fix: save totp disabled status

frouriojs · Dec 26, 2024 · 71de8e9 · 71de8e9
1 parent 7c5411b
commit 71de8e9
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 10 deletions.
diff --git a/server/domain/user/model/mfaMethod.ts b/server/domain/user/model/mfaMethod.ts
@@ -15,18 +15,28 @@ export const mfaMethod = {
 
     return { ...user, mfaSettingList: ['SOFTWARE_TOKEN_MFA'] };
   },
+  // eslint-disable-next-line complexity
   setPreference: (
     user: CognitoUserEntity,
     req: SetUserMFAPreferenceTarget['reqBody'],
   ): CognitoUserEntity => {
+    const mfaSettingList: CognitoUserEntity['mfaSettingList'] =
+      req.SoftwareTokenMfaSettings?.Enabled === undefined
+        ? user.mfaSettingList
+        : req.SoftwareTokenMfaSettings.Enabled
+          ? ['SOFTWARE_TOKEN_MFA']
+          : undefined;
+
     return {
       ...user,
-      preferredMfaSetting: req.SoftwareTokenMfaSettings?.PreferredMfa
-        ? 'SOFTWARE_TOKEN_MFA'
-        : user.preferredMfaSetting,
-      mfaSettingList: req.SoftwareTokenMfaSettings?.Enabled
-        ? ['SOFTWARE_TOKEN_MFA']
-        : user.mfaSettingList,
+      mfaSettingList,
+      preferredMfaSetting:
+        !mfaSettingList?.some((s) => s === 'SOFTWARE_TOKEN_MFA') ||
+        req.SoftwareTokenMfaSettings?.PreferredMfa === false
+          ? undefined
+          : req.SoftwareTokenMfaSettings?.PreferredMfa === undefined
+            ? user.preferredMfaSetting
+            : 'SOFTWARE_TOKEN_MFA',
     };
   },
 };
diff --git a/server/domain/user/repository/userCommand.ts b/server/domain/user/repository/userCommand.ts
@@ -29,8 +29,9 @@ export const userCommand = {
         secB: user.challenge?.secB,
         srpAuthTimestamp: user.srpAuth?.timestamp,
         srpAuthClientSignature: user.srpAuth?.clientSignature,
-        preferredMfaSetting: user.preferredMfaSetting,
-        enabledTotp: user.mfaSettingList?.some((setting) => setting === 'SOFTWARE_TOKEN_MFA'),
+        preferredMfaSetting: user.preferredMfaSetting ?? null,
+        enabledTotp:
+          user.mfaSettingList?.some((setting) => setting === 'SOFTWARE_TOKEN_MFA') ?? null,
         totpSecretCode: user.totpSecretCode,
         attributes: { createMany: { data: user.attributes } },
         updatedAt: new Date(user.updatedTime),

diff --git a/server/tests/sdk/mfa.test.ts b/server/tests/sdk/mfa.test.ts
@@ -55,21 +55,46 @@ test(SetUserMFAPreferenceCommand.name, async () => {
 
   assert(SecretCode);
 
+  await cognitoClient.send(
+    new SetUserMFAPreferenceCommand({
+      AccessToken: token.AccessToken,
+      SoftwareTokenMfaSettings: { PreferredMfa: true, Enabled: true },
+    }),
+  );
+
+  const user1 = await cognitoClient.send(new GetUserCommand(token));
+
+  expect(user1.PreferredMfaSetting).toBe(MFA_SETTING_LIST['0']);
+  expect(user1.UserMFASettingList?.[0]).toBe(MFA_SETTING_LIST['0']);
+
   await cognitoClient.send(
     new SetUserMFAPreferenceCommand({
       AccessToken: token.AccessToken,
       SoftwareTokenMfaSettings: { PreferredMfa: false, Enabled: false },
     }),
   );
 
+  const user2 = await cognitoClient.send(new GetUserCommand(token));
+
+  expect(user2.PreferredMfaSetting).toBe(undefined);
+  expect(user2.UserMFASettingList).toBe(undefined);
+
   await cognitoClient.send(
     new SetUserMFAPreferenceCommand({
       AccessToken: token.AccessToken,
       SoftwareTokenMfaSettings: { PreferredMfa: true, Enabled: true },
     }),
   );
 
-  const user = await cognitoClient.send(new GetUserCommand(token));
+  await cognitoClient.send(
+    new SetUserMFAPreferenceCommand({
+      AccessToken: token.AccessToken,
+      SoftwareTokenMfaSettings: {},
+    }),
+  );
+
+  const user3 = await cognitoClient.send(new GetUserCommand(token));
 
-  expect(user.PreferredMfaSetting).toBe(MFA_SETTING_LIST['0']);
+  expect(user3.PreferredMfaSetting).toBe(MFA_SETTING_LIST['0']);
+  expect(user3.UserMFASettingList?.[0]).toBe(MFA_SETTING_LIST['0']);
 });