[DEV-1023] Change email verification mode from code to link (#347)

Co-authored-by: Marco Comi <[email protected]>
pagopa · Oct 31, 2023 · 46859b3 · 46859b3
1 parent 046d4aa
commit 46859b3
Show file tree

Hide file tree

Showing 14 changed files with 897 additions and 2 deletions.
diff --git a/.github/workflows/code_review_infra.yaml b/.github/workflows/code_review_infra.yaml
@@ -34,6 +34,9 @@ jobs:
       - name: Compile Cloudfront Functions
         run: npm run compile -w cloudfront-functions
 
+      - name: Build Cognito Functions
+        run: npm run build -w cognito-functions
+
       - name: Configure AWS Credentials
         uses: ./.github/actions/configure-aws-credentials
         with:

diff --git a/.github/workflows/deploy_infra.yml b/.github/workflows/deploy_infra.yml
@@ -51,6 +51,9 @@ jobs:
       - name: Compile Cloudfront Functions
         run: npm run compile -w cloudfront-functions
 
+      - name: Build Cognito Functions
+        run: npm run build -w cognito-functions
+
       - name: Configure AWS Credentials
         uses: ./.github/actions/configure-aws-credentials
         with:

diff --git a/.infrastructure/.terraform.lock.hcl b/.infrastructure/.terraform.lock.hcl
diff --git a/.infrastructure/55_cognito.tf b/.infrastructure/55_cognito.tf
@@ -1,3 +1,27 @@
+module "cognito_custom_message_function" {
+  source = "terraform-aws-modules/lambda/aws"
+
+  function_name = "cognito_custom_message"
+  description   = "Cognito custom message"
+  handler       = "main.customMessageHandler"
+  runtime       = "nodejs18.x"
+
+  create_package                          = false
+  local_existing_package                  = "../apps/cognito-functions/out/cognito-functions.zip"
+  create_current_version_allowed_triggers = false
+
+  environment_variables = {
+    DOMAIN = var.dns_domain_name
+  }
+
+  allowed_triggers = {
+    cognito_devportal = {
+      principal  = "cognito-idp.amazonaws.com"
+      source_arn = aws_cognito_user_pool.devportal.arn
+    }
+  }
+}
+
 resource "aws_cognito_user_pool" "devportal" {
   name                = "devportalpool"
   deletion_protection = "ACTIVE"
@@ -36,6 +60,14 @@ resource "aws_cognito_user_pool" "devportal" {
     source_arn            = module.ses_developer_pagopa_it.ses_domain_identity_arn
   }
 
+  verification_message_template {
+    default_email_option = "CONFIRM_WITH_CODE"
+  }
+
+  lambda_config {
+    custom_message = module.cognito_custom_message_function.lambda_function_arn
+  }
+
   # Custom attributes cannot be required.
   # Terraform cannot update or delete an attribute.
   # Terraform can add a new attribute as update in-place.

diff --git a/apps/cognito-functions/.eslintrc.json b/apps/cognito-functions/.eslintrc.json
@@ -0,0 +1,6 @@
+{
+  "root": true,
+  "extends": [
+    "custom"
+  ]
+}
diff --git a/apps/cognito-functions/.gitignore b/apps/cognito-functions/.gitignore
@@ -0,0 +1,218 @@
+# Created by https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux
+# Edit at https://www.toptal.com/developers/gitignore?templates=node,macos,windows,linux
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### macOS Patch ###
+# iCloud generated files
+*.icloud
+
+### Node ###
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+
+### Node Patch ###
+# Serverless Webpack directories
+.webpack/
+
+# Optional stylelint cache
+
+# SvelteKit build / generate output
+.svelte-kit
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# End of https://www.toptal.com/developers/gitignore/api/node,macos,windows,linux
diff --git a/apps/cognito-functions/jest.config.js b/apps/cognito-functions/jest.config.js
@@ -0,0 +1,17 @@
+/** @type {import('jest').Config} */
+const config = {
+  roots: ['<rootDir>/src'],
+  testMatch: ['**/__tests__/**/*.+(ts)'],
+  moduleFileExtensions: ['ts', 'js'],
+  transform: {
+    '^.+\\.(ts)$': 'ts-jest',
+  },
+  coverageThreshold: {
+    global: {
+      branches: 70,
+      lines: 70,
+    },
+  },
+};
+
+module.exports = config;