Using environment variables now. Pulling jwks from Cognito

.gitignore

@@ -9,4 +9,5 @@ gradlew.bat
 repo/
 .idea/
 out/
+nohup.out
 

build.gradle

@@ -2,7 +2,7 @@ group 'com.budilov.cognito'
 version '1.0-SNAPSHOT'
 
 buildscript {
-    ext.kotlin_version = '1.1.4'
+    ext.kotlin_version = '1.2.10'
     ext.aws_version = '2.0.0-preview-2'
     ext.jest_version = '2.0.4'
     ext.gradle_deps = '0.6.0.RELEASE'
@@ -29,6 +29,12 @@ mainClassName = 'com.budilov.cognito.resource.ServiceEndpointsKt'
 
 defaultTasks 'run'
 
+compileKotlin {
+    kotlinOptions {
+        jvmTarget = '1.8'
+    }
+}
+
 repositories {
     mavenCentral()
 }
@@ -67,7 +73,7 @@ dependencies {
     compile "com.amazonaws:aws-lambda-java-core:1.1.0"
 
     //JWT
-    compile "com.auth0:java-jwt:3.1.0"
+    compile "com.auth0:java-jwt:3.3.0"
     compile 'com.auth0:jwks-rsa:0.1.0'
 
     compile 'org.slf4j:slf4j-simple:1.7.21'

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
-#Wed Nov 09 21:55:11 EST 2016
+#Wed Dec 27 10:28:42 EST 2017
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-3.2-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.0-bin.zip

gradlew

@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 
 ##############################################################################
 ##
@@ -33,11 +33,11 @@ DEFAULT_JVM_OPTS=""
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD="maximum"
 
-warn ( ) {
+warn () {
     echo "$*"
 }
 
-die ( ) {
+die () {
     echo
     echo "$*"
     echo
@@ -154,11 +154,19 @@ if $cygwin ; then
     esac
 fi
 
-# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
-function splitJvmOpts() {
-    JVM_OPTS=("$@")
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
 }
-eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
-JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
+APP_ARGS=$(save "$@")
 
-exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
+if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
+  cd "$(dirname "$0")"
+fi
+
+exec "$JAVACMD" "$@"

sam.yaml

@@ -1,6 +1,6 @@
 Transform: AWS::Serverless-2016-10-31
 Resources:
-  CognitoSignupLambda:
+  UserSignup:
     Type: AWS::Serverless::Function
     Properties:
       Handler: com.budilov.cognito.lambda.CognitoSignupLambda::handleRequest
@@ -12,13 +12,39 @@ Resources:
       Timeout: 15
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
       Environment:
+        Variables:
+          REGION_NAME: REGION_CHANGE_ME
+          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
+          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
       Events:
         GetResource:
           Type: Api
           Properties:
-            Path: /cognito/user/signup
+            Path: /cognito/signup
             Method: post
-  CognitoSigninLambda:
+  RefreshTokens:
+    Type: AWS::Serverless::Function
+    Properties:
+      Handler: com.budilov.cognito.lambda.CognitoRefreshTokensLambda::handleRequest
+      FunctionName: CognitoRefreshTokensLambda
+      Policies:
+       - AmazonCognitoPowerUser
+      Runtime: java8
+      MemorySize: 1024
+      Timeout: 15
+      CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
+      Environment:
+        Variables:
+          REGION_NAME: REGION_CHANGE_ME
+          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
+          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
+      Events:
+        GetResource:
+          Type: Api
+          Properties:
+            Path: /cognito/refresh
+            Method: post
+  UserSignin:
     Type: AWS::Serverless::Function
     Properties:
       Handler: com.budilov.cognito.lambda.CognitoSigninLambda::handleRequest
@@ -30,13 +56,17 @@ Resources:
       Timeout: 15
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
       Environment:
+        Variables:
+          REGION_NAME: REGION_CHANGE_ME
+          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
+          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
       Events:
         GetResource:
           Type: Api
           Properties:
-            Path: /cognito/user/signin
+            Path: /cognito/signin
             Method: post
-  CognitoDeleteUserLambda:
+  UserDelete:
     Type: AWS::Serverless::Function
     Properties:
       Handler: com.budilov.cognito.lambda.CognitoDeleteUserLambda::handleRequest
@@ -47,15 +77,18 @@ Resources:
       MemorySize: 1024
       Timeout: 15
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
-      Policies: AmazonCognitoReadOnly
       Environment:
+        Variables:
+          REGION_NAME: REGION_CHANGE_ME
+          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
+          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
       Events:
         GetResource:
           Type: Api
           Properties:
             Path: /cognito/user
             Method: delete
-  CognitoTokenValidLambda:
+  CheckTokenValidity:
     Type: AWS::Serverless::Function
     Properties:
       Handler: com.budilov.cognito.lambda.CognitoTokenValidLambda::handleRequest
@@ -66,15 +99,18 @@ Resources:
       MemorySize: 1024
       Timeout: 15
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
-      Policies: AmazonCognitoReadOnly
       Environment:
+        Variables:
+          REGION_NAME: REGION_CHANGE_ME
+          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
+          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
       Events:
         GetResource:
           Type: Api
           Properties:
             Path: /cognito/user/token/valid
             Method: get
-  CognitoResetPassword:
+  ResetPassword:
     Type: AWS::Serverless::Function
     Properties:
       Handler: com.budilov.cognito.lambda.CognitoResetPassword::handleRequest
@@ -85,8 +121,11 @@ Resources:
       MemorySize: 1024
       Timeout: 15
       CodeUri: build/libs/cognito-rest-service-1.0-SNAPSHOT.jar
-      Policies: AmazonCognitoReadOnly
       Environment:
+        Variables:
+          REGION_NAME: REGION_CHANGE_ME
+          COGNITO_USER_POOL_ID: POOL_ID_CHANGE_ME
+          COGNITO_APP_CLIENT_ID: CLIENT_ID_CHANGE_ME
       Events:
         GetResource:
           Type: Api

src/main/kotlin/com/budilov/cognito/Properties.kt

@@ -1,20 +1,16 @@
 package com.budilov.cognito
 
-import com.google.gson.GsonBuilder
-
 /**
  * Created by Vladimir Budilov
  * https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json -->
  *
  * https://cognito-idp.us-east-1.amazonaws.com/us-east-1_PGSbCVZ7S/.well-known/jwks.json
  */
-data class Properties(val regionName: String, val cognitoUserPoolId: String,
-                      val cognitoClientId: String, val jwtIdTokenKid: String)
-
-object PropertyFileConverter {
+object Properties {
 
-    internal fun readCredentials(): Properties {
-        val gson = GsonBuilder().create()
-        return gson.fromJson(PropertyFileConverter.javaClass.classLoader.getResource("properties.json").readText(), Properties::class.java)
-    }
-}
+    val regionName: String = System.getenv("REGION_NAME")
+    val cognitoUserPoolId: String = System.getenv("COGNITO_USER_POOL_ID")
+    val cognitoAppClientId: String = System.getenv("COGNITO_APP_CLIENT_ID")
+    val jwksUrl = "https://cognito-idp.$regionName.amazonaws.com/$cognitoUserPoolId/.well-known/jwks.json"
+    val jwtTokenIssuer = "https://cognito-idp.$regionName.amazonaws.com/$cognitoUserPoolId"
+}

src/main/kotlin/com/budilov/cognito/lambda/CognitoDeleteUserLambda.kt

@@ -2,7 +2,6 @@ package com.budilov.cognito.lambda
 
 import com.amazonaws.services.lambda.runtime.Context
 import com.amazonaws.services.lambda.runtime.RequestHandler
-import com.budilov.cognito.PropertyFileConverter
 import com.budilov.cognito.services.cognito.CognitoService
 import com.google.gson.Gson
 
@@ -12,7 +11,7 @@ class CognitoDeleteUserLambda : RequestHandler<ApiGatewayRequest.Input,
     data class AuthResponse(val statusCode: Int,
                             val body: String)
 
-    val cognito = CognitoService(PropertyFileConverter.readCredentials())
+    val cognito = CognitoService()
 
     /**
      * 1. Get the request from API Gateway. Unmarshal (automatically) the request

src/main/kotlin/com/budilov/cognito/lambda/CognitoRefreshTokensLambda.kt

@@ -0,0 +1,43 @@
+package com.budilov.cognito.lambda
+
+import com.amazonaws.services.lambda.runtime.Context
+import com.amazonaws.services.lambda.runtime.RequestHandler
+import com.budilov.cognito.services.cognito.CognitoService
+import com.google.gson.Gson
+
+class CognitoRefreshTokensLambda : RequestHandler<ApiGatewayRequest.Input,
+        CognitoRefreshTokensLambda.AuthResponse> {
+
+    data class AuthResponse(val statusCode: Int,
+                            val body: String)
+
+    val cognito = CognitoService()
+
+    /**
+     * 1. Get the request from API Gateway. Unmarshal (automatically) the request
+     * 2. Get the
+     */
+    override fun handleRequest(request: ApiGatewayRequest.Input?,
+                               context: Context?): AuthResponse? {
+        val logger = context?.logger
+
+        val refreshToken = request?.headers?.get("refreshToken")
+
+        logger?.log("${refreshToken}")
+        var status = 400
+        val resultBody = if (refreshToken != null) {
+            status = 200
+
+            val response = cognito.adminRefreshTokens(refreshToken = refreshToken)
+
+            Gson().toJson(response)
+        } else {
+            logger?.log("Username and password are required")
+            "Username and password are required"
+        }
+
+        logger?.log("request payload: " + Gson().toJson(request))
+
+        return AuthResponse(status, resultBody)
+    }
+}

src/main/kotlin/com/budilov/cognito/lambda/CognitoResetPasswordLambda.kt

@@ -2,7 +2,6 @@ package com.budilov.cognito.lambda
 
 import com.amazonaws.services.lambda.runtime.Context
 import com.amazonaws.services.lambda.runtime.RequestHandler
-import com.budilov.cognito.PropertyFileConverter
 import com.budilov.cognito.services.cognito.CognitoService
 import com.google.gson.Gson
 
@@ -12,7 +11,7 @@ class CognitoResetPasswordLambda : RequestHandler<ApiGatewayRequest.Input,
     data class AuthResponse(val statusCode: Int,
                             val body: String)
 
-    val cognito = CognitoService(PropertyFileConverter.readCredentials())
+    val cognito = CognitoService()
 
     /**
      * 1. Get the request from API Gateway. Unmarshal (automatically) the request

src/main/kotlin/com/budilov/cognito/lambda/CognitoSigninLambda.kt

@@ -2,7 +2,6 @@ package com.budilov.cognito.lambda
 
 import com.amazonaws.services.lambda.runtime.Context
 import com.amazonaws.services.lambda.runtime.RequestHandler
-import com.budilov.cognito.PropertyFileConverter
 import com.budilov.cognito.services.cognito.CognitoService
 import com.google.gson.Gson
 
@@ -12,7 +11,7 @@ class CognitoSigninLambda : RequestHandler<ApiGatewayRequest.Input,
     data class AuthResponse(val statusCode: Int,
                             val body: String)
 
-    val cognito = CognitoService(PropertyFileConverter.readCredentials())
+    val cognito = CognitoService()
 
     /**
      * 1. Get the request from API Gateway. Unmarshal (automatically) the request

src/main/kotlin/com/budilov/cognito/lambda/CognitoSignupLambda.kt

@@ -2,7 +2,6 @@ package com.budilov.cognito.lambda
 
 import com.amazonaws.services.lambda.runtime.Context
 import com.amazonaws.services.lambda.runtime.RequestHandler
-import com.budilov.cognito.PropertyFileConverter
 import com.budilov.cognito.services.cognito.CognitoService
 import com.google.gson.Gson
 
@@ -12,7 +11,7 @@ class CognitoSignupLambda : RequestHandler<ApiGatewayRequest.Input,
     data class AuthResponse(val statusCode: Int,
                             val body: String)
 
-    val cognito = CognitoService(PropertyFileConverter.readCredentials())
+    val cognito = CognitoService()
 
     /**
      * 1. Get the request from API Gateway. Unmarshal (automatically) the request

src/main/kotlin/com/budilov/cognito/lambda/CognitoTokenValidLambda.kt

@@ -2,7 +2,6 @@ package com.budilov.cognito.lambda
 
 import com.amazonaws.services.lambda.runtime.Context
 import com.amazonaws.services.lambda.runtime.RequestHandler
-import com.budilov.cognito.PropertyFileConverter
 import com.budilov.cognito.services.cognito.CognitoService
 import com.google.gson.Gson
 
@@ -12,7 +11,7 @@ class CognitoTokenValidLambda : RequestHandler<ApiGatewayRequest.Input,
     data class AuthResponse(val statusCode: Int,
                             val body: String)
 
-    val cognito = CognitoService(PropertyFileConverter.readCredentials())
+    val cognito = CognitoService()
 
     /**
      * 1. Get the request from API Gateway. Unmarshal (automatically) the request