Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(authenticator): state machine updates for email mfa #6317

Open
wants to merge 24 commits into
base: feat-email-mfa/main
Choose a base branch
from
Open

feat(authenticator): state machine updates for email mfa #6317

wants to merge 24 commits into from

Conversation

jjarvisp
Copy link
Member

Description of changes

The purpose of this pull request is to add state machine updates required to support Email MFA.

Two new states are added:

  1. Setup Email - CONTINUE_SIGN_IN_WITH_EMAIL_SETUP
  2. Select MFA Type - CONTINUE_SIGN_IN_WITH_MFA_SETUP_SELECTION and CONTINUE_SIGN_IN_WITH_MFA_SELECTION

Issue #, if available

Description of how you validated changes

  • manual testing

Checklist

  • Have read the Pull Request Guidelines
  • PR description included
  • yarn test passes and tests are updated/added
  • PR title and commit messages follow conventional commit syntax
  • If this change should result in a version bump, changeset added (This can be done after creating the PR.) This does not apply to changes made to docs, e2e, examples, or other private packages.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 27, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: d9ea3a6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@jjarvisp jjarvisp force-pushed the james/feat-email-mfa/update-state-machine branch from cda33cd to 6497bd2 Compare January 28, 2025 02:00
jordanvn
jordanvn previously approved these changes Feb 18, 2025
View reviewed changes
tiffanynwyeung
tiffanynwyeung previously approved these changes Feb 19, 2025
View reviewed changes
calebpollman
calebpollman reviewed Feb 19, 2025
View reviewed changes
Copy link
Member

@calebpollman calebpollman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work overall @jjarvisp. Left some feedback around state duplication that should be pretty straightforward to address, and some nits/questions

packages/ui/src/i18n/dictionaries/authenticator/defaultTexts.ts Outdated
@@ -26,6 +27,7 @@ export const defaultTexts = {
CREATE_ACCOUNT: 'Create Account',
CREATING_ACCOUNT: 'Creating Account',
EMAIL_ADDRESS: 'Email',
EMAIL_OTP: 'Email Message (EMAIL)',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"(EMAIL)" reads kind of weird here, can you provide context?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed this. Radio labels will be:

  • Email Message
  • Authenticator App (TOTP)
  • Text Message (SMS)

packages/ui/src/machines/authenticator/actors/signIn.ts Outdated
Comment on lines 357 to 366
handleSetupEmail({ formValues }) {
return services.handleConfirmSignIn({
challengeResponse: formValues.email,
});
},
handleSelectMfaType({ formValues }) {
return services.handleConfirmSignIn({
challengeResponse: formValues.mfa_type,
});
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason not to simplify so only services.confirmSignIn is used for all challengeResponse handling?

packages/ui/src/machines/authenticator/types.ts
@@ -28,6 +29,9 @@ export type ChallengeName =
| 'ADMIN_NO_SRP_AUTH'
| 'NEW_PASSWORD_REQUIRED';

// JS v6 Mfa Types
export type AuthMFAType = 'SMS' | 'TOTP' | 'EMAIL';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is AuthMFAType not exposed from aws-amplify/auth? Think it should be if not

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's never been exposed, not sure why. I will look into this.

packages/ui/src/machines/authenticator/actors/signIn.ts Outdated
Comment on lines 285 to 322
setupEmail: {
initial: 'edit',
exit: ['clearFormValues', 'clearError', 'clearTouched'],
states: {
edit: {
entry: 'sendUpdate',
on: {
SUBMIT: { actions: 'handleSubmit', target: 'submit' },
SIGN_IN: '#signInActor.signIn',
CHANGE: { actions: 'handleInput' },
},
},
submit: {
tags: 'pending',
entry: ['sendUpdate', 'clearError'],
invoke: { src: 'handleSetupEmail', ...handleSignInResponse },
},
},
},
selectMfaType: {
initial: 'edit',
exit: ['clearFormValues', 'clearError', 'clearTouched'],
states: {
edit: {
entry: 'sendUpdate',
on: {
SUBMIT: { actions: 'handleSubmit', target: 'submit' },
SIGN_IN: '#signInActor.signIn',
CHANGE: { actions: 'handleInput' },
},
},
submit: {
tags: 'pending',
entry: ['sendUpdate', 'clearError'],
invoke: { src: 'handleSelectMfaType', ...handleSignInResponse },
},
},
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AFAICT these states are the same as the existing state.confirmSignIn with minor exceptions (exit includes "clearChallengeName", the values of states.submit.invoke.src). Would be ideal to use one state (similar comment on ln 365) for less maintenance overhead/avoid further bundle size bloat)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a good callout, while I agree these additional states could be crammed into the confirmSignIn state if necessary, the split utilized here will provide easier maintainability, consistency with existing patterns, and lower complexity (at the cost of increased bundle size).

There is precedent for splitting states out that also call confirmSignIn (see setupTotp). The established pattern seems to be State -> Route -> Screen. Deviating from this pattern will introduce additional complexity at multiple points within the lifecycle including determining which form fields to populate and adding conditional rendering to the presentational layer.

@jjarvisp jjarvisp dismissed stale reviews from tiffanynwyeung and jordanvn via 9f70329 February 21, 2025 16:57
calebpollman
calebpollman approved these changes Feb 22, 2025
View reviewed changes
Copy link
Member

@calebpollman calebpollman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calebpollman calebpollman calebpollman approved these changes

@tiffanynwyeung tiffanynwyeung tiffanynwyeung left review comments

@jordanvn jordanvn jordanvn left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jjarvisp @tiffanynwyeung @calebpollman @jordanvn