Parameterized cognito values and fixed api gateway response

README.md

@@ -1,4 +1,6 @@
 ### Why
+* Serves as a guide on how to use the Cognito Admin Java SDK
+* QuickStart for any custom IdP--> Cognito migration backend
 
 [Serverless Application Model -- How-To](https://github.com/awslabs/serverless-application-model/blob/master/HOWTO.md)
 

build.gradle

@@ -81,6 +81,8 @@ dependencies {
     // GSON
     compile 'com.google.code.gson:gson:2.8.0'
 
+    compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.0'
+
     testCompile 'junit:junit:4.11'
     testCompile "org.jetbrains.kotlin:kotlin-test-junit:$kotlin_version"
 }

sam.yaml

@@ -1,4 +1,14 @@
 Transform: AWS::Serverless-2016-10-31
+Parameters:
+  RegionParameter:
+    Type: String
+    Default: us-east-1
+  CognitoUserPoolIdParameter:
+    Type: String
+    Default: us-east-1_PGSbCVZ7S
+  CognitoAppClientIdParameter:
+    Type: String
+    Default: hikoo0i7jmt9lplrd2j0n9jqo
 Resources:
   UserSignup:
     Type: AWS::Serverless::Function
@@ -9,18 +19,21 @@ Resources:
        - AmazonCognitoPowerUser
       Runtime: java8
       MemorySize: 1024
-      Timeout: 15
+      Timeout: 20
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
       Environment:
         Variables:
-          REGION_NAME: REGION_CHANGE_ME
-          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
-          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
+          REGION_NAME: 
+            Ref: RegionParameter
+          COGNITO_USER_POOL_ID:
+            Ref: CognitoUserPoolIdParameter
+          COGNITO_APP_CLIENT_ID:
+            Ref: CognitoAppClientIdParameter
       Events:
         GetResource:
           Type: Api
           Properties:
-            Path: /cognito/signup
+            Path: /signup
             Method: post
   RefreshTokens:
     Type: AWS::Serverless::Function
@@ -35,14 +48,17 @@ Resources:
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
       Environment:
         Variables:
-          REGION_NAME: REGION_CHANGE_ME
-          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
-          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
+          REGION_NAME: 
+            Ref: RegionParameter
+          COGNITO_USER_POOL_ID:
+            Ref: CognitoUserPoolIdParameter
+          COGNITO_APP_CLIENT_ID:
+            Ref: CognitoAppClientIdParameter
       Events:
         GetResource:
           Type: Api
           Properties:
-            Path: /cognito/refresh
+            Path: /refresh
             Method: post
   UserSignin:
     Type: AWS::Serverless::Function
@@ -57,14 +73,17 @@ Resources:
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
       Environment:
         Variables:
-          REGION_NAME: REGION_CHANGE_ME
-          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
-          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
+          REGION_NAME: 
+            Ref: RegionParameter
+          COGNITO_USER_POOL_ID:
+            Ref: CognitoUserPoolIdParameter
+          COGNITO_APP_CLIENT_ID:
+            Ref: CognitoAppClientIdParameter
       Events:
         GetResource:
           Type: Api
           Properties:
-            Path: /cognito/signin
+            Path: /signin
             Method: post
   UserDelete:
     Type: AWS::Serverless::Function
@@ -79,14 +98,17 @@ Resources:
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
       Environment:
         Variables:
-          REGION_NAME: REGION_CHANGE_ME
-          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
-          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
+          REGION_NAME: 
+            Ref: RegionParameter
+          COGNITO_USER_POOL_ID:
+            Ref: CognitoUserPoolIdParameter
+          COGNITO_APP_CLIENT_ID:
+            Ref: CognitoAppClientIdParameter
       Events:
         GetResource:
           Type: Api
           Properties:
-            Path: /cognito/user
+            Path: /user
             Method: delete
   CheckTokenValidity:
     Type: AWS::Serverless::Function
@@ -101,14 +123,17 @@ Resources:
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
       Environment:
         Variables:
-          REGION_NAME: REGION_CHANGE_ME
-          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
-          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
+          REGION_NAME: 
+            Ref: RegionParameter
+          COGNITO_USER_POOL_ID:
+            Ref: CognitoUserPoolIdParameter
+          COGNITO_APP_CLIENT_ID:
+            Ref: CognitoAppClientIdParameter
       Events:
         GetResource:
           Type: Api
           Properties:
-            Path: /cognito/user/token/valid
+            Path: /user/token/valid
             Method: get
   ResetPassword:
     Type: AWS::Serverless::Function
@@ -123,12 +148,16 @@ Resources:
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
       Environment:
         Variables:
-          REGION_NAME: REGION_CHANGE_ME
-          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
-          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
+        Variables:
+          REGION_NAME: 
+            Ref: RegionParameter
+          COGNITO_USER_POOL_ID:
+            Ref: CognitoUserPoolIdParameter
+          COGNITO_APP_CLIENT_ID:
+            Ref: CognitoAppClientIdParameter
       Events:
         GetResource:
           Type: Api
           Properties:
-            Path: /cognito/user/password/reset
+            Path: /user/password/reset
             Method: post

src/main/kotlin/com/budilov/cognito/lambda/ApiGatewayResponse.kt

@@ -0,0 +1,5 @@
+package com.budilov.cognito.lambda
+
+data class ApiGatewayResponse(val statusCode: Int,
+                              val headers: MutableMap<String, String>? = null,
+                              val body: String)

src/main/kotlin/com/budilov/cognito/lambda/CognitoDeleteUserLambda.kt

@@ -6,10 +6,8 @@ import com.budilov.cognito.services.cognito.CognitoService
 import com.google.gson.Gson
 
 class CognitoDeleteUserLambda : RequestHandler<ApiGatewayRequest.Input,
-        CognitoDeleteUserLambda.AuthResponse> {
+        ApiGatewayResponse> {
 
-    data class AuthResponse(val statusCode: Int,
-                            val body: String)
 
     val cognito = CognitoService()
 
@@ -18,32 +16,35 @@ class CognitoDeleteUserLambda : RequestHandler<ApiGatewayRequest.Input,
      * 2. Get the
      */
     override fun handleRequest(request: ApiGatewayRequest.Input?,
-                               context: Context?): AuthResponse? {
+                               context: Context?): ApiGatewayResponse? {
 
         val logger = context?.logger
 
         val idToken = request?.headers?.get("idToken")
 
         var status = 400
-        val resultBody = if (idToken != null) {
-
-
-            val tokenValid = cognito.isTokenValid(idToken)
+        var response: String = ""
+
+        if (idToken != null) {
+            // Check to see if the token is valid and if the username matches the
+            // idToken's username
+            val tokenValid = try {
+                cognito.isTokenValid(idToken)
+            } catch (e: Exception) {
+                logger?.log("Couldn't figure out if the id token is valid...caught an exception...${e.stackTrace}")
+                false
+            }
 
-            var deleteUserResponse: Any = "Couldn't delete the user because of a bad token."
             if (tokenValid) {
+                val username = cognito.getUsername(idToken)
+                response = Gson().toJson(cognito.adminDeleteUser(username = username))
                 status = 200
-                deleteUserResponse = cognito.adminDeleteUser(username = cognito.getUsername(idToken))
             }
 
-            Gson().toJson(deleteUserResponse)
         } else {
-            logger?.log("Username and idToken are required")
-            "Username and idToken are required"
+            logger?.log("The id token is required")
         }
 
-        logger?.log("request payload: " + Gson().toJson(request))
-
-        return AuthResponse(status, resultBody)
+        return ApiGatewayResponse(statusCode = status, body = Gson().toJson(response))
     }
 }

src/main/kotlin/com/budilov/cognito/lambda/CognitoRefreshTokensLambda.kt

@@ -6,10 +6,7 @@ import com.budilov.cognito.services.cognito.CognitoService
 import com.google.gson.Gson
 
 class CognitoRefreshTokensLambda : RequestHandler<ApiGatewayRequest.Input,
-        CognitoRefreshTokensLambda.AuthResponse> {
-
-    data class AuthResponse(val statusCode: Int,
-                            val body: String)
+        ApiGatewayResponse> {
 
     val cognito = CognitoService()
 
@@ -18,26 +15,20 @@ class CognitoRefreshTokensLambda : RequestHandler<ApiGatewayRequest.Input,
      * 2. Get the
      */
     override fun handleRequest(request: ApiGatewayRequest.Input?,
-                               context: Context?): AuthResponse? {
+                               context: Context?): ApiGatewayResponse? {
         val logger = context?.logger
 
         val refreshToken = request?.headers?.get("refreshToken")
 
         logger?.log("${refreshToken}")
         var status = 400
-        val resultBody = if (refreshToken != null) {
-            status = 200
-
-            val response = cognito.adminRefreshTokens(refreshToken = refreshToken)
+        var response: String = ""
 
-            Gson().toJson(response)
-        } else {
-            logger?.log("Username and password are required")
-            "Username and password are required"
+        if (refreshToken != null) {
+            response = Gson().toJson(cognito.adminRefreshTokens(refreshToken))
+            status = 200
         }
 
-        logger?.log("request payload: " + Gson().toJson(request))
-
-        return AuthResponse(status, resultBody)
+        return ApiGatewayResponse(statusCode = status, body = response)
     }
 }

src/main/kotlin/com/budilov/cognito/lambda/CognitoResetPasswordLambda.kt

@@ -6,10 +6,8 @@ import com.budilov.cognito.services.cognito.CognitoService
 import com.google.gson.Gson
 
 class CognitoResetPasswordLambda : RequestHandler<ApiGatewayRequest.Input,
-        CognitoResetPasswordLambda.AuthResponse> {
+        ApiGatewayResponse> {
 
-    data class AuthResponse(val statusCode: Int,
-                            val body: String)
 
     val cognito = CognitoService()
 
@@ -18,32 +16,35 @@ class CognitoResetPasswordLambda : RequestHandler<ApiGatewayRequest.Input,
      * 2. Get the
      */
     override fun handleRequest(request: ApiGatewayRequest.Input?,
-                               context: Context?): AuthResponse? {
+                               context: Context?): ApiGatewayResponse? {
 
         val logger = context?.logger
 
         val idToken = request?.headers?.get("idToken")
 
         var status = 400
-        val resultBody = if (idToken != null) {
+        var response: String = ""
+
+        if (idToken != null) {
             // Check to see if the token is valid and if the username matches the
             // idToken's username
-            val tokenValid = cognito.isTokenValid(idToken)
+            val tokenValid = try {
+                cognito.isTokenValid(idToken)
+            } catch (e: Exception) {
+                logger?.log("Couldn't figure out if the id token is valid...caught an exception...${e.stackTrace}")
+                false
+            }
 
-            var deleteUserResponse: Any = "Couldn't reset the password because of a bad token."
             if (tokenValid) {
+                val username = cognito.getUsername(idToken)
+                response = Gson().toJson(cognito.adminResetPassword(username = username))
                 status = 200
-                deleteUserResponse = cognito.adminResetPassword(username = cognito.getUsername(idToken))
             }
 
-            Gson().toJson(deleteUserResponse)
         } else {
-            logger?.log("Username and idToken are required")
-            "Username and idToken are required"
+            logger?.log("The id token is required")
         }
 
-        logger?.log("request payload: " + Gson().toJson(request))
-
-        return AuthResponse(status, resultBody)
+        return ApiGatewayResponse(statusCode = status, body = response)
     }
 }

src/main/kotlin/com/budilov/cognito/lambda/CognitoSigninLambda.kt

@@ -6,32 +6,28 @@ import com.budilov.cognito.services.cognito.CognitoService
 import com.google.gson.Gson
 
 class CognitoSigninLambda : RequestHandler<ApiGatewayRequest.Input,
-        CognitoSigninLambda.AuthResponse> {
+        ApiGatewayResponse> {
 
-    data class AuthResponse(val statusCode: Int,
-                            val body: String)
 
     val cognito = CognitoService()
 
-    /**
-     * 1. Get the request from API Gateway. Unmarshal (automatically) the request
-     * 2. Get the
-     */
     override fun handleRequest(request: ApiGatewayRequest.Input?,
-                               context: Context?): AuthResponse? {
+                               context: Context?): ApiGatewayResponse? {
 
         val logger = context?.logger
         val username = request?.headers?.get("username")
         val password = request?.headers?.get("password")
+
         var status = 400
-        val resultBody = if (username != null && password != null) {
-            status = 200;
-            Gson().toJson(cognito.signInNoSRP(username = username,
-                    password = password))
-        } else "Username and password are required"
+        var response = ""
 
-        logger?.log("request payload: " + Gson().toJson(request))
+        if (username != null && password != null) {
+            status = 200
+            response = Gson().toJson(cognito.signInNoSRP(username = username,
+                    password = password))
+            logger?.log("Got a body from Cognito: $response")
+        }
 
-        return AuthResponse(status, resultBody)
+        return ApiGatewayResponse(statusCode = status, body = response)
     }
 }