def auth_with_cognito()

in source/lambda/SFTPCustomAuthLambdaFunction.py [0:0]

• 37 lines of code
• 7 McCabe index (conditional complexity)

def auth_with_cognito(uname, pas, stack_id):
  USER_POOL_ID = os.environ['USER_POOL_ID']
  CLIENT_ID = os.environ['CLIENT_ID']
  CLIENT_SECRET = ""
  client = boto3.client('cognito-idp', config=config)
  #Cognito Client Secret from Para Store
  try:
    ssmclient = boto3.client('ssm', config=config)
    response = ssmclient.get_parameter(
      Name='sftpui-CognitoClientSecret-' + stack_id,
      WithDecryption=True
    )
    CLIENT_SECRET = response.get("Parameter").get("Value")
  except ssmclient.exceptions.ParameterNotFound:
    response = client.describe_user_pool_client(
      UserPoolId= USER_POOL_ID,
      ClientId=CLIENT_ID
    )
    CLIENT_SECRET = response.get("UserPoolClient").get("ClientSecret")
    if(CLIENT_SECRET != None or CLIENT_SECRET != ""):
      response = ssmclient.put_parameter(
        Name='sftpui-CognitoClientSecret-' + stack_id,
        Value=CLIENT_SECRET,
        Description = "Cognito User Pool Client Secret",
        Type= 'SecureString',
      )
  secret_hash = get_secret_hash(uname, CLIENT_ID, CLIENT_SECRET)
  try:
    resp = client.admin_initiate_auth(UserPoolId=USER_POOL_ID, ClientId=CLIENT_ID, AuthFlow='ADMIN_NO_SRP_AUTH',
               AuthParameters={ 'USERNAME': uname, 'SECRET_HASH': secret_hash, 'PASSWORD': pas },
              ClientMetadata={ 'username': uname, 'password': pas})
  except client.exceptions.NotAuthorizedException:
      return None, "The uname or pass is incorrect"
  except client.exceptions.UserNotConfirmedException:
      return None, "User is not confirmed"
  except Exception as e:
      return None, e.__str__()
  return resp, None