@gravitywelluk/aws/dist/cognito/create-cognito-admin-user.js

Library of commonly used AWS wrapper functions to communicate with the AWS SDK

"use strict";
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
}) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
    o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
    if (mod && mod.__esModule) return mod;
    var result = {};
    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
    __setModuleDefault(result, mod);
    return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.createCognitoAdminUser = void 0;
const Joi = __importStar(require("joi"));
const validation_utils_1 = require("@gravitywelluk/validation-utils");
const cognito_configure_1 = require("./cognito-configure");
const aws_error_1 = require("../utils/aws-error");
const utils_1 = require("./utils");
/**
 * Creates an admin user in Cognito and triggers the invitation email
 *
 * This kind of user will be sent an email containing a temporary password
 * The first time they use this temporary password to log in, they will be immediately prompted to change their password
 *
 * Wrapper for createCognitoUser to tidy up naming (making it clear that this is an admin user)
 * Needed for consistency with projects that still use createCognitoUser directly
 *
 * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#adminCreateUser-property
 * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CognitoIdentityServiceProvider.html#adminAddUserToGroup-property
 * @param createAdminUserParams - The parameters required to create an admin Cognito user
 * @param awsCognitoConfigOverrides - Configuration option overrides
 */
const createCognitoAdminUser = async (createAdminUserParams, awsCognitoConfigOverrides = {}) => {
    const cognito = (0, cognito_configure_1.cognitoConfigure)(awsCognitoConfigOverrides);
    const { error } = Joi.object({
        userPoolId: Joi.string().required(),
        email: Joi.string().email(),
        emailVerified: Joi.boolean().optional(),
        groups: Joi.array().items(Joi.string().optional()).optional()
    }).validate(createAdminUserParams);
    // Error if there any Joi validation errors
    if (error) {
        throw new validation_utils_1.JoiError(error);
    }
    // If createUserParams.groups are provided, get the current Cognito groups
    // with the given user pool
    if (createAdminUserParams.groups && createAdminUserParams.groups.length > 0) {
        // Get all of the Cognito groups for the given user pool
        const allCognitoGroups = await (0, utils_1.cognitoListGroups)(cognito, { UserPoolId: createAdminUserParams.userPoolId });
        // Validate that the given createUserParams.groups match the allCognitoGroups
        const { error: joiCognitoGroupsError } = Joi.array().items(Joi.string().valid(...allCognitoGroups).required()).validate(createAdminUserParams.groups);
        // Error if there any Joi validation errors regarding the given groups now
        // we have sight of the groups that can be chosen (allCognitoGroups)
        if (joiCognitoGroupsError) {
            throw new validation_utils_1.JoiError(joiCognitoGroupsError);
        }
    }
    // Create the Cognito user and add them to the given groups
    try {
        const { User } = await cognito.adminCreateUser({
            UserPoolId: createAdminUserParams.userPoolId,
            Username: createAdminUserParams.email,
            UserAttributes: [
                {
                    Name: "email",
                    Value: createAdminUserParams.email
                },
                {
                    Name: "email_verified",
                    Value: createAdminUserParams.emailVerified ? "True" : "False"
                }
            ]
        }).promise();
        // If createUserParams.groups are provided, add the user to the given groups
        if (createAdminUserParams.groups && createAdminUserParams.groups.length > 0) {
            for (const group of createAdminUserParams.groups) {
                // Only add the user to the group if the user has a username
                if (User === null || User === void 0 ? void 0 : User.Username) {
                    await cognito.adminAddUserToGroup({
                        GroupName: group,
                        Username: User.Username,
                        UserPoolId: createAdminUserParams.userPoolId
                    }).promise();
                }
            }
        }
        return User;
    }
    catch (error) {
        throw new aws_error_1.AwsError(error);
    }
};
exports.createCognitoAdminUser = createCognitoAdminUser;