Skip to content

Commit 87ce6ad

Browse files
committed
chore add email mfa to sdk_bridge and state machine
1 parent 7b07d77 commit 87ce6ad

File tree

2 files changed

+48
-7
lines changed

2 files changed

+48
-7
lines changed

packages/auth/amplify_auth_cognito_dart/lib/src/sdk/sdk_bridge.dart

Lines changed: 27 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@ extension ChallengeNameTypeBridge on ChallengeNameType {
3232
AuthSignInStep.continueSignInWithTotpSetup,
3333
ChallengeNameType.softwareTokenMfa =>
3434
AuthSignInStep.confirmSignInWithTotpMfaCode,
35+
// TODO(khatruong2009): confirm ChallengeNameType.emailMfa is added to SDK
36+
ChallengeNameType.emailMfa => AuthSignInStep.confirmSignInWithEmailMfaCode,
3537
ChallengeNameType.adminNoSrpAuth ||
3638
ChallengeNameType.passwordVerifier ||
3739
ChallengeNameType.devicePasswordVerifier ||
@@ -795,6 +797,7 @@ extension MfaSettings on CognitoIdentityProviderClient {
795797
required String accessToken,
796798
MfaPreference? sms,
797799
MfaPreference? totp,
800+
MfaPreference? email,
798801
}) async {
799802
final UserMfaPreference(
800803
enabled: currentEnabled,
@@ -811,6 +814,7 @@ extension MfaSettings on CognitoIdentityProviderClient {
811814
final explicitlyDisabled = switch (mfaType) {
812815
MfaType.sms => sms == MfaPreference.disabled,
813816
MfaType.totp => totp == MfaPreference.disabled,
817+
MfaType.email => email == MfaPreference.disabled,
814818
};
815819
if (explicitlyDisabled) {
816820
return false;
@@ -819,39 +823,50 @@ extension MfaSettings on CognitoIdentityProviderClient {
819823
final requestingEnabled = switch (mfaType) {
820824
MfaType.sms => enabledValues.contains(sms),
821825
MfaType.totp => enabledValues.contains(totp),
826+
MfaType.email => enabledValues.contains(email),
822827
};
823828
return currentlyEnabled || requestingEnabled;
824829
}
825830

826-
final preferred = switch ((currentPreference, sms: sms, totp: totp)) {
831+
final preferred = switch ((currentPreference, sms: sms, totp: totp, email: email)) {
827832
// Prevent an invalid choice.
828-
(_, sms: MfaPreference.preferred, totp: MfaPreference.preferred) =>
833+
(_, sms: MfaPreference.preferred, totp: MfaPreference.preferred, email: MfaPreference.preferred) =>
829834
throw const InvalidParameterException(
830-
'Cannot assign both SMS and TOTP as preferred',
835+
'Cannot assign multiple MFA methods as preferred',
831836
),
832837

833838
// Setting one or the other as preferred overrides previous value.
834-
(_, sms: MfaPreference.preferred, totp: != MfaPreference.preferred) =>
839+
(_, sms: MfaPreference.preferred, totp: != MfaPreference.preferred, email: != MfaPreference.preferred) =>
835840
MfaType.sms,
836-
(_, sms: != MfaPreference.preferred, totp: MfaPreference.preferred) =>
841+
(_, sms: != MfaPreference.preferred, totp: MfaPreference.preferred, email: != MfaPreference.preferred) =>
837842
MfaType.totp,
843+
(_, sms: != MfaPreference.preferred, totp: != MfaPreference.preferred, email: MfaPreference.preferred) =>
844+
MfaType.email,
838845

839846
// Setting one or the other as disabled or not preferred removes current
840847
// preference if it matches.
841848
(
842849
MfaType.sms,
843850
sms: MfaPreference.notPreferred || MfaPreference.disabled,
844851
totp: _,
852+
email: _,
845853
) ||
846854
(
847855
MfaType.totp,
848856
sms: _,
849857
totp: MfaPreference.notPreferred || MfaPreference.disabled,
858+
email: _,
859+
) ||
860+
(
861+
MfaType.email,
862+
sms: _,
863+
totp: _,
864+
email: MfaPreference.notPreferred || MfaPreference.disabled,
850865
) =>
851866
null,
852867

853868
// Ignore preference changes which do not affect the current preference.
854-
(final currentPreference, sms: _, totp: _) => currentPreference,
869+
(final currentPreference, sms: _, totp: _, email: _) => currentPreference,
855870
};
856871
final smsMfaSettings = SmsMfaSettingsType(
857872
enabled: isEnabled(MfaType.sms),
@@ -861,6 +876,11 @@ extension MfaSettings on CognitoIdentityProviderClient {
861876
enabled: isEnabled(MfaType.totp),
862877
preferredMfa: preferred == MfaType.totp,
863878
);
879+
// TODO(khatruong2009): confirm EmailMfaSettingsType is added to SDK
880+
final emailMfaSettings = EmailMfaSettingsType(
881+
enabled: isEnabled(MfaType.email),
882+
preferredMfa: preferred == MfaType.email,
883+
);
864884
await setUserMfaPreference(
865885
SetUserMfaPreferenceRequest(
866886
accessToken: accessToken,
@@ -876,6 +896,7 @@ extension on String {
876896
MfaType get mfaType => switch (this) {
877897
'SOFTWARE_TOKEN_MFA' => MfaType.totp,
878898
'SMS_MFA' => MfaType.sms,
899+
'EMAIL_MFA' => MfaType.email,
879900
final invalidType => throw StateError('Invalid MFA type: $invalidType'),
880901
};
881902
}

packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -211,6 +211,7 @@ final class SignInStateMachine
211211
(type) => switch (type) {
212212
'SOFTWARE_TOKEN_MFA' => MfaType.totp,
213213
'SMS_MFA' => MfaType.sms,
214+
'EMAIL_MFA' => MfaType.email,
214215
_ => () {
215216
logger.error('Unrecognized MFA type: $type');
216217
return null;
@@ -449,6 +450,24 @@ final class SignInStateMachine
449450
});
450451
}
451452

453+
/// Creates the response object for an Email MFA challenge.
454+
@protected
455+
Future<RespondToAuthChallengeRequest> createEmailMfaRequest(
456+
SignInRespondToChallenge event,
457+
) async {
458+
_enableMfaType = MfaType.email;
459+
return RespondToAuthChallengeRequest.build((b) {
460+
b
461+
..clientId = config.appClientId
462+
..challengeName = _challengeName
463+
..challengeResponses.addAll({
464+
CognitoConstants.challengeParamUsername: cognitoUsername,
465+
CognitoConstants.challengeParamEmailMfaCode: event.answer,
466+
})
467+
..clientMetadata.addAll(event.clientMetadata);
468+
});
469+
}
470+
452471
/// Creates the response object for a new password challenge.
453472
@protected
454473
Future<RespondToAuthChallengeRequest> createNewPasswordRequest(
@@ -667,7 +686,8 @@ final class SignInStateMachine
667686
CognitoConstants.challengeParamAnswer: switch (selection) {
668687
'sms' => 'SMS_MFA',
669688
'totp' => 'SOFTWARE_TOKEN_MFA',
670-
_ => throw ArgumentError('Must be either SMS or TOTP'),
689+
'email' => 'EMAIL_MFA',
690+
_ => throw ArgumentError('Must be either SMS, Email, or TOTP'),
671691
},
672692
})
673693
..clientId = _authOutputs.userPoolClientId

0 commit comments

Comments
 (0)