/*******************************************************************************
* Copyright 2012-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use
* this file except in compliance with the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file.
* This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
* *****************************************************************************
*
* AWS Tools for Windows (TM) PowerShell (TM)
*
*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Management.Automation;
using System.Text;
using Amazon.PowerShell.Common;
using Amazon.Runtime;
using Amazon.CognitoIdentityProvider;
using Amazon.CognitoIdentityProvider.Model;
namespace Amazon.PowerShell.Cmdlets.CGIP
{
///
/// Responds to an authentication challenge, as an administrator.
///
///
/// This action might generate an SMS text message. Starting June 1, 2021, US telecom
/// carriers require you to register an origination phone number before you can send SMS
/// messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you
/// must register a phone number with Amazon
/// Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise,
/// Amazon Cognito users who must receive SMS messages might not be able to sign up, activate
/// their accounts, or sign in.
///
/// If you have never used SMS text messages with Amazon Cognito or any other Amazon Web
/// Service, Amazon Simple Notification Service might place your account in the SMS sandbox.
/// In sandbox
/// mode, you can send messages only to verified phone numbers. After you test
/// your app while in the sandbox environment, you can move out of the sandbox and into
/// production. For more information, see
/// SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer
/// Guide.
///
/// Calling this action requires developer credentials.
///
///
[Cmdlet("Send", "CGIPAuthChallengeResponseAdmin", SupportsShouldProcess = true, ConfirmImpact = ConfirmImpact.Medium)]
[OutputType("Amazon.CognitoIdentityProvider.Model.AdminRespondToAuthChallengeResponse")]
[AWSCmdlet("Calls the Amazon Cognito Identity Provider AdminRespondToAuthChallenge API operation.", Operation = new[] {"AdminRespondToAuthChallenge"}, SelectReturnType = typeof(Amazon.CognitoIdentityProvider.Model.AdminRespondToAuthChallengeResponse))]
[AWSCmdletOutput("Amazon.CognitoIdentityProvider.Model.AdminRespondToAuthChallengeResponse",
"This cmdlet returns an Amazon.CognitoIdentityProvider.Model.AdminRespondToAuthChallengeResponse object containing multiple properties. The object can also be referenced from properties attached to the cmdlet entry in the $AWSHistory stack."
)]
public partial class SendCGIPAuthChallengeResponseAdminCmdlet : AmazonCognitoIdentityProviderClientCmdlet, IExecutor
{
protected override bool IsSensitiveRequest { get; set; } = true;
protected override bool IsSensitiveResponse { get; set; } = true;
#region Parameter AnalyticsMetadata_AnalyticsEndpointId
///
///
/// The endpoint ID.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String AnalyticsMetadata_AnalyticsEndpointId { get; set; }
#endregion
#region Parameter ChallengeName
///
///
/// The challenge name. For more information, see AdminInitiateAuth.
///
///
#if !MODULAR
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
#else
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true, Mandatory = true)]
[System.Management.Automation.AllowNull]
#endif
[Amazon.PowerShell.Common.AWSRequiredParameter]
[AWSConstantClassSource("Amazon.CognitoIdentityProvider.ChallengeNameType")]
public Amazon.CognitoIdentityProvider.ChallengeNameType ChallengeName { get; set; }
#endregion
#region Parameter ChallengeResponse
///
///
/// The challenge responses. These are inputs corresponding to the value of ChallengeName,
/// for example:SMS_MFA: SMS_MFA_CODE, USERNAME, SECRET_HASH
/// (if app client is configured with client secret).PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK,
/// TIMESTAMP, USERNAME, SECRET_HASH (if app client
/// is configured with client secret).PASSWORD_VERIFIER requires DEVICE_KEY when signing in with
/// a remembered device.ADMIN_NO_SRP_AUTH: PASSWORD, USERNAME, SECRET_HASH
/// (if app client is configured with client secret). NEW_PASSWORD_REQUIRED: NEW_PASSWORD, USERNAME,
/// SECRET_HASH (if app client is configured with client secret). To set
/// any required attributes that Amazon Cognito returned as requiredAttributes
/// in the AdminInitiateAuth response, add a userAttributes.attributename parameter. This parameter can also set values for writable attributes that
/// aren't required by your user pool.In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required
/// attribute that already has a value. In AdminRespondToAuthChallenge, set
/// a value for any keys that Amazon Cognito returned in the requiredAttributes
/// parameter, then use the AdminUpdateUserAttributes API operation to modify
/// the value of any additional attributes.MFA_SETUP requires USERNAME, plus you must use the session
/// value returned by VerifySoftwareToken in the Session parameter.
The value of the USERNAME attribute must be the user's actual username,
/// not an alias (such as an email address or phone number). To make this simpler, the
/// AdminInitiateAuth response includes the actual username value in the
/// USERNAMEUSER_ID_FOR_SRP attribute. This happens even if you specified
/// an alias in your call to AdminInitiateAuth.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
[Alias("ChallengeResponses")]
public System.Collections.Hashtable ChallengeResponse { get; set; }
#endregion
#region Parameter ClientId
///
///
/// The app client ID.
///
///
#if !MODULAR
[System.Management.Automation.Parameter(Position = 0, ValueFromPipelineByPropertyName = true, ValueFromPipeline = true)]
#else
[System.Management.Automation.Parameter(Position = 0, ValueFromPipelineByPropertyName = true, ValueFromPipeline = true, Mandatory = true)]
[System.Management.Automation.AllowEmptyString]
[System.Management.Automation.AllowNull]
#endif
[Amazon.PowerShell.Common.AWSRequiredParameter]
public System.String ClientId { get; set; }
#endregion
#region Parameter ClientMetadata
///
///
/// A map of custom key-value pairs that you can provide as input for any custom workflows
/// that this action triggers.You create custom workflows by assigning Lambda functions to user pool triggers. When
/// you use the AdminRespondToAuthChallenge API action, Amazon Cognito invokes any functions
/// that you have assigned to the following triggers: - pre sign-up
- custom message
- post authentication
- user migration
- pre token generation
- define auth challenge
- create auth challenge
- verify auth challenge response
When Amazon Cognito invokes any of these functions, it passes a JSON payload, which
/// the function receives as input. This payload contains a clientMetadata
/// attribute that provides the data that you assigned to the ClientMetadata parameter
/// in your AdminRespondToAuthChallenge request. In your function code in Lambda, you
/// can process the clientMetadata value to enhance your workflow for your
/// specific needs.For more information, see
/// Customizing user pool Workflows with Lambda Triggers in the Amazon Cognito
/// Developer Guide.When you use the ClientMetadata parameter, remember that Amazon Cognito won't do the
/// following:- Store the ClientMetadata value. This data is available only to Lambda triggers that
/// are assigned to a user pool to support custom workflows. If your user pool configuration
/// doesn't include triggers, the ClientMetadata parameter serves no purpose.
- Validate the ClientMetadata value.
- Encrypt the ClientMetadata value. Don't use Amazon Cognito to provide sensitive information.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.Collections.Hashtable ClientMetadata { get; set; }
#endregion
#region Parameter ContextData_EncodedData
///
///
/// Encoded device-fingerprint details that your app collected with the Amazon Cognito
/// context data collection library. For more information, see Adding
/// user device and session data to API requests.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String ContextData_EncodedData { get; set; }
#endregion
#region Parameter ContextData_HttpHeader
///
///
/// HttpHeaders received on your server in same order.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
[Alias("ContextData_HttpHeaders")]
public Amazon.CognitoIdentityProvider.Model.HttpHeader[] ContextData_HttpHeader { get; set; }
#endregion
#region Parameter ContextData_IpAddress
///
///
/// The source IP address of your user's device.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String ContextData_IpAddress { get; set; }
#endregion
#region Parameter ContextData_ServerName
///
///
/// Your server endpoint where this API is invoked.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String ContextData_ServerName { get; set; }
#endregion
#region Parameter ContextData_ServerPath
///
///
/// Your server path where this API is invoked.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String ContextData_ServerPath { get; set; }
#endregion
#region Parameter Session
///
///
/// The session that should be passed both ways in challenge-response calls to the service.
/// If an InitiateAuth or RespondToAuthChallenge API call determines
/// that the caller must pass another challenge, it returns a session with other challenge
/// parameters. This session should be passed as it is to the next RespondToAuthChallenge
/// API call.
///
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public System.String Session { get; set; }
#endregion
#region Parameter UserPoolId
///
///
/// The ID of the Amazon Cognito user pool.
///
///
#if !MODULAR
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
#else
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true, Mandatory = true)]
[System.Management.Automation.AllowEmptyString]
[System.Management.Automation.AllowNull]
#endif
[Amazon.PowerShell.Common.AWSRequiredParameter]
public System.String UserPoolId { get; set; }
#endregion
#region Parameter Select
///
/// Use the -Select parameter to control the cmdlet output. The default value is '*'.
/// Specifying -Select '*' will result in the cmdlet returning the whole service response (Amazon.CognitoIdentityProvider.Model.AdminRespondToAuthChallengeResponse).
/// Specifying the name of a property of type Amazon.CognitoIdentityProvider.Model.AdminRespondToAuthChallengeResponse will result in that property being returned.
/// Specifying -Select '^ParameterName' will result in the cmdlet returning the selected cmdlet parameter value.
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public string Select { get; set; } = "*";
#endregion
#region Parameter PassThru
///
/// Changes the cmdlet behavior to return the value passed to the ClientId parameter.
/// The -PassThru parameter is deprecated, use -Select '^ClientId' instead. This parameter will be removed in a future version.
///
[System.Obsolete("The -PassThru parameter is deprecated, use -Select '^ClientId' instead. This parameter will be removed in a future version.")]
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public SwitchParameter PassThru { get; set; }
#endregion
#region Parameter Force
///
/// This parameter overrides confirmation prompts to force
/// the cmdlet to continue its operation. This parameter should always
/// be used with caution.
///
[System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)]
public SwitchParameter Force { get; set; }
#endregion
protected override void ProcessRecord()
{
this._AWSSignerType = "v4";
base.ProcessRecord();
var resourceIdentifiersText = FormatParameterValuesForConfirmationMsg(nameof(this.ClientId), MyInvocation.BoundParameters);
if (!ConfirmShouldProceed(this.Force.IsPresent, resourceIdentifiersText, "Send-CGIPAuthChallengeResponseAdmin (AdminRespondToAuthChallenge)"))
{
return;
}
var context = new CmdletContext();
// allow for manipulation of parameters prior to loading into context
PreExecutionContextLoad(context);
#pragma warning disable CS0618, CS0612 //A class member was marked with the Obsolete attribute
if (ParameterWasBound(nameof(this.Select)))
{
context.Select = CreateSelectDelegate(Select) ??
throw new System.ArgumentException("Invalid value for -Select parameter.", nameof(this.Select));
if (this.PassThru.IsPresent)
{
throw new System.ArgumentException("-PassThru cannot be used when -Select is specified.", nameof(this.Select));
}
}
else if (this.PassThru.IsPresent)
{
context.Select = (response, cmdlet) => this.ClientId;
}
#pragma warning restore CS0618, CS0612 //A class member was marked with the Obsolete attribute
context.AnalyticsMetadata_AnalyticsEndpointId = this.AnalyticsMetadata_AnalyticsEndpointId;
context.ChallengeName = this.ChallengeName;
#if MODULAR
if (this.ChallengeName == null && ParameterWasBound(nameof(this.ChallengeName)))
{
WriteWarning("You are passing $null as a value for parameter ChallengeName which is marked as required. In case you believe this parameter was incorrectly marked as required, report this by opening an issue at https://github.com/aws/aws-tools-for-powershell/issues.");
}
#endif
if (this.ChallengeResponse != null)
{
context.ChallengeResponse = new Dictionary(StringComparer.Ordinal);
foreach (var hashKey in this.ChallengeResponse.Keys)
{
context.ChallengeResponse.Add((String)hashKey, (String)(this.ChallengeResponse[hashKey]));
}
}
context.ClientId = this.ClientId;
#if MODULAR
if (this.ClientId == null && ParameterWasBound(nameof(this.ClientId)))
{
WriteWarning("You are passing $null as a value for parameter ClientId which is marked as required. In case you believe this parameter was incorrectly marked as required, report this by opening an issue at https://github.com/aws/aws-tools-for-powershell/issues.");
}
#endif
if (this.ClientMetadata != null)
{
context.ClientMetadata = new Dictionary(StringComparer.Ordinal);
foreach (var hashKey in this.ClientMetadata.Keys)
{
context.ClientMetadata.Add((String)hashKey, (String)(this.ClientMetadata[hashKey]));
}
}
context.ContextData_EncodedData = this.ContextData_EncodedData;
if (this.ContextData_HttpHeader != null)
{
context.ContextData_HttpHeader = new List(this.ContextData_HttpHeader);
}
context.ContextData_IpAddress = this.ContextData_IpAddress;
context.ContextData_ServerName = this.ContextData_ServerName;
context.ContextData_ServerPath = this.ContextData_ServerPath;
context.Session = this.Session;
context.UserPoolId = this.UserPoolId;
#if MODULAR
if (this.UserPoolId == null && ParameterWasBound(nameof(this.UserPoolId)))
{
WriteWarning("You are passing $null as a value for parameter UserPoolId which is marked as required. In case you believe this parameter was incorrectly marked as required, report this by opening an issue at https://github.com/aws/aws-tools-for-powershell/issues.");
}
#endif
// allow further manipulation of loaded context prior to processing
PostExecutionContextLoad(context);
var output = Execute(context) as CmdletOutput;
ProcessOutput(output);
}
#region IExecutor Members
public object Execute(ExecutorContext context)
{
var cmdletContext = context as CmdletContext;
// create request
var request = new Amazon.CognitoIdentityProvider.Model.AdminRespondToAuthChallengeRequest();
// populate AnalyticsMetadata
var requestAnalyticsMetadataIsNull = true;
request.AnalyticsMetadata = new Amazon.CognitoIdentityProvider.Model.AnalyticsMetadataType();
System.String requestAnalyticsMetadata_analyticsMetadata_AnalyticsEndpointId = null;
if (cmdletContext.AnalyticsMetadata_AnalyticsEndpointId != null)
{
requestAnalyticsMetadata_analyticsMetadata_AnalyticsEndpointId = cmdletContext.AnalyticsMetadata_AnalyticsEndpointId;
}
if (requestAnalyticsMetadata_analyticsMetadata_AnalyticsEndpointId != null)
{
request.AnalyticsMetadata.AnalyticsEndpointId = requestAnalyticsMetadata_analyticsMetadata_AnalyticsEndpointId;
requestAnalyticsMetadataIsNull = false;
}
// determine if request.AnalyticsMetadata should be set to null
if (requestAnalyticsMetadataIsNull)
{
request.AnalyticsMetadata = null;
}
if (cmdletContext.ChallengeName != null)
{
request.ChallengeName = cmdletContext.ChallengeName;
}
if (cmdletContext.ChallengeResponse != null)
{
request.ChallengeResponses = cmdletContext.ChallengeResponse;
}
if (cmdletContext.ClientId != null)
{
request.ClientId = cmdletContext.ClientId;
}
if (cmdletContext.ClientMetadata != null)
{
request.ClientMetadata = cmdletContext.ClientMetadata;
}
// populate ContextData
var requestContextDataIsNull = true;
request.ContextData = new Amazon.CognitoIdentityProvider.Model.ContextDataType();
System.String requestContextData_contextData_EncodedData = null;
if (cmdletContext.ContextData_EncodedData != null)
{
requestContextData_contextData_EncodedData = cmdletContext.ContextData_EncodedData;
}
if (requestContextData_contextData_EncodedData != null)
{
request.ContextData.EncodedData = requestContextData_contextData_EncodedData;
requestContextDataIsNull = false;
}
List requestContextData_contextData_HttpHeader = null;
if (cmdletContext.ContextData_HttpHeader != null)
{
requestContextData_contextData_HttpHeader = cmdletContext.ContextData_HttpHeader;
}
if (requestContextData_contextData_HttpHeader != null)
{
request.ContextData.HttpHeaders = requestContextData_contextData_HttpHeader;
requestContextDataIsNull = false;
}
System.String requestContextData_contextData_IpAddress = null;
if (cmdletContext.ContextData_IpAddress != null)
{
requestContextData_contextData_IpAddress = cmdletContext.ContextData_IpAddress;
}
if (requestContextData_contextData_IpAddress != null)
{
request.ContextData.IpAddress = requestContextData_contextData_IpAddress;
requestContextDataIsNull = false;
}
System.String requestContextData_contextData_ServerName = null;
if (cmdletContext.ContextData_ServerName != null)
{
requestContextData_contextData_ServerName = cmdletContext.ContextData_ServerName;
}
if (requestContextData_contextData_ServerName != null)
{
request.ContextData.ServerName = requestContextData_contextData_ServerName;
requestContextDataIsNull = false;
}
System.String requestContextData_contextData_ServerPath = null;
if (cmdletContext.ContextData_ServerPath != null)
{
requestContextData_contextData_ServerPath = cmdletContext.ContextData_ServerPath;
}
if (requestContextData_contextData_ServerPath != null)
{
request.ContextData.ServerPath = requestContextData_contextData_ServerPath;
requestContextDataIsNull = false;
}
// determine if request.ContextData should be set to null
if (requestContextDataIsNull)
{
request.ContextData = null;
}
if (cmdletContext.Session != null)
{
request.Session = cmdletContext.Session;
}
if (cmdletContext.UserPoolId != null)
{
request.UserPoolId = cmdletContext.UserPoolId;
}
CmdletOutput output;
// issue call
var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint);
try
{
var response = CallAWSServiceOperation(client, request);
object pipelineOutput = null;
pipelineOutput = cmdletContext.Select(response, this);
output = new CmdletOutput
{
PipelineOutput = pipelineOutput,
ServiceResponse = response
};
}
catch (Exception e)
{
output = new CmdletOutput { ErrorResponse = e };
}
return output;
}
public ExecutorContext CreateContext()
{
return new CmdletContext();
}
#endregion
#region AWS Service Operation Call
private Amazon.CognitoIdentityProvider.Model.AdminRespondToAuthChallengeResponse CallAWSServiceOperation(IAmazonCognitoIdentityProvider client, Amazon.CognitoIdentityProvider.Model.AdminRespondToAuthChallengeRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "Amazon Cognito Identity Provider", "AdminRespondToAuthChallenge");
try
{
#if DESKTOP
return client.AdminRespondToAuthChallenge(request);
#elif CORECLR
return client.AdminRespondToAuthChallengeAsync(request).GetAwaiter().GetResult();
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
#endregion
internal partial class CmdletContext : ExecutorContext
{
public System.String AnalyticsMetadata_AnalyticsEndpointId { get; set; }
public Amazon.CognitoIdentityProvider.ChallengeNameType ChallengeName { get; set; }
public Dictionary ChallengeResponse { get; set; }
public System.String ClientId { get; set; }
public Dictionary ClientMetadata { get; set; }
public System.String ContextData_EncodedData { get; set; }
public List ContextData_HttpHeader { get; set; }
public System.String ContextData_IpAddress { get; set; }
public System.String ContextData_ServerName { get; set; }
public System.String ContextData_ServerPath { get; set; }
public System.String Session { get; set; }
public System.String UserPoolId { get; set; }
public System.Func Select { get; set; } =
(response, cmdlet) => response;
}
}
}