Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(auth): [EMAIL MFA] Sign In / Confirm Sign In With MFA_SETUP #13760

Merged
merged 9 commits into from
Sep 6, 2024
Merged

feat(auth): [EMAIL MFA] Sign In / Confirm Sign In With MFA_SETUP #13760

merged 9 commits into from
Sep 6, 2024

Conversation

jjarvisp
Copy link
Member

@jjarvisp jjarvisp commented Aug 27, 2024
edited
Loading

Description of changes

The purpose of this pull request is to expand the MFA_SETUP challenge to support setting up and signing in with multiple MFA setup options - EMAIL and TOTP.

Issue #, if available

Description of how you validated changes

  • Manual Tests
  • Unit Tests

Checklist

  • PR description included
  • yarn test passes
  • Unit Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)

Checklist for repo maintainers

  • Verify E2E tests for existing workflows are working as expected or add E2E tests for newly added workflows
  • New source file paths included in this PR have been added to CODEOWNERS, if appropriate

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jjarvisp jjarvisp changed the title Sign In / Confirm Sign In With MFA_SETUP [EMAIL MFA] Sign In / Confirm Sign In With MFA_SETUP Aug 27, 2024
@jjarvisp jjarvisp force-pushed the feat/email-mfa-setup branch from a852083 to eeb8249 Compare August 27, 2024 21:15
@jjarvisp jjarvisp force-pushed the feat/email-mfa-setup branch from fff1814 to 9d0989d Compare August 28, 2024 00:24
israx
israx suggested changes Aug 28, 2024
View reviewed changes
Copy link
Member

@israx israx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for putting this together.

Keeping track of state at 2 different places can be problematic. It introduces complexity when debugging, refactoring, and scaling. It can also lead to bugs. My concern is that when adding resumable-sign-in, the new store would also need to store state in sessionStorage.

To avoid all of that, we can keep handling the same state that is managed by the signInStore and keep the sign-in flow between the getSignInResult and handleChallengeName helpers. If we want to add some extra state, we can add some metadata in the signInStore — I don't see the need but I'll leave it up to you.

Bellow I added a flow diagram that shows the sign-in flow between the handleChangeName and getSignInResult helpers when challengeName is MFA_SETUP

sign-in-flow drawio

@jjarvisp jjarvisp force-pushed the feat/email-mfa-setup branch from 7b30970 to eee2523 Compare August 28, 2024 15:45
@jjarvisp jjarvisp force-pushed the feat/email-mfa-setup branch from eee2523 to 33a98c8 Compare August 28, 2024 15:46
israx
israx reviewed Aug 28, 2024
View reviewed changes
Copy link
Member

@israx israx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the thorough testing. Can we also add test cases for confirmSignIn MFA_SETUP challenge negative path cases ? — Making sure confirmSignIn is still callable when an invalid response is passed in.

packages/auth/src/providers/cognito/utils/signInStore.ts Outdated Show resolved Hide resolved
@jjarvisp jjarvisp force-pushed the feat/email-mfa-setup branch from 16b351a to 69fdb0a Compare August 28, 2024 20:50
@jjarvisp jjarvisp force-pushed the feat/email-mfa-setup branch from 69fdb0a to b5e8fed Compare August 28, 2024 20:52
@jjarvisp jjarvisp requested a review from israx August 28, 2024 21:03
@jjarvisp jjarvisp marked this pull request as ready for review August 29, 2024 13:30
@HuiSF HuiSF changed the title [EMAIL MFA] Sign In / Confirm Sign In With MFA_SETUP feat(auth): [EMAIL MFA] Sign In / Confirm Sign In With MFA_SETUP Aug 29, 2024
@jjarvisp jjarvisp merged commit 782136d into aws-amplify:feat/email-mfa Sep 6, 2024
28 checks passed
jjarvisp added a commit that referenced this pull request Sep 6, 2024
@jjarvisp
feat(auth): [EMAIL MFA] Sign In / Confirm Sign In With MFA_SETUP (#13760
c1c7a5e 
)

* Sign In / Confirm Sign In With MFA_SETUP

* Sign In State Management Tests

* Confirm Sign In Happy Path Tests

* Fix State Management Tests

* Apply Feedback

* loose email matching

* Remove Unnecessary Export

* Update SignInHelpers For Getting Allowed MFA Setup Types

* Add Error Case Unit Tests
jjarvisp added a commit that referenced this pull request Oct 31, 2024
@jjarvisp @israx
feat(auth): add support for Email MFA (#13945)
42db720 
* [Email MFA] Updating fetchMFAPreference and updateMFAPreference (#13720)

* add EMAIL MFA option in fetchMFAPreference

* add EMAIL MFA option in updateMFAPreference

* update fetchMFAPreference tests

* update updateMFAPreference tests

* update bundle size

* remove redundant assertions

* [Email MFA] Add support for EMAIL_OTP during sign in flows (#13745)

* Confirm Sign In With Email OTP

* Confirm Sign In Tests With Email OTP

* Update packages/auth/src/types/models.ts

Co-authored-by: israx <70438514+israx@users.noreply.github.com>

* Fix Errant Pascal Casing

---------

Co-authored-by: israx <70438514+israx@users.noreply.github.com>

* feat(auth): [EMAIL MFA] Sign In / Confirm Sign In With MFA_SETUP (#13760)

* Sign In / Confirm Sign In With MFA_SETUP

* Sign In State Management Tests

* Confirm Sign In Happy Path Tests

* Fix State Management Tests

* Apply Feedback

* loose email matching

* Remove Unnecessary Export

* Update SignInHelpers For Getting Allowed MFA Setup Types

* Add Error Case Unit Tests

* feat(auth): [EMAIL MFA] enable integ tests with backend configuration swapping (#13794)

* chore: enable mfa integ tests

* chore: add mfa-setup test def

* chore: temporarily enable push integ tests

* chore: disable push integ tests

* chore: address test strategy feedback

* chore: use trimmed challenge response

* chore: improved naming

* chore: update bundle size tests

* chore: remove trimmed challenge response

---------

Co-authored-by: israx <70438514+israx@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@israx israx israx approved these changes

@ukhan-amazon ukhan-amazon Awaiting requested review from ukhan-amazon

@haverchuck haverchuck Awaiting requested review from haverchuck

@cshfang cshfang Awaiting requested review from cshfang

@jimblanc jimblanc Awaiting requested review from jimblanc

@HuiSF HuiSF Awaiting requested review from HuiSF

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jjarvisp @israx