chore(auth): Refactor to eliminate circular dependencies (#14173)

* chore(auth): Refactor to eliminate circular dependencies

* Bump size limit

Author: cshfang

packages/auth/__tests__/client/flows/shared/handlePasswordSRP.test.ts

@@ -6,7 +6,9 @@ import { createCognitoUserPoolEndpointResolver } from '../../../../src/providers
 import { getAuthenticationHelper } from '../../../../src/providers/cognito/utils/srp';
 import { getUserContextData } from '../../../../src/providers/cognito/utils/userContextData';
 import { handlePasswordSRP } from '../../../../src/client/flows/shared/handlePasswordSRP';
-import * as signInHelpers from '../../../../src/providers/cognito/utils/signInHelpers';
+import { handlePasswordVerifierChallenge } from '../../../../src/providers/cognito/utils/handlePasswordVerifierChallenge';
+import { retryOnResourceNotFoundException } from '../../../../src/providers/cognito/utils/retryOnResourceNotFoundException';
+import { setActiveSignInUsername } from '../../../../src/providers/cognito/utils/setActiveSignInUsername';
 
 // Mock dependencies
 jest.mock(
@@ -15,14 +17,13 @@ jest.mock(
 jest.mock('../../../../src/providers/cognito/factories');
 jest.mock('../../../../src/providers/cognito/utils/srp');
 jest.mock('../../../../src/providers/cognito/utils/userContextData');
-jest.mock('../../../../src/providers/cognito/utils/signInHelpers', () => ({
-	...jest.requireActual(
-		'../../../../src/providers/cognito/utils/signInHelpers',
-	),
-	setActiveSignInUsername: jest.fn(),
-	handlePasswordVerifierChallenge: jest.fn(),
-	retryOnResourceNotFoundException: jest.fn(),
-}));
+jest.mock(
+	'../../../../src/providers/cognito/utils/handlePasswordVerifierChallenge',
+);
+jest.mock(
+	'../../../../src/providers/cognito/utils/retryOnResourceNotFoundException',
+);
+jest.mock('../../../../src/providers/cognito/utils/setActiveSignInUsername');
 
 describe('handlePasswordSRP', () => {
 	const mockConfig = {
@@ -31,6 +32,13 @@ describe('handlePasswordSRP', () => {
 		userPoolEndpoint: 'test-endpoint',
 	};
 
+	const mockHandlePasswordVerifierChallenge = jest.mocked(
+		handlePasswordVerifierChallenge,
+	);
+	const mockRetryOnResourceNotFoundException = jest.mocked(
+		retryOnResourceNotFoundException,
+	);
+	const mockSetActiveSignInUsername = jest.mocked(setActiveSignInUsername);
 	const mockInitiateAuth = jest.fn();
 	const mockCreateEndpointResolver = jest.fn();
 	const mockAuthenticationHelper = {
@@ -53,9 +61,9 @@ describe('handlePasswordSRP', () => {
 		(getUserContextData as jest.Mock).mockReturnValue({
 			UserContextData: 'test',
 		});
-		(
-			signInHelpers.retryOnResourceNotFoundException as jest.Mock
-		).mockImplementation((fn, args) => fn(...args));
+		mockRetryOnResourceNotFoundException.mockImplementation((fn, args) =>
+			fn(...args),
+		);
 		mockInitiateAuth.mockResolvedValue({
 			ChallengeParameters: { USERNAME: 'testuser' },
 			Session: 'test-session',
@@ -173,8 +181,8 @@ describe('handlePasswordSRP', () => {
 			authFlow: 'USER_AUTH',
 		});
 
-		expect(signInHelpers.retryOnResourceNotFoundException).toHaveBeenCalledWith(
-			signInHelpers.handlePasswordVerifierChallenge,
+		expect(mockRetryOnResourceNotFoundException).toHaveBeenCalledWith(
+			mockHandlePasswordVerifierChallenge,
 			[
 				password,
 				challengeParameters,
@@ -208,9 +216,7 @@ describe('handlePasswordSRP', () => {
 		});
 
 		expect(result).toEqual(mockResponse);
-		expect(
-			signInHelpers.retryOnResourceNotFoundException,
-		).not.toHaveBeenCalled();
+		expect(mockRetryOnResourceNotFoundException).not.toHaveBeenCalled();
 	});
 
 	test('should handle client metadata when provided', async () => {
@@ -254,9 +260,7 @@ describe('handlePasswordSRP', () => {
 			authFlow: 'USER_SRP_AUTH',
 		});
 
-		expect(signInHelpers.setActiveSignInUsername).toHaveBeenCalledWith(
-			challengeUsername,
-		);
+		expect(mockSetActiveSignInUsername).toHaveBeenCalledWith(challengeUsername);
 	});
 
 	test('should call handlePasswordVerifierChallenge with correct parameters', async () => {
@@ -285,8 +289,8 @@ describe('handlePasswordSRP', () => {
 			authFlow: 'USER_SRP_AUTH',
 		});
 
-		expect(signInHelpers.retryOnResourceNotFoundException).toHaveBeenCalledWith(
-			signInHelpers.handlePasswordVerifierChallenge,
+		expect(mockRetryOnResourceNotFoundException).toHaveBeenCalledWith(
+			mockHandlePasswordVerifierChallenge,
 			[
 				password,
 				challengeParameters,
@@ -341,9 +345,7 @@ describe('handlePasswordSRP', () => {
 			authFlow: 'USER_AUTH',
 		});
 
-		expect(signInHelpers.setActiveSignInUsername).toHaveBeenCalledWith(
-			username,
-		);
+		expect(mockSetActiveSignInUsername).toHaveBeenCalledWith(username);
 	});
 
 	test('should not add PREFERRED_CHALLENGE for USER_AUTH when preferredChallenge is undefined', async () => {

packages/auth/__tests__/client/flows/userAuth/handleSelectChallengeWithPassword.test.ts

@@ -5,20 +5,15 @@ import { createRespondToAuthChallengeClient } from '../../../../src/foundation/f
 import { createCognitoUserPoolEndpointResolver } from '../../../../src/providers/cognito/factories';
 import { getUserContextData } from '../../../../src/providers/cognito/utils/userContextData';
 import { handleSelectChallengeWithPassword } from '../../../../src/client/flows/userAuth/handleSelectChallengeWithPassword';
-import * as signInHelpers from '../../../../src/providers/cognito/utils/signInHelpers';
+import { setActiveSignInUsername } from '../../../../src/providers/cognito/utils/setActiveSignInUsername';
 
 // Mock dependencies
 jest.mock(
 	'../../../../src/foundation/factories/serviceClients/cognitoIdentityProvider',
 );
 jest.mock('../../../../src/providers/cognito/factories');
 jest.mock('../../../../src/providers/cognito/utils/userContextData');
-jest.mock('../../../../src/providers/cognito/utils/signInHelpers', () => ({
-	...jest.requireActual(
-		'../../../../src/providers/cognito/utils/signInHelpers',
-	),
-	setActiveSignInUsername: jest.fn(),
-}));
+jest.mock('../../../../src/providers/cognito/utils/setActiveSignInUsername');
 
 describe('handlePasswordChallenge', () => {
 	const mockConfig = {
@@ -27,6 +22,7 @@ describe('handlePasswordChallenge', () => {
 		userPoolEndpoint: 'test-endpoint',
 	};
 
+	const mockSetActiveSignInUsername = jest.mocked(setActiveSignInUsername);
 	const mockRespondToAuthChallenge = jest.fn();
 	const mockCreateEndpointResolver = jest.fn();
 
@@ -124,9 +120,7 @@ describe('handlePasswordChallenge', () => {
 			session,
 		);
 
-		expect(signInHelpers.setActiveSignInUsername).toHaveBeenCalledWith(
-			challengeUsername,
-		);
+		expect(mockSetActiveSignInUsername).toHaveBeenCalledWith(challengeUsername);
 	});
 
 	test('should set active username as original username when challenge parameters are missing', async () => {
@@ -148,9 +142,7 @@ describe('handlePasswordChallenge', () => {
 			session,
 		);
 
-		expect(signInHelpers.setActiveSignInUsername).toHaveBeenCalledWith(
-			username,
-		);
+		expect(mockSetActiveSignInUsername).toHaveBeenCalledWith(username);
 	});
 
 	test('should throw error when respondToAuthChallenge fails', async () => {

packages/auth/__tests__/client/flows/userAuth/handleSelectChallengeWithPasswordSRP.test.ts

@@ -5,7 +5,9 @@ import { createRespondToAuthChallengeClient } from '../../../../src/foundation/f
 import { getAuthenticationHelper } from '../../../../src/providers/cognito/utils/srp';
 import { getUserContextData } from '../../../../src/providers/cognito/utils/userContextData';
 import { handleSelectChallengeWithPasswordSRP } from '../../../../src/client/flows/userAuth/handleSelectChallengeWithPasswordSRP';
-import * as signInHelpers from '../../../../src/providers/cognito/utils/signInHelpers';
+import { handlePasswordVerifierChallenge } from '../../../../src/providers/cognito/utils/handlePasswordVerifierChallenge';
+import { retryOnResourceNotFoundException } from '../../../../src/providers/cognito/utils/retryOnResourceNotFoundException';
+import { setActiveSignInUsername } from '../../../../src/providers/cognito/utils/setActiveSignInUsername';
 
 // Mock dependencies
 jest.mock(
@@ -14,14 +16,13 @@ jest.mock(
 jest.mock('../../../../src/providers/cognito/factories');
 jest.mock('../../../../src/providers/cognito/utils/srp');
 jest.mock('../../../../src/providers/cognito/utils/userContextData');
-jest.mock('../../../../src/providers/cognito/utils/signInHelpers', () => ({
-	...jest.requireActual(
-		'../../../../src/providers/cognito/utils/signInHelpers',
-	),
-	setActiveSignInUsername: jest.fn(),
-	handlePasswordVerifierChallenge: jest.fn(),
-	retryOnResourceNotFoundException: jest.fn(),
-}));
+jest.mock(
+	'../../../../src/providers/cognito/utils/handlePasswordVerifierChallenge',
+);
+jest.mock(
+	'../../../../src/providers/cognito/utils/retryOnResourceNotFoundException',
+);
+jest.mock('../../../../src/providers/cognito/utils/setActiveSignInUsername');
 
 describe('handleSelectChallengeWithPasswordSRP', () => {
 	const mockConfig = {
@@ -35,6 +36,13 @@ describe('handleSelectChallengeWithPasswordSRP', () => {
 		clearDeviceMetadata: jest.fn(),
 	} as any;
 
+	const mockHandlePasswordVerifierChallenge = jest.mocked(
+		handlePasswordVerifierChallenge,
+	);
+	const mockRetryOnResourceNotFoundException = jest.mocked(
+		retryOnResourceNotFoundException,
+	);
+	const mockSetActiveSignInUsername = jest.mocked(setActiveSignInUsername);
 	const mockRespondToAuthChallenge = jest.fn();
 	const mockAuthenticationHelper = {
 		A: { toString: () => '123456' },
@@ -108,13 +116,12 @@ describe('handleSelectChallengeWithPasswordSRP', () => {
 		};
 
 		mockRespondToAuthChallenge.mockResolvedValueOnce(verifierResponse);
-		(
-			signInHelpers.retryOnResourceNotFoundException as jest.Mock
-		).mockImplementation((fn, args) => fn(...args));
-		(
-			signInHelpers.handlePasswordVerifierChallenge as jest.Mock
-		).mockResolvedValue({
+		mockRetryOnResourceNotFoundException.mockImplementation((fn, args) =>
+			fn(...args),
+		);
+		mockHandlePasswordVerifierChallenge.mockResolvedValue({
 			AuthenticationResult: { AccessToken: 'token' },
+			$metadata: {},
 		});
 
 		await handleSelectChallengeWithPasswordSRP(
@@ -126,8 +133,8 @@ describe('handleSelectChallengeWithPasswordSRP', () => {
 			mockTokenOrchestrator,
 		);
 
-		expect(signInHelpers.retryOnResourceNotFoundException).toHaveBeenCalledWith(
-			signInHelpers.handlePasswordVerifierChallenge,
+		expect(mockRetryOnResourceNotFoundException).toHaveBeenCalledWith(
+			mockHandlePasswordVerifierChallenge,
 			[
 				password,
 				verifierResponse.ChallengeParameters,
@@ -188,9 +195,7 @@ describe('handleSelectChallengeWithPasswordSRP', () => {
 			mockTokenOrchestrator,
 		);
 
-		expect(signInHelpers.setActiveSignInUsername).toHaveBeenCalledWith(
-			challengeUsername,
-		);
+		expect(mockSetActiveSignInUsername).toHaveBeenCalledWith(challengeUsername);
 	});
 
 	test('should use original username when ChallengeParameters is undefined', async () => {
@@ -215,9 +220,7 @@ describe('handleSelectChallengeWithPasswordSRP', () => {
 		);
 
 		// Verify it falls back to the original username
-		expect(signInHelpers.setActiveSignInUsername).toHaveBeenCalledWith(
-			username,
-		);
+		expect(mockSetActiveSignInUsername).toHaveBeenCalledWith(username);
 	});
 
 	test('should handle userPoolId without second part after underscore', async () => {

packages/auth/__tests__/providers/cognito/getNewDeviceMetadata.test.ts

@@ -5,7 +5,7 @@ import { Amplify } from '@aws-amplify/core';
 
 import { AuthError } from '../../../src/errors/AuthError';
 import { ConfirmDeviceException } from '../../../src/providers/cognito/types/errors';
-import { getNewDeviceMetadata } from '../../../src/providers/cognito/utils/signInHelpers';
+import { getNewDeviceMetadata } from '../../../src/providers/cognito/utils/getNewDeviceMetadata';
 import { createCognitoUserPoolEndpointResolver } from '../../../src/providers/cognito/factories';
 import { createConfirmDeviceClient } from '../../../src/foundation/factories/serviceClients/cognitoIdentityProvider';
 

packages/auth/__tests__/providers/cognito/utils/signInHelpers/handleWebAuthnSignInResult.test.ts

@@ -19,6 +19,11 @@ import {
 	assertCredentialIsPkcWithAuthenticatorAssertionResponse,
 	assertCredentialIsPkcWithAuthenticatorAttestationResponse,
 } from '../../../../../src/client/utils/passkey/types';
+import { AuthSignInOutput } from '../../../../../src/types';
+import {
+	ChallengeName,
+	ChallengeParameters,
+} from '../../../../../src/foundation/factories/serviceClients/cognitoIdentityProvider/types';
 
 jest.mock('@aws-amplify/core', () => ({
 	...(jest.createMockFromModule('@aws-amplify/core') as object),
@@ -101,6 +106,7 @@ describe('handleWebAuthnSignInResult', () => {
 			expect(error.name).toBe(AuthErrorCodes.SignInException);
 		}
 	});
+
 	it('should throw an error when CREDENTIAL_REQUEST_OPTIONS is empty', async () => {
 		expect.assertions(2);
 		try {
@@ -166,9 +172,51 @@ describe('handleWebAuthnSignInResult', () => {
 		mockCacheCognitoTokens.mockResolvedValue(undefined);
 		mockDispatchSignedInHubEvent.mockResolvedValue(undefined);
 
-		const result = await handleWebAuthnSignInResult(challengeParameters);
+		const result = (await handleWebAuthnSignInResult(
+			challengeParameters,
+		)) as AuthSignInOutput;
 
 		expect(result.isSignedIn).toBe(true);
 		expect(result.nextStep.signInStep).toBe('DONE');
 	});
+
+	it('should return the next challenge', async () => {
+		mockStoreGetState.mockReturnValue({
+			username,
+			challengeName,
+			signInSession,
+		});
+		mockRespondToAuthChallenge.mockResolvedValue(
+			authAPITestParams.CustomChallengeResponse,
+		);
+		mockCacheCognitoTokens.mockResolvedValue(undefined);
+		mockDispatchSignedInHubEvent.mockResolvedValue(undefined);
+
+		const result = (await handleWebAuthnSignInResult(challengeParameters)) as {
+			challengeName: ChallengeName;
+			challengeParameters: ChallengeParameters;
+		};
+
+		expect(result.challengeName).toBe(
+			authAPITestParams.CustomChallengeResponse.ChallengeName,
+		);
+	});
+
+	it('should throw an error if next challenge is WEB_AUTHN', async () => {
+		mockStoreGetState.mockReturnValue({
+			username,
+			challengeName,
+			signInSession,
+		});
+		mockRespondToAuthChallenge.mockResolvedValue({
+			ChallengeName: 'WEB_AUTHN',
+			Session: 'Session',
+		});
+		mockCacheCognitoTokens.mockResolvedValue(undefined);
+		mockDispatchSignedInHubEvent.mockResolvedValue(undefined);
+
+		await expect(
+			handleWebAuthnSignInResult(challengeParameters),
+		).rejects.toThrow('Sequential WEB_AUTHN challenges returned');
+	});
 });

packages/auth/src/client/flows/shared/handlePasswordSRP.ts

@@ -13,16 +13,14 @@ import {
 	RespondToAuthChallengeCommandOutput,
 } from '../../../foundation/factories/serviceClients/cognitoIdentityProvider/types';
 import { getAuthenticationHelper } from '../../../providers/cognito/utils/srp';
-import {
-	handlePasswordVerifierChallenge,
-	retryOnResourceNotFoundException,
-	setActiveSignInUsername,
-} from '../../../providers/cognito/utils/signInHelpers';
 import { createInitiateAuthClient } from '../../../foundation/factories/serviceClients/cognitoIdentityProvider';
 import { createCognitoUserPoolEndpointResolver } from '../../../providers/cognito/factories';
 import { getRegionFromUserPoolId } from '../../../foundation/parsers';
 import { getAuthUserAgentValue } from '../../../utils';
 import { AuthFactorType } from '../../../providers/cognito/types/models';
+import { handlePasswordVerifierChallenge } from '../../../providers/cognito/utils/handlePasswordVerifierChallenge';
+import { retryOnResourceNotFoundException } from '../../../providers/cognito/utils/retryOnResourceNotFoundException';
+import { setActiveSignInUsername } from '../../../providers/cognito/utils/setActiveSignInUsername';
 
 interface HandlePasswordSRPInput {
 	username: string;

packages/auth/src/client/flows/userAuth/handleSelectChallengeWithPassword.ts

@@ -11,7 +11,7 @@ import { getRegionFromUserPoolId } from '../../../foundation/parsers';
 import { getAuthUserAgentValue } from '../../../utils';
 import { getUserContextData } from '../../../providers/cognito/utils/userContextData';
 import { RespondToAuthChallengeCommandOutput } from '../../../foundation/factories/serviceClients/cognitoIdentityProvider/types';
-import { setActiveSignInUsername } from '../../../providers/cognito/utils/signInHelpers';
+import { setActiveSignInUsername } from '../../../providers/cognito/utils/setActiveSignInUsername';
 
 /**
  * Handles the SELECT_CHALLENGE response specifically for Password authentication.

packages/auth/src/client/flows/userAuth/handleSelectChallengeWithPasswordSRP.ts

@@ -16,11 +16,9 @@ import { getRegionFromUserPoolId } from '../../../foundation/parsers';
 import { getAuthUserAgentValue } from '../../../utils';
 import { getAuthenticationHelper } from '../../../providers/cognito/utils/srp';
 import { getUserContextData } from '../../../providers/cognito/utils/userContextData';
-import {
-	handlePasswordVerifierChallenge,
-	retryOnResourceNotFoundException,
-	setActiveSignInUsername,
-} from '../../../providers/cognito/utils/signInHelpers';
+import { setActiveSignInUsername } from '../../../providers/cognito/utils/setActiveSignInUsername';
+import { retryOnResourceNotFoundException } from '../../../providers/cognito/utils/retryOnResourceNotFoundException';
+import { handlePasswordVerifierChallenge } from '../../../providers/cognito/utils/handlePasswordVerifierChallenge';
 
 /**
  * Handles the SELECT_CHALLENGE response specifically for Password SRP authentication.