diff --git a/server/domain/user/model/mfaMethod.ts b/server/domain/user/model/mfaMethod.ts index 6f424cd..e2f62d9 100644 --- a/server/domain/user/model/mfaMethod.ts +++ b/server/domain/user/model/mfaMethod.ts @@ -15,18 +15,28 @@ export const mfaMethod = { return { ...user, mfaSettingList: ['SOFTWARE_TOKEN_MFA'] }; }, + // eslint-disable-next-line complexity setPreference: ( user: CognitoUserEntity, req: SetUserMFAPreferenceTarget['reqBody'], ): CognitoUserEntity => { + const mfaSettingList: CognitoUserEntity['mfaSettingList'] = + req.SoftwareTokenMfaSettings?.Enabled === undefined + ? user.mfaSettingList + : req.SoftwareTokenMfaSettings.Enabled + ? ['SOFTWARE_TOKEN_MFA'] + : undefined; + return { ...user, - preferredMfaSetting: req.SoftwareTokenMfaSettings?.PreferredMfa - ? 'SOFTWARE_TOKEN_MFA' - : user.preferredMfaSetting, - mfaSettingList: req.SoftwareTokenMfaSettings?.Enabled - ? ['SOFTWARE_TOKEN_MFA'] - : user.mfaSettingList, + mfaSettingList, + preferredMfaSetting: + !mfaSettingList?.some((s) => s === 'SOFTWARE_TOKEN_MFA') || + req.SoftwareTokenMfaSettings?.PreferredMfa === false + ? undefined + : req.SoftwareTokenMfaSettings?.PreferredMfa === undefined + ? user.preferredMfaSetting + : 'SOFTWARE_TOKEN_MFA', }; }, }; diff --git a/server/domain/user/repository/userCommand.ts b/server/domain/user/repository/userCommand.ts index 1c84b14..9be095e 100644 --- a/server/domain/user/repository/userCommand.ts +++ b/server/domain/user/repository/userCommand.ts @@ -29,8 +29,9 @@ export const userCommand = { secB: user.challenge?.secB, srpAuthTimestamp: user.srpAuth?.timestamp, srpAuthClientSignature: user.srpAuth?.clientSignature, - preferredMfaSetting: user.preferredMfaSetting, - enabledTotp: user.mfaSettingList?.some((setting) => setting === 'SOFTWARE_TOKEN_MFA'), + preferredMfaSetting: user.preferredMfaSetting ?? null, + enabledTotp: + user.mfaSettingList?.some((setting) => setting === 'SOFTWARE_TOKEN_MFA') ?? null, totpSecretCode: user.totpSecretCode, attributes: { createMany: { data: user.attributes } }, updatedAt: new Date(user.updatedTime), diff --git a/server/tests/sdk/mfa.test.ts b/server/tests/sdk/mfa.test.ts index cdb3060..01828eb 100644 --- a/server/tests/sdk/mfa.test.ts +++ b/server/tests/sdk/mfa.test.ts @@ -55,6 +55,18 @@ test(SetUserMFAPreferenceCommand.name, async () => { assert(SecretCode); + await cognitoClient.send( + new SetUserMFAPreferenceCommand({ + AccessToken: token.AccessToken, + SoftwareTokenMfaSettings: { PreferredMfa: true, Enabled: true }, + }), + ); + + const user1 = await cognitoClient.send(new GetUserCommand(token)); + + expect(user1.PreferredMfaSetting).toBe(MFA_SETTING_LIST['0']); + expect(user1.UserMFASettingList?.[0]).toBe(MFA_SETTING_LIST['0']); + await cognitoClient.send( new SetUserMFAPreferenceCommand({ AccessToken: token.AccessToken, @@ -62,6 +74,11 @@ test(SetUserMFAPreferenceCommand.name, async () => { }), ); + const user2 = await cognitoClient.send(new GetUserCommand(token)); + + expect(user2.PreferredMfaSetting).toBe(undefined); + expect(user2.UserMFASettingList).toBe(undefined); + await cognitoClient.send( new SetUserMFAPreferenceCommand({ AccessToken: token.AccessToken, @@ -69,7 +86,15 @@ test(SetUserMFAPreferenceCommand.name, async () => { }), ); - const user = await cognitoClient.send(new GetUserCommand(token)); + await cognitoClient.send( + new SetUserMFAPreferenceCommand({ + AccessToken: token.AccessToken, + SoftwareTokenMfaSettings: {}, + }), + ); + + const user3 = await cognitoClient.send(new GetUserCommand(token)); - expect(user.PreferredMfaSetting).toBe(MFA_SETTING_LIST['0']); + expect(user3.PreferredMfaSetting).toBe(MFA_SETTING_LIST['0']); + expect(user3.UserMFASettingList?.[0]).toBe(MFA_SETTING_LIST['0']); });