chore add email mfa to sdk_bridge and state machine

khatruong2009 · khatruong2009 · commit 87ce6ad9870d · 2024-09-18T09:16:22.000-07:00
diff --git a/packages/auth/amplify_auth_cognito_dart/lib/src/sdk/sdk_bridge.dart b/packages/auth/amplify_auth_cognito_dart/lib/src/sdk/sdk_bridge.dart
@@ -32,6 +32,8 @@ extension ChallengeNameTypeBridge on ChallengeNameType {
           AuthSignInStep.continueSignInWithTotpSetup,
         ChallengeNameType.softwareTokenMfa =>
           AuthSignInStep.confirmSignInWithTotpMfaCode,
+        // TODO(khatruong2009): confirm ChallengeNameType.emailMfa is added to SDK
+        ChallengeNameType.emailMfa => AuthSignInStep.confirmSignInWithEmailMfaCode,
         ChallengeNameType.adminNoSrpAuth ||
         ChallengeNameType.passwordVerifier ||
         ChallengeNameType.devicePasswordVerifier ||
@@ -795,6 +797,7 @@ extension MfaSettings on CognitoIdentityProviderClient {
     required String accessToken,
     MfaPreference? sms,
     MfaPreference? totp,
+    MfaPreference? email,
   }) async {
     final UserMfaPreference(
       enabled: currentEnabled,
@@ -811,6 +814,7 @@ extension MfaSettings on CognitoIdentityProviderClient {
       final explicitlyDisabled = switch (mfaType) {
         MfaType.sms => sms == MfaPreference.disabled,
         MfaType.totp => totp == MfaPreference.disabled,
+        MfaType.email => email == MfaPreference.disabled,
       };
       if (explicitlyDisabled) {
         return false;
@@ -819,39 +823,50 @@ extension MfaSettings on CognitoIdentityProviderClient {
       final requestingEnabled = switch (mfaType) {
         MfaType.sms => enabledValues.contains(sms),
         MfaType.totp => enabledValues.contains(totp),
+        MfaType.email => enabledValues.contains(email),
       };
       return currentlyEnabled || requestingEnabled;
     }
 
-    final preferred = switch ((currentPreference, sms: sms, totp: totp)) {
+    final preferred = switch ((currentPreference, sms: sms, totp: totp, email: email)) {
       // Prevent an invalid choice.
-      (_, sms: MfaPreference.preferred, totp: MfaPreference.preferred) =>
+      (_, sms: MfaPreference.preferred, totp: MfaPreference.preferred, email: MfaPreference.preferred) =>
         throw const InvalidParameterException(
-          'Cannot assign both SMS and TOTP as preferred',
+          'Cannot assign multiple MFA methods as preferred',
         ),
 
       // Setting one or the other as preferred overrides previous value.
-      (_, sms: MfaPreference.preferred, totp: != MfaPreference.preferred) =>
+      (_, sms: MfaPreference.preferred, totp: != MfaPreference.preferred, email: != MfaPreference.preferred) =>
         MfaType.sms,
-      (_, sms: != MfaPreference.preferred, totp: MfaPreference.preferred) =>
+      (_, sms: != MfaPreference.preferred, totp: MfaPreference.preferred, email: != MfaPreference.preferred) =>
         MfaType.totp,
+      (_, sms: != MfaPreference.preferred, totp: != MfaPreference.preferred, email: MfaPreference.preferred) =>
+        MfaType.email,
 
       // Setting one or the other as disabled or not preferred removes current
       // preference if it matches.
       (
         MfaType.sms,
         sms: MfaPreference.notPreferred || MfaPreference.disabled,
         totp: _,
+        email: _,
       ) ||
       (
         MfaType.totp,
         sms: _,
         totp: MfaPreference.notPreferred || MfaPreference.disabled,
+        email: _,
+      ) ||
+      (
+        MfaType.email,
+        sms: _,
+        totp: _,
+        email: MfaPreference.notPreferred || MfaPreference.disabled,
       ) =>
         null,
 
       // Ignore preference changes which do not affect the current preference.
-      (final currentPreference, sms: _, totp: _) => currentPreference,
+      (final currentPreference, sms: _, totp: _, email: _) => currentPreference,
     };
     final smsMfaSettings = SmsMfaSettingsType(
       enabled: isEnabled(MfaType.sms),
@@ -861,6 +876,11 @@ extension MfaSettings on CognitoIdentityProviderClient {
       enabled: isEnabled(MfaType.totp),
       preferredMfa: preferred == MfaType.totp,
     );
+    // TODO(khatruong2009): confirm EmailMfaSettingsType is added to SDK
+    final emailMfaSettings = EmailMfaSettingsType(
+      enabled: isEnabled(MfaType.email),
+      preferredMfa: preferred == MfaType.email,
+    );
     await setUserMfaPreference(
       SetUserMfaPreferenceRequest(
         accessToken: accessToken,
@@ -876,6 +896,7 @@ extension on String {
   MfaType get mfaType => switch (this) {
         'SOFTWARE_TOKEN_MFA' => MfaType.totp,
         'SMS_MFA' => MfaType.sms,
+        'EMAIL_MFA' => MfaType.email,
         final invalidType => throw StateError('Invalid MFA type: $invalidType'),
       };
 }
diff --git a/packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart b/packages/auth/amplify_auth_cognito_dart/lib/src/state/machines/sign_in_state_machine.dart
@@ -211,6 +211,7 @@ final class SignInStateMachine
           (type) => switch (type) {
             'SOFTWARE_TOKEN_MFA' => MfaType.totp,
             'SMS_MFA' => MfaType.sms,
+            'EMAIL_MFA' => MfaType.email,
             _ => () {
                 logger.error('Unrecognized MFA type: $type');
                 return null;
@@ -449,6 +450,24 @@ final class SignInStateMachine
     });
   }
 
+  /// Creates the response object for an Email MFA challenge.
+  @protected
+  Future<RespondToAuthChallengeRequest> createEmailMfaRequest(
+    SignInRespondToChallenge event,
+  ) async {
+    _enableMfaType = MfaType.email;
+    return RespondToAuthChallengeRequest.build((b) {
+      b
+        ..clientId = config.appClientId
+        ..challengeName = _challengeName
+        ..challengeResponses.addAll({
+          CognitoConstants.challengeParamUsername: cognitoUsername,
+          CognitoConstants.challengeParamEmailMfaCode: event.answer,
+        })
+        ..clientMetadata.addAll(event.clientMetadata);
+    });
+  }
+
   /// Creates the response object for a new password challenge.
   @protected
   Future<RespondToAuthChallengeRequest> createNewPasswordRequest(
@@ -667,7 +686,8 @@ final class SignInStateMachine
           CognitoConstants.challengeParamAnswer: switch (selection) {
             'sms' => 'SMS_MFA',
             'totp' => 'SOFTWARE_TOKEN_MFA',
-            _ => throw ArgumentError('Must be either SMS or TOTP'),
+            'email' => 'EMAIL_MFA',
+            _ => throw ArgumentError('Must be either SMS, Email, or TOTP'),
           },
         })
         ..clientId = _authOutputs.userPoolClientId
