chore: refactor BasicAuthentication to extend Authentication

Author: williazz

.eslintrc.js

@@ -237,6 +237,7 @@ module.exports = {
             }
         ],
         'use-isnan': 'error',
-        'valid-typeof': 'off'
+        'valid-typeof': 'off',
+        '@typescript-eslint/unbound-method': 'off'
     }
 };

src/dispatch/Authentication.ts

@@ -2,22 +2,16 @@ import { CognitoIdentityClient } from './CognitoIdentityClient';
 import { Config } from '../orchestration/Orchestration';
 import { Credentials } from '@aws-sdk/types';
 import { FetchHttpHandler } from '@aws-sdk/fetch-http-handler';
-import { StsClient } from './StsClient';
 import { CRED_KEY, CRED_RENEW_MS } from '../utils/constants';
 
-export class Authentication {
-    private cognitoIdentityClient: CognitoIdentityClient;
-    private stsClient: StsClient;
-    private config: Config;
-    private credentials: Credentials | undefined;
+export abstract class Authentication {
+    protected cognitoIdentityClient: CognitoIdentityClient;
+    protected config: Config;
+    protected credentials: Credentials | undefined;
 
     constructor(config: Config) {
         const region: string = config.identityPoolId!.split(':')[0];
         this.config = config;
-        this.stsClient = new StsClient({
-            fetchRequestHandler: new FetchHttpHandler(),
-            region
-        });
         this.cognitoIdentityClient = new CognitoIdentityClient({
             fetchRequestHandler: new FetchHttpHandler(),
             region
@@ -33,7 +27,7 @@ export class Authentication {
      * re-authenticate every time the client loads, which (1) improves the performance of the RUM web client and (2)
      * reduces the load on AWS services Cognito and STS.
      *
-     * While storing credentials in localStorage puts the cookie at greater risk of being leaked through an
+     * While storing credentials in localStorage puts the credential at greater risk of being leaked through an
      * XSS attack, there is no impact if the credentials were to be leaked. This is because (1) the identity pool ID
      * and role ARN are public and (2) the credentials are for an anonymous (guest) user.
      *
@@ -87,7 +81,7 @@ export class Authentication {
                 try {
                     credentials = JSON.parse(localStorage.getItem(CRED_KEY)!);
                 } catch (e) {
-                    // Error retrieving, decoding or parsing the cred string -- abort
+                    // Error decoding or parsing the cookie -- abort
                     return reject();
                 }
                 // The expiration property of Credentials has a date type. Because the date was serialized as a string,
@@ -106,43 +100,14 @@ export class Authentication {
         };
 
     /**
-     * Provides credentials for an anonymous (guest) user. These credentials are retrieved from Cognito's basic
-     * (classic) authflow.
+     * Provides credentials for an anonymous (guest) user. These credentials are retrieved from Cognito's enhanced
+     * authflow.
      *
      * See https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html
      *
      * Implements CredentialsProvider = Provider<Credentials>
      */
-    private AnonymousCognitoCredentialsProvider =
-        async (): Promise<Credentials> => {
-            return this.cognitoIdentityClient
-                .getId({
-                    IdentityPoolId: this.config.identityPoolId as string
-                })
-                .then((getIdResponse) =>
-                    this.cognitoIdentityClient.getOpenIdToken(getIdResponse)
-                )
-                .then((getOpenIdTokenResponse) =>
-                    this.stsClient.assumeRoleWithWebIdentity({
-                        RoleArn: this.config.guestRoleArn as string,
-                        RoleSessionName: 'cwr',
-                        WebIdentityToken: getOpenIdTokenResponse.Token
-                    })
-                )
-                .then((credentials: Credentials) => {
-                    this.credentials = credentials;
-                    try {
-                        localStorage.setItem(
-                            CRED_KEY,
-                            JSON.stringify(credentials)
-                        );
-                    } catch (e) {
-                        // Ignore
-                    }
-
-                    return credentials;
-                });
-        };
+    protected abstract AnonymousCognitoCredentialsProvider(): Promise<Credentials>;
 
     private renewCredentials(): boolean {
         if (!this.credentials || !this.credentials.expiration) {

src/dispatch/BasicAuthentication.ts

@@ -0,0 +1,58 @@
+import { Config } from '../orchestration/Orchestration';
+import { Credentials } from '@aws-sdk/types';
+import { FetchHttpHandler } from '@aws-sdk/fetch-http-handler';
+import { StsClient } from './StsClient';
+import { CRED_KEY } from '../utils/constants';
+import { Authentication } from './Authentication';
+
+export class BasicAuthentication extends Authentication {
+    private stsClient: StsClient;
+
+    constructor(config: Config) {
+        super(config);
+        const region: string = config.identityPoolId!.split(':')[0];
+        this.stsClient = new StsClient({
+            fetchRequestHandler: new FetchHttpHandler(),
+            region
+        });
+    }
+
+    /**
+     * Provides credentials for an anonymous (guest) user. These credentials are retrieved from Cognito's basic
+     * (classic) authflow.
+     *
+     * See https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flow.html
+     *
+     * Implements CredentialsProvider = Provider<Credentials>
+     */
+    protected AnonymousCognitoCredentialsProvider =
+        async (): Promise<Credentials> => {
+            return this.cognitoIdentityClient
+                .getId({
+                    IdentityPoolId: this.config.identityPoolId as string
+                })
+                .then((getIdResponse) =>
+                    this.cognitoIdentityClient.getOpenIdToken(getIdResponse)
+                )
+                .then((getOpenIdTokenResponse) =>
+                    this.stsClient.assumeRoleWithWebIdentity({
+                        RoleArn: this.config.guestRoleArn as string,
+                        RoleSessionName: 'cwr',
+                        WebIdentityToken: getOpenIdTokenResponse.Token
+                    })
+                )
+                .then((credentials: Credentials) => {
+                    this.credentials = credentials;
+                    try {
+                        localStorage.setItem(
+                            CRED_KEY,
+                            JSON.stringify(credentials)
+                        );
+                    } catch (e) {
+                        // Ignore
+                    }
+
+                    return credentials;
+                });
+        };
+}

src/dispatch/EnhancedAuthentication.ts

@@ -5,9 +5,9 @@ import { FetchHttpHandler } from '@aws-sdk/fetch-http-handler';
 import { CRED_KEY, CRED_RENEW_MS } from '../utils/constants';
 
 export class EnhancedAuthentication {
-    private cognitoIdentityClient: CognitoIdentityClient;
-    private config: Config;
-    private credentials: Credentials | undefined;
+    protected cognitoIdentityClient: CognitoIdentityClient;
+    protected config: Config;
+    protected credentials: Credentials | undefined;
 
     constructor(config: Config) {
         const region: string = config.identityPoolId!.split(':')[0];
@@ -107,7 +107,7 @@ export class EnhancedAuthentication {
      *
      * Implements CredentialsProvider = Provider<Credentials>
      */
-    private AnonymousCognitoCredentialsProvider =
+    protected AnonymousCognitoCredentialsProvider =
         async (): Promise<Credentials> => {
             return this.cognitoIdentityClient
                 .getId({ IdentityPoolId: this.config.identityPoolId as string })

src/dispatch/__tests__/Authentication.test.ts renamed to src/dispatch/__tests__/BasicAuthentication.test.ts

@@ -1,4 +1,4 @@
-import { Authentication } from '../Authentication';
+import { BasicAuthentication } from '../BasicAuthentication';
 import { CRED_KEY } from '../../utils/constants';
 import { DEFAULT_CONFIG } from '../../test-utils/test-utils';
 
@@ -22,7 +22,7 @@ jest.mock('../StsClient', () => ({
 const IDENTITY_POOL_ID = 'us-west-2:a-b-c-d';
 const GUEST_ROLE_ARN = 'arn:aws:iam::123:role/Unauth';
 
-describe('Authentication tests', () => {
+describe('BasicAuthentication tests', () => {
     beforeEach(() => {
         mockGetId.mockReset();
         mockGetIdToken.mockReset();
@@ -54,7 +54,7 @@ describe('Authentication tests', () => {
                 guestRoleArn: GUEST_ROLE_ARN
             }
         };
-        const auth = new Authentication(config);
+        const auth = new BasicAuthentication(config);
 
         localStorage.setItem(
             CRED_KEY,
@@ -88,7 +88,7 @@ describe('Authentication tests', () => {
                 guestRoleArn: GUEST_ROLE_ARN
             }
         };
-        const auth = new Authentication(config);
+        const auth = new BasicAuthentication(config);
 
         localStorage.setItem(CRED_KEY, 'corrupt');
 
@@ -107,7 +107,7 @@ describe('Authentication tests', () => {
 
     test('when credential is not in localStorage then authentication chain retrieves credential from basic authflow', async () => {
         // Init
-        const auth = new Authentication({
+        const auth = new BasicAuthentication({
             ...DEFAULT_CONFIG,
             ...{
                 identityPoolId: IDENTITY_POOL_ID,
@@ -139,7 +139,7 @@ describe('Authentication tests', () => {
             }
         };
 
-        const auth = new Authentication(config);
+        const auth = new BasicAuthentication(config);
 
         localStorage.setItem(
             CRED_KEY,
@@ -181,7 +181,7 @@ describe('Authentication tests', () => {
                 sessionToken: 'z'
             });
 
-        const auth = new Authentication({
+        const auth = new BasicAuthentication({
             ...DEFAULT_CONFIG,
             ...{
                 identityPoolId: IDENTITY_POOL_ID,
@@ -210,7 +210,7 @@ describe('Authentication tests', () => {
             throw e;
         });
         // Init
-        const auth = new Authentication({
+        const auth = new BasicAuthentication({
             ...DEFAULT_CONFIG,
             ...{
                 identityPoolId: IDENTITY_POOL_ID,
@@ -230,7 +230,7 @@ describe('Authentication tests', () => {
             throw e;
         });
         // Init
-        const auth = new Authentication({
+        const auth = new BasicAuthentication({
             ...DEFAULT_CONFIG,
             ...{
                 identityPoolId: IDENTITY_POOL_ID,
@@ -250,7 +250,7 @@ describe('Authentication tests', () => {
             throw e;
         });
         // Init
-        const auth = new Authentication({
+        const auth = new BasicAuthentication({
             ...DEFAULT_CONFIG,
             ...{
                 identityPoolId: IDENTITY_POOL_ID,
@@ -272,7 +272,7 @@ describe('Authentication tests', () => {
                 guestRoleArn: GUEST_ROLE_ARN
             }
         };
-        const auth = new Authentication(config);
+        const auth = new BasicAuthentication(config);
 
         // Run
         await auth.ChainAnonymousCredentialsProvider();
@@ -321,7 +321,7 @@ describe('Authentication tests', () => {
                 guestRoleArn: GUEST_ROLE_ARN
             }
         };
-        const auth = new Authentication(config);
+        const auth = new BasicAuthentication(config);
 
         // Run
         await auth.ChainAnonymousCredentialsProvider();
@@ -358,7 +358,7 @@ describe('Authentication tests', () => {
                 guestRoleArn: GUEST_ROLE_ARN
             }
         };
-        const auth = new Authentication(config);
+        const auth = new BasicAuthentication(config);
 
         // Run
         const credentials = await auth.ChainAnonymousCredentialsProvider();
@@ -396,7 +396,7 @@ describe('Authentication tests', () => {
                 guestRoleArn: GUEST_ROLE_ARN
             }
         };
-        const auth = new Authentication(config);
+        const auth = new BasicAuthentication(config);
 
         // Run
         await auth.ChainAnonymousCredentialsProvider();

src/orchestration/Orchestration.ts

@@ -1,7 +1,7 @@
 import { Plugin } from '../plugins/Plugin';
 import { PluginContext } from '../plugins/types';
 import { InternalPlugin } from '../plugins/InternalPlugin';
-import { Authentication } from '../dispatch/Authentication';
+import { BasicAuthentication } from '../dispatch/BasicAuthentication';
 import { EnhancedAuthentication } from '../dispatch/EnhancedAuthentication';
 import { PluginManager } from '../plugins/PluginManager';
 import {
@@ -417,7 +417,7 @@ export class Orchestration {
 
         if (this.config.identityPoolId && this.config.guestRoleArn) {
             dispatch.setAwsCredentials(
-                new Authentication(this.config)
+                new BasicAuthentication(this.config)
                     .ChainAnonymousCredentialsProvider
             );
         } else if (this.config.identityPoolId) {