 00:00:00 2001 From: Oleh Onufryk Date: Thu, 14 Nov 2024 23:32:18 +0200 Subject: [PATCH 3/3] gh-1246: sample for AWS Cognito Integration --- pom.xml | 3 +- .../cloud/cognito/CognitoTemplate.java | 22 ++++-- .../spring-cloud-aws-cognito-sample/pom.xml | 34 ++++++++++ .../cloud/SpringCloudAwsCognitoExample.java | 67 +++++++++++++++++++ .../src/main/resources/application.properties | 9 +++ 5 files changed, 128 insertions(+), 7 deletions(-) create mode 100644 spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/pom.xml create mode 100644 spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/java/io/awspring/cloud/SpringCloudAwsCognitoExample.java create mode 100644 spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/resources/application.properties diff --git a/pom.xml b/pom.xml index 546683c43..2f4dca7a5 100644 --- a/pom.xml +++ b/pom.xml @@ -60,7 +60,8 @@ spring-cloud-aws-test spring-cloud-aws-modulith docs - + spring-cloud-aws-samples/spring-cloud-aws-cognito-sample + diff --git a/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java index 79a6a5711..0b187e139 100644 --- a/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java +++ b/spring-cloud-aws-cognito/src/main/java/io/awspring/cloud/cognito/CognitoTemplate.java @@ -15,6 +15,7 @@ */ package io.awspring.cloud.cognito; +import java.util.HashMap; import java.util.List; import java.util.Map; import org.springframework.util.Assert; @@ -76,8 +77,12 @@ public AdminCreateUserResponse createUser(String username, List a @Override public ForgotPasswordResponse resetPassword(String username) { - ForgotPasswordRequest forgotPasswordRequest = ForgotPasswordRequest.builder().clientId(clientId) - .username(username).build(); + ForgotPasswordRequest.Builder forgotPasswordRequestBuilder = ForgotPasswordRequest.builder().clientId(clientId) + .username(username); + if (this.clientSecret != null) { + forgotPasswordRequestBuilder.secretHash(CognitoUtils.calculateSecretHash(clientId, clientSecret, username)); + } + ForgotPasswordRequest forgotPasswordRequest = forgotPasswordRequestBuilder.build(); return cognitoIdentityProviderClient.forgotPassword(forgotPasswordRequest); } @@ -94,7 +99,7 @@ public ConfirmForgotPasswordResponse confirmResetPassword(String username, Strin @Override public RespondToAuthChallengeResponse setPermanentPassword(String session, String username, String password) { RespondToAuthChallengeRequest respondToAuthChallengeRequest = RespondToAuthChallengeRequest.builder() - .clientId(clientId).challengeName(ChallengeNameType.NEW_PASSWORD_REQUIRED) + .clientId(clientId).challengeName(ChallengeNameType.NEW_PASSWORD_REQUIRED).session(session) .challengeResponses(Map.of(CognitoParameters.USERNAME_PARAM_NAME, username, CognitoParameters.NEW_PASSWORD_PARAM_NAME, password, CognitoParameters.SECRET_HASH_PARAM_NAME, CognitoUtils.calculateSecretHash(clientId, clientSecret, username))) @@ -103,8 +108,13 @@ public RespondToAuthChallengeResponse setPermanentPassword(String session, Strin } private Map resolveAuthParameters(String username, String password) { - return Map.of(CognitoParameters.USERNAME_PARAM_NAME, username, CognitoParameters.PASSWORD_PARAM_NAME, password, - CognitoParameters.SECRET_HASH_PARAM_NAME, - CognitoUtils.calculateSecretHash(clientId, clientSecret, username)); + Map parametersMap = new HashMap<>(); + parametersMap.put(CognitoParameters.USERNAME_PARAM_NAME, username); + parametersMap.put(CognitoParameters.PASSWORD_PARAM_NAME, password); + if (this.clientSecret != null) { + parametersMap.put(CognitoParameters.SECRET_HASH_PARAM_NAME, + CognitoUtils.calculateSecretHash(clientId, clientSecret, username)); + } + return parametersMap; } } diff --git a/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/pom.xml b/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/pom.xml new file mode 100644 index 000000000..bf83b2b29 --- /dev/null +++ b/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/pom.xml @@ -0,0 +1,34 @@ + + + + spring-cloud-aws-samples + io.awspring.cloud + 3.3.0-SNAPSHOT + + 4.0.0 + spring-cloud-aws-cognito-sample + Spring Cloud AWS Cognito Sample + + + + org.springframework.boot + spring-boot-starter-web + + + io.awspring.cloud + spring-cloud-aws-starter-cognito + 3.3.0-SNAPSHOT + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + diff --git a/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/java/io/awspring/cloud/SpringCloudAwsCognitoExample.java b/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/java/io/awspring/cloud/SpringCloudAwsCognitoExample.java new file mode 100644 index 000000000..e54889a7a --- /dev/null +++ b/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/java/io/awspring/cloud/SpringCloudAwsCognitoExample.java @@ -0,0 +1,67 @@ +/* + * Copyright 2013-2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.awspring.cloud; + +import io.awspring.cloud.cognito.CognitoTemplate; +import java.util.List; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.boot.ApplicationRunner; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Bean; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AdminInitiateAuthResponse; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AttributeType; +import software.amazon.awssdk.services.cognitoidentityprovider.model.AuthenticationResultType; +import software.amazon.awssdk.services.cognitoidentityprovider.model.ChallengeNameType; + +@SpringBootApplication +public class SpringCloudAwsCognitoExample { + + private static final Logger LOGGER = LoggerFactory.getLogger(SpringCloudAwsCognitoExample.class); + private static final String USERNAME = "foo@bar.com"; + + public static void main(String[] args) { + SpringApplication.run(SpringCloudAwsCognitoExample.class, args); + } + + @Bean + ApplicationRunner applicationRunner(CognitoTemplate cognitoTemplate) { + return args -> { + + cognitoTemplate.createUser(USERNAME, getAttributes()); + LOGGER.info("User created, check your email"); + AdminInitiateAuthResponse authResponse = cognitoTemplate.login(USERNAME, "password"); + if (ChallengeNameType.NEW_PASSWORD_REQUIRED.equals(authResponse.challengeName())) { + String session = authResponse.session(); + cognitoTemplate.setPermanentPassword(session, USERNAME, "superSecurePassword"); + } + // your Access Token, Id Token and Refresh Token are stored here + AuthenticationResultType authenticationResultType = authResponse.authenticationResult(); + LOGGER.info("Authentication result: {}", authenticationResultType); + + cognitoTemplate.resetPassword(USERNAME); + LOGGER.info("Check your email for password reset instructions"); + cognitoTemplate.confirmResetPassword(USERNAME, "confirmationCode", "newSuperSecurePassword"); + }; + } + + private List getAttributes() { + return List.of(AttributeType.builder().name("email").value(USERNAME).build() + // and all other attributes here + ); + } +} diff --git a/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/resources/application.properties b/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/resources/application.properties new file mode 100644 index 000000000..d7ca454a4 --- /dev/null +++ b/spring-cloud-aws-samples/spring-cloud-aws-cognito-sample/src/main/resources/application.properties @@ -0,0 +1,9 @@ +# LocalStack configuration +spring.cloud.aws.endpoint=http://localhost:4566 +spring.cloud.aws.region.static=us-east-1 +spring.cloud.aws.credentials.access-key=noop +spring.cloud.aws.credentials.secret-key=noop + +spring.cloud.aws.cognito.user-pool-id=eu-central-1_UserPoolId +spring.cloud.aws.cognito.client-id=client-id +spring.cloud.aws.cognito.client-secret=client-secret