UNPKG

@aws-amplify/auth

Version:
79 lines (77 loc) 3.37 kB
'use strict'; // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 Object.defineProperty(exports, "__esModule", { value: true }); exports.handlePasswordVerifierChallenge = handlePasswordVerifierChallenge; const AuthError_1 = require("../../../errors/AuthError"); const cognitoIdentityProvider_1 = require("../../../foundation/factories/serviceClients/cognitoIdentityProvider"); const factories_1 = require("../factories"); const parsers_1 = require("../../../foundation/parsers"); const srp_1 = require("./srp"); const BigInteger_1 = require("./srp/BigInteger"); const userContextData_1 = require("./userContextData"); const handleDeviceSRPAuth_1 = require("./handleDeviceSRPAuth"); async function handlePasswordVerifierChallenge(password, challengeParameters, clientMetadata, session, authenticationHelper, config, tokenOrchestrator) { const { userPoolId, userPoolClientId, userPoolEndpoint } = config; const userPoolName = userPoolId?.split('_')[1] || ''; const serverBValue = new BigInteger_1.BigInteger(challengeParameters?.SRP_B, 16); const salt = new BigInteger_1.BigInteger(challengeParameters?.SALT, 16); const username = challengeParameters?.USER_ID_FOR_SRP; if (!username) throw new AuthError_1.AuthError({ name: 'EmptyUserIdForSRPException', message: 'USER_ID_FOR_SRP was not found in challengeParameters', }); const hkdf = await authenticationHelper.getPasswordAuthenticationKey({ username, password, serverBValue, salt, }); const dateNow = (0, srp_1.getNowString)(); const challengeResponses = { USERNAME: username, PASSWORD_CLAIM_SECRET_BLOCK: challengeParameters?.SECRET_BLOCK, TIMESTAMP: dateNow, PASSWORD_CLAIM_SIGNATURE: (0, srp_1.getSignatureString)({ username, userPoolName, challengeParameters, dateNow, hkdf, }), }; const deviceMetadata = await tokenOrchestrator.getDeviceMetadata(username); if (deviceMetadata && deviceMetadata.deviceKey) { challengeResponses.DEVICE_KEY = deviceMetadata.deviceKey; } const UserContextData = (0, userContextData_1.getUserContextData)({ username, userPoolId, userPoolClientId, }); const jsonReqResponseChallenge = { ChallengeName: 'PASSWORD_VERIFIER', ChallengeResponses: challengeResponses, ClientMetadata: clientMetadata, Session: session, ClientId: userPoolClientId, UserContextData, }; const respondToAuthChallenge = (0, cognitoIdentityProvider_1.createRespondToAuthChallengeClient)({ endpointResolver: (0, factories_1.createCognitoUserPoolEndpointResolver)({ endpointOverride: userPoolEndpoint, }), }); const response = await respondToAuthChallenge({ region: (0, parsers_1.getRegionFromUserPoolId)(userPoolId) }, jsonReqResponseChallenge); if (response.ChallengeName === 'DEVICE_SRP_AUTH') return (0, handleDeviceSRPAuth_1.handleDeviceSRPAuth)({ username, config, clientMetadata, session: response.Session, tokenOrchestrator, }); return response; } //# sourceMappingURL=handlePasswordVerifierChallenge.js.map