feat: support for GetUser api

Co-authored-by: Jeff Go <j3p0ygo@gmail.com>

Author: jagregory

README.md

@@ -16,6 +16,7 @@ perfect, because it won't be.
 - [ConfirmSignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html)
 - [CreateUserPoolClient](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPoolClient.html)
 - [ForgotPassword](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html)
+- [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html)
 - [InitiateAuth](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html)
 - [ListUsers](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ListUsers.html)
 - [RespondToAuthChallenge](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html)

src/errors.ts

@@ -62,6 +62,12 @@ export class UnexpectedLambdaExceptionError extends CognitoError {
   }
 }
 
+export class InvalidParameterError extends CognitoError {
+  public constructor() {
+    super("InvalidParameterException", "Invalid parameter");
+  }
+}
+
 export const unsupported = (message: string, res: Response) => {
   console.error(`Cognito Local unsupported feature: ${message}`);
   return res.status(500).json({

src/services/tokens.ts

@@ -3,6 +3,18 @@ import * as uuid from "uuid";
 import PrivateKey from "../keys/cognitoLocal.private.json";
 import { User } from "./userPoolClient";
 
+export interface Token {
+  client_id: string;
+  iss: string;
+  sub: string;
+  token_use: string;
+  username: string;
+  event_id: string;
+  scope: string;
+  auth_time: Date;
+  jti: string;
+}
+
 export function generateTokens(
   user: User,
   clientId: string,

src/targets/getUser.test.ts

@@ -0,0 +1,125 @@
+import { advanceTo } from "jest-date-mock";
+import jwt from "jsonwebtoken";
+import * as uuid from "uuid";
+import { InvalidParameterError } from "../errors";
+import PrivateKey from "../keys/cognitoLocal.private.json";
+import { CognitoClient, UserPoolClient } from "../services";
+import { Triggers } from "../services/triggers";
+import { GetUser, GetUserTarget } from "./getUser";
+
+describe("GetUser target", () => {
+  let getUser: GetUserTarget;
+  let mockCognitoClient: jest.Mocked<CognitoClient>;
+  let mockUserPoolClient: jest.Mocked<UserPoolClient>;
+  let mockCodeDelivery: jest.Mock;
+  let mockTriggers: jest.Mocked<Triggers>;
+  let now: Date;
+
+  beforeEach(() => {
+    now = new Date(2020, 1, 2, 3, 4, 5);
+    advanceTo(now);
+
+    mockUserPoolClient = {
+      config: {
+        Id: "test",
+      },
+      createAppClient: jest.fn(),
+      getUserByUsername: jest.fn(),
+      listUsers: jest.fn(),
+      saveUser: jest.fn(),
+    };
+    mockCognitoClient = {
+      getUserPool: jest.fn().mockResolvedValue(mockUserPoolClient),
+      getUserPoolForClientId: jest.fn().mockResolvedValue(mockUserPoolClient),
+    };
+    mockCodeDelivery = jest.fn();
+    mockTriggers = {
+      enabled: jest.fn(),
+      postConfirmation: jest.fn(),
+      userMigration: jest.fn(),
+    };
+
+    getUser = GetUser({
+      cognitoClient: mockCognitoClient,
+      codeDelivery: mockCodeDelivery,
+      triggers: mockTriggers,
+    });
+  });
+
+  it("parses token get user by sub", async () => {
+    mockUserPoolClient.getUserByUsername.mockResolvedValue({
+      Attributes: [],
+      UserStatus: "CONFIRMED",
+      Password: "hunter2",
+      Username: "0000-0000",
+      Enabled: true,
+      UserCreateDate: new Date().getTime(),
+      UserLastModifiedDate: new Date().getTime(),
+      ConfirmationCode: "1234",
+    });
+
+    const output = await getUser({
+      AccessToken: jwt.sign(
+        {
+          sub: "0000-0000",
+          event_id: "0",
+          token_use: "access",
+          scope: "aws.cognito.signin.user.admin",
+          auth_time: new Date(),
+          jti: uuid.v4(),
+          client_id: "test",
+          username: "0000-0000",
+        },
+        PrivateKey.pem,
+        {
+          algorithm: "RS256",
+          issuer: `http://localhost:9229/test`,
+          expiresIn: "24h",
+          keyid: "CognitoLocal",
+        }
+      ),
+    });
+
+    expect(output).toBeDefined();
+    expect(output).toEqual({
+      UserAttributes: [],
+      Username: "0000-0000",
+    });
+  });
+
+  it("throws if token isn't valid", async () => {
+    await expect(
+      getUser({
+        AccessToken: "blah",
+      })
+    ).rejects.toBeInstanceOf(InvalidParameterError);
+  });
+
+  it("returns null if user doesn't exist", async () => {
+    mockUserPoolClient.getUserByUsername.mockResolvedValue(null);
+
+    const output = await getUser({
+      AccessToken: jwt.sign(
+        {
+          sub: "0000-0000",
+          event_id: "0",
+          token_use: "access",
+          scope: "aws.cognito.signin.user.admin",
+          auth_time: new Date(),
+          jti: uuid.v4(),
+          client_id: "test",
+          username: "0000-0000",
+        },
+        PrivateKey.pem,
+        {
+          algorithm: "RS256",
+          issuer: `http://localhost:9229/test`,
+          expiresIn: "24h",
+          keyid: "CognitoLocal",
+        }
+      ),
+    });
+
+    expect(output).toBeNull();
+  });
+});

src/targets/getUser.ts

@@ -0,0 +1,50 @@
+import jwt from "jsonwebtoken";
+import { InvalidParameterError } from "../errors";
+import log from "../log";
+import { Services } from "../services";
+import { Token } from "../services/tokens";
+import { MFAOption, UserAttribute } from "../services/userPoolClient";
+
+interface Input {
+  AccessToken: string;
+}
+
+interface Output {
+  Username: string;
+  UserAttributes: readonly UserAttribute[];
+  MFAOptions?: readonly MFAOption[];
+}
+
+export type GetUserTarget = (body: Input) => Promise<Output | null>;
+
+export const GetUser = ({ cognitoClient }: Services): GetUserTarget => async (
+  body
+) => {
+  const decodedToken = jwt.decode(body.AccessToken) as Token | null;
+  if (!decodedToken) {
+    log.info("Unable to decode token");
+    throw new InvalidParameterError();
+  }
+
+  const { sub, client_id } = decodedToken;
+  if (!sub || !client_id) {
+    return null;
+  }
+
+  const userPool = await cognitoClient.getUserPoolForClientId(client_id);
+  const user = await userPool.getUserByUsername(sub);
+  if (!user) {
+    return null;
+  }
+
+  const output: Output = {
+    Username: user.Username,
+    UserAttributes: user.Attributes,
+  };
+
+  if (user.MFAOptions) {
+    output.MFAOptions = user.MFAOptions;
+  }
+
+  return output;
+};

src/targets/router.ts

@@ -8,6 +8,7 @@ import { InitiateAuth } from "./initiateAuth";
 import { ListUsers } from "./listUsers";
 import { RespondToAuthChallenge } from "./respondToAuthChallenge";
 import { SignUp } from "./signUp";
+import { GetUser } from "./getUser";
 
 export const Targets = {
   ConfirmForgotPassword,
@@ -18,6 +19,7 @@ export const Targets = {
   ListUsers,
   RespondToAuthChallenge,
   SignUp,
+  GetUser,
 };
 
 type TargetName = keyof typeof Targets;