diff --git a/.github/workflows/quality_check.yml b/.github/workflows/quality_check.yml index 66e2ef60e0d..0cfeac0e6e5 100644 --- a/.github/workflows/quality_check.yml +++ b/.github/workflows/quality_check.yml @@ -79,6 +79,6 @@ jobs: uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # 5.4.3 with: token: ${{ secrets.CODECOV_TOKEN }} - file: ./coverage.xml + files: ./coverage.xml env_vars: PYTHON name: aws-lambda-powertools-python-codecov diff --git a/aws_lambda_powertools/utilities/parser/models/__init__.py b/aws_lambda_powertools/utilities/parser/models/__init__.py index ad8e3d7a92f..15387374f4d 100644 --- a/aws_lambda_powertools/utilities/parser/models/__init__.py +++ b/aws_lambda_powertools/utilities/parser/models/__init__.py @@ -50,6 +50,21 @@ CloudWatchLogsLogEvent, CloudWatchLogsModel, ) +from .cognito import ( + CognitoCreateAuthChallengeTriggerModel, + CognitoCustomEmailSenderTriggerModel, + CognitoCustomMessageTriggerModel, + CognitoCustomSMSSenderTriggerModel, + CognitoDefineAuthChallengeTriggerModel, + CognitoMigrateUserTriggerModel, + CognitoPostAuthenticationTriggerModel, + CognitoPostConfirmationTriggerModel, + CognitoPreAuthenticationTriggerModel, + CognitoPreSignupTriggerModel, + CognitoPreTokenGenerationTriggerModelV1, + CognitoPreTokenGenerationTriggerModelV2AndV3, + CognitoVerifyAuthChallengeTriggerModel, +) from .dynamodb import ( DynamoDBStreamChangedRecordModel, DynamoDBStreamModel, @@ -138,6 +153,19 @@ "CloudWatchLogsDecode", "CloudWatchLogsLogEvent", "CloudWatchLogsModel", + "CognitoPreSignupTriggerModel", + "CognitoPostConfirmationTriggerModel", + "CognitoPreAuthenticationTriggerModel", + "CognitoPostAuthenticationTriggerModel", + "CognitoMigrateUserTriggerModel", + "CognitoCustomMessageTriggerModel", + "CognitoCustomEmailSenderTriggerModel", + "CognitoCustomSMSSenderTriggerModel", + "CognitoDefineAuthChallengeTriggerModel", + "CognitoCreateAuthChallengeTriggerModel", + "CognitoVerifyAuthChallengeTriggerModel", + "CognitoPreTokenGenerationTriggerModelV1", + "CognitoPreTokenGenerationTriggerModelV2AndV3", "AlbModel", "AlbRequestContext", "AlbRequestContextData", diff --git a/aws_lambda_powertools/utilities/parser/models/cognito.py b/aws_lambda_powertools/utilities/parser/models/cognito.py new file mode 100644 index 00000000000..05726e37db4 --- /dev/null +++ b/aws_lambda_powertools/utilities/parser/models/cognito.py @@ -0,0 +1,231 @@ +from typing import Any, Dict, List, Literal, Optional + +from pydantic import BaseModel + + +# Common context model for Cognito triggers +class CognitoCallerContextModel(BaseModel): + awsSdkVersion: str + clientId: str + + +# Base model for all Cognito triggers +class CognitoTriggerBaseSchema(BaseModel): + version: str + region: str + userPoolId: str + userName: Optional[str] = None + callerContext: CognitoCallerContextModel + + +# Models for Pre-Signup flow +class CognitoPreSignupRequestModel(BaseModel): + userAttributes: Dict[str, Any] + validationData: Optional[Dict[str, Any]] = None + clientMetadata: Optional[Dict[str, Any]] = None + userNotFound: Optional[bool] = None + + +class CognitoPreSignupResponseModel(BaseModel): + autoConfirmUser: Optional[bool] = False + autoVerifyPhone: Optional[bool] = False + autoVerifyEmail: Optional[bool] = False + + +class CognitoPreSignupTriggerModel(CognitoTriggerBaseSchema): + triggerSource: Literal["PreSignUp_SignUp"] + request: CognitoPreSignupRequestModel + response: CognitoPreSignupResponseModel + + +# Models for Post-Confirmation flow +class CognitoPostConfirmationRequestModel(BaseModel): + userAttributes: Dict[str, Any] + clientMetadata: Optional[Dict[str, Any]] = None + + +class CognitoPostConfirmationTriggerModel(CognitoTriggerBaseSchema): + triggerSource: Literal["PostConfirmation_ConfirmSignUp"] + request: CognitoPostConfirmationRequestModel + response: Dict[str, Any] = {} + + +# Models for Pre-Authentication flow +class CognitoPreAuthenticationRequestModel(BaseModel): + userAttributes: Dict[str, Any] + validationData: Optional[Dict[str, Any]] = None + userNotFound: Optional[bool] = None + + +class CognitoPreAuthenticationTriggerModel(CognitoTriggerBaseSchema): + triggerSource: Literal["PreAuthentication_Authentication"] + request: CognitoPreAuthenticationRequestModel + response: Dict[str, Any] = {} + + +# Models for Post-Authentication flow +class CognitoPostAuthenticationRequestModel(BaseModel): + userAttributes: Dict[str, Any] + newDeviceUsed: Optional[bool] = None + clientMetadata: Optional[Dict[str, Any]] = None + + +class CognitoPostAuthenticationTriggerModel(CognitoTriggerBaseSchema): + triggerSource: Literal["PostAuthentication_Authentication"] + request: CognitoPostAuthenticationRequestModel + response: Dict[str, Any] = {} + + +# Models for Pre-Token Generation flow +class CognitoGroupConfigurationModel(BaseModel): + groupsToOverride: List[str] + iamRolesToOverride: List[str] + preferredRole: Optional[str] = None + + +class CognitoPreTokenGenerationRequestModel(BaseModel): + userAttributes: Dict[str, Any] + groupConfiguration: CognitoGroupConfigurationModel + clientMetadata: Optional[Dict[str, Any]] = None + + +class CognitoPreTokenGenerationTriggerModelV1(CognitoTriggerBaseSchema): + triggerSource: str + request: CognitoPreTokenGenerationRequestModel + response: Dict[str, Any] = {} + + +class CognitoPreTokenGenerationRequestModelV2AndV3(CognitoPreTokenGenerationRequestModel): + scopes: Optional[Dict[str, Any]] = None + + +class CognitoPreTokenGenerationTriggerModelV2AndV3(CognitoTriggerBaseSchema): + request: CognitoPreTokenGenerationRequestModelV2AndV3 + response: Dict[str, Any] = {} + + +# Models for User Migration flow +class CognitoMigrateUserRequestModel(BaseModel): + password: str + validationData: Optional[Dict[str, Any]] = None + clientMetadata: Optional[Dict[str, Any]] = None + + +class CognitoMigrateUserResponseModel(BaseModel): + userAttributes: Optional[Dict[str, Any]] = None + finalUserStatus: Optional[str] = None + messageAction: Optional[str] = None + desiredDeliveryMediums: Optional[List[str]] = None + forceAliasCreation: Optional[bool] = None + enableSMSMFA: Optional[bool] = None + + +class CognitoMigrateUserTriggerModel(CognitoTriggerBaseSchema): + triggerSource: str + userName: str + request: CognitoMigrateUserRequestModel + response: CognitoMigrateUserResponseModel + + +# Models for Custom Message flow +class CognitoCustomMessageRequestModel(BaseModel): + userAttributes: Dict[str, Any] + codeParameter: str + linkParameter: Optional[str] = None + usernameParameter: Optional[str] = None + clientMetadata: Optional[Dict[str, Any]] = None + + +class CognitoCustomMessageResponseModel(BaseModel): + smsMessage: Optional[str] = None + emailMessage: Optional[str] = None + emailSubject: Optional[str] = None + + +class CognitoCustomMessageTriggerModel(CognitoTriggerBaseSchema): + triggerSource: str + request: CognitoCustomMessageRequestModel + response: CognitoCustomMessageResponseModel + + +# Models for Custom Email/SMS Sender flow +class CognitoCustomEmailSMSSenderRequestModel(BaseModel): + type: str + code: str + clientMetadata: Optional[Dict[str, Any]] = None + userAttributes: Dict[str, Any] + + +class CognitoCustomEmailSenderTriggerModel(CognitoTriggerBaseSchema): + triggerSource: Literal["CustomEmailSender_SignUp"] + request: CognitoCustomEmailSMSSenderRequestModel + + +class CognitoCustomSMSSenderTriggerModel(CognitoTriggerBaseSchema): + triggerSource: Literal["CustomSMSSender_SignUp"] + request: CognitoCustomEmailSMSSenderRequestModel + + +# Models for Challenge Authentication flows +class CognitoChallengeResultModel(BaseModel): + challengeName: Literal[ + "SRP_A", + "PASSWORD_VERIFIER", + "SMS_MFA", + "EMAIL_OTP", + "SOFTWARE_TOKEN_MFA", + "DEVICE_SRP_AUTH", + "DEVICE_PASSWORD_VERIFIER", + "ADMIN_NO_SRP_AUTH", + ] + challengeResult: bool + challengeMetadata: Optional[str] = None + + +class CognitoAuthChallengeRequestModel(BaseModel): + userAttributes: Dict[str, Any] + session: List[CognitoChallengeResultModel] + clientMetadata: Optional[Dict[str, Any]] = None + userNotFound: Optional[bool] = None + + +class CognitoDefineAuthChallengeResponseModel(BaseModel): + challengeName: Optional[str] = None + issueTokens: Optional[bool] = None + failAuthentication: Optional[bool] = None + + +class CognitoDefineAuthChallengeTriggerModel(CognitoTriggerBaseSchema): + triggerSource: Literal["DefineAuthChallenge_Authentication"] + request: CognitoAuthChallengeRequestModel + response: CognitoDefineAuthChallengeResponseModel + + +class CognitoCreateAuthChallengeResponseModel(BaseModel): + publicChallengeParameters: Optional[Dict[str, Any]] = None + privateChallengeParameters: Optional[Dict[str, Any]] = None + challengeMetadata: Optional[str] = None + + +class CognitoCreateAuthChallengeTriggerModel(CognitoTriggerBaseSchema): + triggerSource: Literal["CreateAuthChallenge_Authentication"] + request: CognitoAuthChallengeRequestModel + response: CognitoCreateAuthChallengeResponseModel + + +class CognitoVerifyAuthChallengeRequestModel(BaseModel): + userAttributes: Dict[str, Any] + privateChallengeParameters: Dict[str, Any] + challengeAnswer: str + clientMetadata: Optional[Dict[str, Any]] = None + userNotFound: Optional[bool] = None + + +class CognitoVerifyAuthChallengeResponseModel(BaseModel): + answerCorrect: bool + + +class CognitoVerifyAuthChallengeTriggerModel(CognitoTriggerBaseSchema): + triggerSource: Literal["VerifyAuthChallengeResponse_Authentication"] + request: CognitoVerifyAuthChallengeRequestModel + response: CognitoVerifyAuthChallengeResponseModel diff --git a/docs/utilities/parser.md b/docs/utilities/parser.md index 59302f45a34..7c46258bff9 100644 --- a/docs/utilities/parser.md +++ b/docs/utilities/parser.md @@ -118,6 +118,19 @@ The example above uses `SqsModel`. Other built-in models can be found below. | **CloudFormationCustomResourceUpdateModel** | Lambda Event Source payload for AWS CloudFormation `UPDATE` operation | | **CloudFormationCustomResourceDeleteModel** | Lambda Event Source payload for AWS CloudFormation `DELETE` operation | | **CloudwatchLogsModel** | Lambda Event Source payload for Amazon CloudWatch Logs | +| **CognitoPreSignupTriggerModel** | Lambda User Pool Pre-Sign-Up trigger event | +| **CognitoPostConfirmationTriggerModel** | Lambda User Pool Post Confirmation trigger event | +| **CognitoPreAuthenticationTriggerModel** | Lambda User Pool Pre Authentication trigger event | +| **CognitoPostAuthenticationTriggerModel** | Lambda User Pool Post Authentication trigger event | +| **CognitoPreTokenGenerationTriggerModelV1** | Lambda User Pool Pre Token Generation V1 trigger event | +| **CognitoPreTokenGenerationTriggerModelV2AndV3** | Lambda User Pool Pre Token Generation V2 and V3 trigger event | +| **CognitoMigrateUserTriggerModel** | Lambda User Pool Migrate User trigger event | +| **CognitoCustomMessageTriggerModel** | Lambda User Pool Custom Message trigger event | +| **CognitoCustomEmailSenderTriggerModel** | Lambda User Pool Custom Email Sender trigger event | +| **CognitoCustomSMSSenderTriggerModel** | Lambda User Pool Custom SMS Sender trigger event | +| **CognitoDefineAuthChallengeTriggerModel** | Lambda User Pool Define Auth Challenge trigger event | +| **CognitoCreateAuthChallengeTriggerModel** | Lambda User Pool Create Auth Challenge trigger event | +| **CognitoVerifyAuthChallengeTriggerModel** | Lambda User Pool Verify Auth Challenge trigger event | | **DynamoDBStreamModel** | Lambda Event Source payload for Amazon DynamoDB Streams | | **EventBridgeModel** | Lambda Event Source payload for Amazon EventBridge | | **IoTCoreThingEvent** | Lambda Event Source payload for IoT Core Thing created, updated, or deleted. | diff --git a/tests/events/cognitoCreateAuthChallengeEvent.json b/tests/events/cognitoCreateAuthChallengeEvent.json index ad018ae0829..6955a7b7bbf 100644 --- a/tests/events/cognitoCreateAuthChallengeEvent.json +++ b/tests/events/cognitoCreateAuthChallengeEvent.json @@ -18,7 +18,7 @@ "challengeName": "PASSWORD_VERIFIER", "session" : [ { - "challengeName": "CUSTOM_CHALLENGE", + "challengeName": "PASSWORD_VERIFIER", "challengeResult": true, "challengeMetadata": "CAPTCHA_CHALLENGE" } diff --git a/tests/events/cognitoCustomEmailSenderEvent.json b/tests/events/cognitoCustomEmailSenderEvent.json index c65e304d036..51e5f952a0c 100644 --- a/tests/events/cognitoCustomEmailSenderEvent.json +++ b/tests/events/cognitoCustomEmailSenderEvent.json @@ -5,7 +5,7 @@ "userPoolId": "userPoolId", "userName": "userName", "callerContext": { - "awsSdk": "awsSdkVersion", + "awsSdkVersion": "awsSdkVersion", "clientId": "clientId" }, "request": { diff --git a/tests/events/cognitoCustomMessageEvent.json b/tests/events/cognitoCustomMessageEvent.json index 658cd302961..8e83b1a86c2 100644 --- a/tests/events/cognitoCustomMessageEvent.json +++ b/tests/events/cognitoCustomMessageEvent.json @@ -5,7 +5,7 @@ "userPoolId": "userPoolId", "userName": "userName", "callerContext": { - "awsSdk": "awsSdkVersion", + "awsSdkVersion": "awsSdkVersion", "clientId": "clientId" }, "request": { diff --git a/tests/events/cognitoCustomSMSSenderEvent.json b/tests/events/cognitoCustomSMSSenderEvent.json index d2ca1b218c0..3076bc2e807 100644 --- a/tests/events/cognitoCustomSMSSenderEvent.json +++ b/tests/events/cognitoCustomSMSSenderEvent.json @@ -5,7 +5,7 @@ "userPoolId": "userPoolId", "userName": "userName", "callerContext": { - "awsSdk": "awsSdkVersion", + "awsSdkVersion": "awsSdkVersion", "clientId": "clientId" }, "request": { diff --git a/tests/events/cognitoDefineAuthChallengeEvent.json b/tests/events/cognitoDefineAuthChallengeEvent.json index 80ea5ac2d98..43e754e2a54 100644 --- a/tests/events/cognitoDefineAuthChallengeEvent.json +++ b/tests/events/cognitoDefineAuthChallengeEvent.json @@ -21,7 +21,7 @@ "challengeResult": true }, { - "challengeName": "CUSTOM_CHALLENGE", + "challengeName": "PASSWORD_VERIFIER", "challengeResult": true, "challengeMetadata": "CAPTCHA_CHALLENGE" } diff --git a/tests/events/cognitoVerifyAuthChallengeResponseEvent.json b/tests/events/cognitoVerifyAuthChallengeResponseEvent.json index 2ebcdb5c278..b466af3c6cb 100644 --- a/tests/events/cognitoVerifyAuthChallengeResponseEvent.json +++ b/tests/events/cognitoVerifyAuthChallengeResponseEvent.json @@ -24,5 +24,7 @@ "challengeAnswer": "challengeAnswer", "userNotFound": true }, - "response": {} + "response": { + "answerCorrect": true + } } diff --git a/tests/unit/parser/_pydantic/test_cognito_triggers.py b/tests/unit/parser/_pydantic/test_cognito_triggers.py new file mode 100644 index 00000000000..a4c34472ad7 --- /dev/null +++ b/tests/unit/parser/_pydantic/test_cognito_triggers.py @@ -0,0 +1,48 @@ +import pytest + +from aws_lambda_powertools.utilities.parser import ValidationError, parse +from aws_lambda_powertools.utilities.parser.models import ( + CognitoCreateAuthChallengeTriggerModel, + CognitoCustomEmailSenderTriggerModel, + CognitoCustomMessageTriggerModel, + CognitoCustomSMSSenderTriggerModel, + CognitoDefineAuthChallengeTriggerModel, + CognitoMigrateUserTriggerModel, + CognitoPostAuthenticationTriggerModel, + CognitoPostConfirmationTriggerModel, + CognitoPreAuthenticationTriggerModel, + CognitoPreSignupTriggerModel, + CognitoPreTokenGenerationTriggerModelV1, + CognitoVerifyAuthChallengeTriggerModel, +) +from tests.functional.utils import load_event + + +@pytest.mark.parametrize( + "filename,model", + [ + # use the existing `tests/events/*.json` names: + ("cognitoPreSignUpEvent.json", CognitoPreSignupTriggerModel), + ("cognitoPostConfirmationEvent.json", CognitoPostConfirmationTriggerModel), + ("cognitoPreAuthenticationEvent.json", CognitoPreAuthenticationTriggerModel), + ("cognitoPostAuthenticationEvent.json", CognitoPostAuthenticationTriggerModel), + ("cognitoPreTokenGenerationEvent.json", CognitoPreTokenGenerationTriggerModelV1), + ("cognitoUserMigrationEvent.json", CognitoMigrateUserTriggerModel), + ("cognitoCustomMessageEvent.json", CognitoCustomMessageTriggerModel), + ("cognitoCustomEmailSenderEvent.json", CognitoCustomEmailSenderTriggerModel), + ("cognitoCustomSMSSenderEvent.json", CognitoCustomSMSSenderTriggerModel), + ("cognitoDefineAuthChallengeEvent.json", CognitoDefineAuthChallengeTriggerModel), + ("cognitoCreateAuthChallengeEvent.json", CognitoCreateAuthChallengeTriggerModel), + ("cognitoVerifyAuthChallengeResponseEvent.json", CognitoVerifyAuthChallengeTriggerModel), + ], +) +def test_cognito_trigger_models_parse_success(filename, model): + event = load_event(filename) + parsed = parse(event=event, model=model) + # if parsing succeeds, we get an instance + assert isinstance(parsed, model) + + +def test_cognito_trigger_models_invalid_raises(): + with pytest.raises(ValidationError): + parse(event={"foo": "bar"}, model=CognitoPreSignupTriggerModel)