upgrade Gradle, add forgot password, require user pool on setup

Author: hbmartin

amplifyframework/src/commonMain/kotlin/com/jump/sdk/amplifyframework/CognitoAction.kt

@@ -1,8 +1,10 @@
 package com.jump.sdk.amplifyframework
 
 enum class CognitoAction(val headerValue: String) {
+    CONFIRM_FORGOT_PASSWORD("AWSCognitoIdentityProviderService.ConfirmForgotPassword"),
     CONFIRM_SIGN_UP("AWSCognitoIdentityProviderService.ConfirmSignUp"),
-    SIGN_UP("AWSCognitoIdentityProviderService.SignUp"),
+    FORGOT_PASSWORD("AWSCognitoIdentityProviderService.ForgotPassword"),
     INITIATE_AUTH("AWSCognitoIdentityProviderService.InitiateAuth"),
     RESPOND_TO_AUTH_CHALLENGE("AWSCognitoIdentityProviderService.RespondToAuthChallenge"),
+    SIGN_UP("AWSCognitoIdentityProviderService.SignUp"),
 }

amplifyframework/src/commonMain/kotlin/com/jump/sdk/amplifyframework/CognitoException.kt

@@ -3,6 +3,5 @@ package com.jump.sdk.amplifyframework
 sealed class CognitoException(override val message: String) : Exception(message) {
     data object BadSrpB : CognitoException("Bad server public value 'B'")
     data object HashOfAAndSrpBCannotBeZero : CognitoException("Hash of A and B cannot be zero")
-    data object UserPoolNameNotSet : CognitoException("Must call setUserPoolParams() before this")
     data object UserIdNotSet : CognitoException("Must call setUserPoolParams() before this")
 }

amplifyframework/src/commonMain/kotlin/com/jump/sdk/amplifyframework/CognitoKeys.kt

@@ -21,6 +21,7 @@ object CognitoKeys {
     const val PASSWORD_CLAIM_SECRET_BLOCK = "PASSWORD_CLAIM_SECRET_BLOCK"
     const val PASSWORD_CLAIM_SIGNATURE = "PASSWORD_CLAIM_SIGNATURE"
     const val PASSWORD_VERIFIER = "PASSWORD_VERIFIER"
+    const val REFRESH_TOKEN_AUTH = "REFRESH_TOKEN_AUTH"
     const val REFRESH_TOKEN = "REFRESH_TOKEN"
     const val SALT = "SALT"
     const val SECRET_BLOCK = "SECRET_BLOCK"

amplifyframework/src/commonMain/kotlin/com/jump/sdk/amplifyframework/SRPHelper.kt

@@ -23,6 +23,7 @@ import io.ktor.utils.io.core.toByteArray
 import org.kotlincrypto.SecureRandom
 import org.kotlincrypto.hash.sha2.SHA256
 import org.kotlincrypto.macs.hmac.sha2.HmacSHA256
+import kotlin.coroutines.cancellation.CancellationException
 import kotlin.io.encoding.Base64
 import kotlin.io.encoding.ExperimentalEncodingApi
 
@@ -45,7 +46,7 @@ private const val HEX_N =
 
 @OptIn(ExperimentalEncodingApi::class)
 @Suppress("TooManyFunctions")
-class SRPHelper(private val password: String) {
+class SRPHelper(private val password: String, userPoolName: String) {
     @Suppress("VariableNaming")
     private val N = BigInteger.parseString(HEX_N, 16)
 
@@ -61,8 +62,16 @@ class SRPHelper(private val password: String) {
         internal set
 
     private val digest = SHA256()
+    var userIdForSrp: String? = null
+    private val userPoolName: String
 
     init {
+        if (userPoolName.contains("_")) {
+            this.userPoolName = userPoolName.split(Regex("_"), 2)[1]
+        } else {
+            this.userPoolName = userPoolName
+        }
+
         // Generate client private 'a' and public 'A' values
         do {
             privateA = BigInteger.fromByteArray(random.nextBytesOf(EPHEMERAL_KEY_LENGTH), Sign.POSITIVE).mod(N)
@@ -76,17 +85,6 @@ class SRPHelper(private val password: String) {
         k = BigInteger.fromByteArray(digest.digest(g.toByteArray()), Sign.POSITIVE)
     }
 
-    private var userId: String? = null
-    private var userPoolName: String? = null
-
-    fun setUserPoolParams(userIdForSrp: String, userPoolName: String) {
-        this.userId = userIdForSrp
-        this.userPoolName = userPoolName
-        if (userPoolName.contains("_")) {
-            this.userPoolName = userPoolName.split(Regex("_"), 2)[1]
-        }
-    }
-
     // @TestOnly
     internal fun modN(value: BigInteger): BigInteger = value.mod(N)
 
@@ -109,8 +107,8 @@ class SRPHelper(private val password: String) {
     @Throws(CognitoException::class)
     internal fun computeX(salt: BigInteger): BigInteger {
         digest.reset()
-        digest.update(userPoolName?.toByteArray() ?: throw CognitoException.UserPoolNameNotSet)
-        digest.update(userId?.toByteArray() ?: throw CognitoException.UserIdNotSet)
+        digest.update(userPoolName.toByteArray())
+        digest.update(userIdForSrp?.toByteArray() ?: throw CognitoException.UserIdNotSet)
         digest.update(":".toByteArray())
         val userIdPasswordHash = digest.digest(password.toByteArray())
 
@@ -155,8 +153,8 @@ class SRPHelper(private val password: String) {
     @Throws(CognitoException::class)
     internal fun generateM1Signature(key: ByteArray, secretBlock: String): ByteArray {
         val mac = HmacSHA256(key)
-        mac.update(userPoolName?.toByteArray() ?: throw CognitoException.UserPoolNameNotSet)
-        mac.update(userId?.toByteArray() ?: throw CognitoException.UserIdNotSet)
+        mac.update(userPoolName.toByteArray())
+        mac.update(userIdForSrp?.toByteArray() ?: throw CognitoException.UserIdNotSet)
         mac.update(Base64.decode(secretBlock))
         return mac.doFinal(timestamp.toByteArray())
     }
@@ -178,8 +176,8 @@ class SRPHelper(private val password: String) {
      * for the subsequent call to AWSCognitoIdentityProviderService.RespondToAuthChallenge
      * @return A string representing the PASSWORD_CLAIM_SIGNATURE for authentication.
      */
-    @Throws(CognitoException::class)
-    fun getSignature(salt: String, srpB: String, secretBlock: String): String {
+    @Throws(CognitoException::class, CancellationException::class)
+    suspend fun getSignature(salt: String, srpB: String, secretBlock: String): String {
         val bigIntSRPB = BigInteger.parseString(srpB, HEX)
         val bigIntSalt = BigInteger.parseString(salt, HEX)
 

build.gradle.kts

@@ -1,7 +1,8 @@
 plugins {
-    id("com.android.library").version("8.2.0-beta06").apply(false)
+    id("com.android.library").version("8.2.0-rc01").apply(false)
     kotlin("multiplatform").version("1.9.10").apply(false)
     id("io.gitlab.arturbosch.detekt") version "1.23.1"
+    id("com.github.ben-manes.versions") version "0.49.0"
 }
 
 tasks.register("clean", Delete::class) {

gradle/wrapper/gradle-wrapper.jar

@@ -1,6 +1,7 @@
-#Sat Oct 14 10:22:57 PDT 2023
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists