Skip to content

Commit

Permalink
feat(cognito): validate oidc provider name (aws#28802)
Browse files Browse the repository at this point in the history
Closes aws#28667.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
msambol authored and Vandita2020 committed Jan 29, 2024
1 parent ff99f3e commit 2e3466e
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 4 deletions.
9 changes: 5 additions & 4 deletions packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/oidc.ts
Original file line number Diff line number Diff line change
Expand Up @@ -107,10 +107,6 @@ export class UserPoolIdentityProviderOidc extends UserPoolIdentityProviderBase {
constructor(scope: Construct, id: string, props: UserPoolIdentityProviderOidcProps) {
super(scope, id, props);

if (props.name && !Token.isUnresolved(props.name) && (props.name.length < 3 || props.name.length > 32)) {
throw new Error(`Expected provider name to be between 3 and 32 characters, received ${props.name} (${props.name.length} characters)`);
}

const scopes = props.scopes ?? ['openid'];

const resource = new CfnUserPoolIdentityProvider(this, 'Resource', {
Expand Down Expand Up @@ -140,6 +136,11 @@ export class UserPoolIdentityProviderOidc extends UserPoolIdentityProviderBase {
if (!Token.isUnresolved(name) && (name.length < 3 || name.length > 32)) {
throw new Error(`Expected provider name to be between 3 and 32 characters, received ${name} (${name.length} characters)`);
}
// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolidentityprovider.html#cfn-cognito-userpoolidentityprovider-providername
// u is for unicode
if (!name.match(/^[^_\p{Z}][\p{L}\p{M}\p{S}\p{N}\p{P}][^_\p{Z}]+$/u)) {
throw new Error(`Expected provider name must match [^_\p{Z}][\p{L}\p{M}\p{S}\p{N}\p{P}][^_\p{Z}]+, received ${name}`);
}
return name;
}

Expand Down
16 changes: 16 additions & 0 deletions packages/aws-cdk-lib/aws-cognito/test/user-pool-idps/oidc.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,22 @@ describe('UserPoolIdentityProvider', () => {
})).toThrow(/Expected provider name to be between 3 and 32 characters/);
});

test('throws with provider name that doesn\'t match pattern', () => {
// GIVEN
const stack = new Stack();
const pool = new UserPool(stack, 'userpool');
const name = ' thisisabadname';

// THEN
expect(() => new UserPoolIdentityProviderOidc(stack, 'userpoolidp', {
userPool: pool,
name,
clientId: 'client-id',
clientSecret: 'client-secret',
issuerUrl: 'https://my-issuer-url.com',
})).toThrow(`Expected provider name must match [^_\p{Z}][\p{L}\p{M}\p{S}\p{N}\p{P}][^_\p{Z}]+, received ${name}`);
});

test('generates a valid name when unique id is too short', () => {
// GIVEN
const stack = new Stack();
Expand Down

0 comments on commit 2e3466e

Please # to comment.