Update generated code (#1762)

update generated code
async-aws · Sep 13, 2024 · 09de951 · 09de951
1 parent edd6066
commit 09de951
Show file tree

Hide file tree

Showing 11 changed files with 186 additions and 56 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
 ### Added
 
 - AWS api-change: Added `PasswordHistoryPolicyViolationException` exception.
+- AWS api-change: Added email MFA option to user pools with advanced security features.
 
 ### Changed
 

diff --git a/src/CognitoIdentityProviderClient.php b/src/CognitoIdentityProviderClient.php
diff --git a/src/Enum/ChallengeNameType.php b/src/Enum/ChallengeNameType.php
@@ -8,6 +8,7 @@ final class ChallengeNameType
     public const CUSTOM_CHALLENGE = 'CUSTOM_CHALLENGE';
     public const DEVICE_PASSWORD_VERIFIER = 'DEVICE_PASSWORD_VERIFIER';
     public const DEVICE_SRP_AUTH = 'DEVICE_SRP_AUTH';
+    public const EMAIL_OTP = 'EMAIL_OTP';
     public const MFA_SETUP = 'MFA_SETUP';
     public const NEW_PASSWORD_REQUIRED = 'NEW_PASSWORD_REQUIRED';
     public const PASSWORD_VERIFIER = 'PASSWORD_VERIFIER';
@@ -22,6 +23,7 @@ public static function exists(string $value): bool
             self::CUSTOM_CHALLENGE => true,
             self::DEVICE_PASSWORD_VERIFIER => true,
             self::DEVICE_SRP_AUTH => true,
+            self::EMAIL_OTP => true,
             self::MFA_SETUP => true,
             self::NEW_PASSWORD_REQUIRED => true,
             self::PASSWORD_VERIFIER => true,

diff --git a/src/Input/RespondToAuthChallengeRequest.php b/src/Input/RespondToAuthChallengeRequest.php
@@ -55,9 +55,16 @@ final class RespondToAuthChallengeRequest extends Input
      *
      * - `SMS_MFA`:
      *
-     *   `"ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[SMS_code]", "USERNAME": "[username]"}`
+     *   `"ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"}`
+     * - `EMAIL_OTP`:
+     *
+     *   `"ChallengeName": "EMAIL_OTP", "ChallengeResponses": {"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"}`
      * - `PASSWORD_VERIFIER`:
      *
+     *   This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this
+     *   challenge within a few seconds. When the response time exceeds this period, your user pool returns a
+     *   `NotAuthorizedException` error.
+     *
      *   `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
      *   "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}`
      *

diff --git a/src/Input/SetUserMFAPreferenceRequest.php b/src/Input/SetUserMFAPreferenceRequest.php
@@ -2,6 +2,7 @@
 
 namespace AsyncAws\CognitoIdentityProvider\Input;
 
+use AsyncAws\CognitoIdentityProvider\ValueObject\EmailMfaSettingsType;
 use AsyncAws\CognitoIdentityProvider\ValueObject\SMSMfaSettingsType;
 use AsyncAws\CognitoIdentityProvider\ValueObject\SoftwareTokenMfaSettingsType;
 use AsyncAws\Core\Exception\InvalidArgument;
@@ -12,19 +13,32 @@
 final class SetUserMFAPreferenceRequest extends Input
 {
     /**
-     * The SMS text message multi-factor authentication (MFA) settings.
+     * User preferences for SMS message MFA. Activates or deactivates SMS MFA and sets it as the preferred MFA method when
+     * multiple methods are available.
      *
      * @var SMSMfaSettingsType|null
      */
     private $smsMfaSettings;
 
     /**
-     * The time-based one-time password (TOTP) software token MFA settings.
+     * User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates TOTP MFA and sets it as the
+     * preferred MFA method when multiple methods are available.
      *
      * @var SoftwareTokenMfaSettingsType|null
      */
     private $softwareTokenMfaSettings;
 
+    /**
+     * User preferences for email message MFA. Activates or deactivates email MFA and sets it as the preferred MFA method
+     * when multiple methods are available. To activate this setting, advanced security features [^1] must be active in your
+     * user pool.
+     *
+     * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
+     *
+     * @var EmailMfaSettingsType|null
+     */
+    private $emailMfaSettings;
+
     /**
      * A valid access token that Amazon Cognito issued to the user whose MFA preference you want to set.
      *
@@ -38,6 +52,7 @@ final class SetUserMFAPreferenceRequest extends Input
      * @param array{
      *   SMSMfaSettings?: null|SMSMfaSettingsType|array,
      *   SoftwareTokenMfaSettings?: null|SoftwareTokenMfaSettingsType|array,
+     *   EmailMfaSettings?: null|EmailMfaSettingsType|array,
      *   AccessToken?: string,
      *   '@region'?: string|null,
      * } $input
@@ -46,6 +61,7 @@ public function __construct(array $input = [])
     {
         $this->smsMfaSettings = isset($input['SMSMfaSettings']) ? SMSMfaSettingsType::create($input['SMSMfaSettings']) : null;
         $this->softwareTokenMfaSettings = isset($input['SoftwareTokenMfaSettings']) ? SoftwareTokenMfaSettingsType::create($input['SoftwareTokenMfaSettings']) : null;
+        $this->emailMfaSettings = isset($input['EmailMfaSettings']) ? EmailMfaSettingsType::create($input['EmailMfaSettings']) : null;
         $this->accessToken = $input['AccessToken'] ?? null;
         parent::__construct($input);
     }
@@ -54,6 +70,7 @@ public function __construct(array $input = [])
      * @param array{
      *   SMSMfaSettings?: null|SMSMfaSettingsType|array,
      *   SoftwareTokenMfaSettings?: null|SoftwareTokenMfaSettingsType|array,
+     *   EmailMfaSettings?: null|EmailMfaSettingsType|array,
      *   AccessToken?: string,
      *   '@region'?: string|null,
      * }|SetUserMFAPreferenceRequest $input
@@ -68,6 +85,11 @@ public function getAccessToken(): ?string
         return $this->accessToken;
     }
 
+    public function getEmailMfaSettings(): ?EmailMfaSettingsType
+    {
+        return $this->emailMfaSettings;
+    }
+
     public function getSmsMfaSettings(): ?SMSMfaSettingsType
     {
         return $this->smsMfaSettings;
@@ -111,6 +133,13 @@ public function setAccessToken(?string $value): self
         return $this;
     }
 
+    public function setEmailMfaSettings(?EmailMfaSettingsType $value): self
+    {
+        $this->emailMfaSettings = $value;
+
+        return $this;
+    }
+
     public function setSmsMfaSettings(?SMSMfaSettingsType $value): self
     {
         $this->smsMfaSettings = $value;
@@ -134,6 +163,9 @@ private function requestBody(): array
         if (null !== $v = $this->softwareTokenMfaSettings) {
             $payload['SoftwareTokenMfaSettings'] = $v->requestBody();
         }
+        if (null !== $v = $this->emailMfaSettings) {
+            $payload['EmailMfaSettings'] = $v->requestBody();
+        }
         if (null === $v = $this->accessToken) {
             throw new InvalidArgument(\sprintf('Missing parameter "AccessToken" for "%s". The value cannot be null.', __CLASS__));
         }

diff --git a/src/Result/AdminGetUserResponse.php b/src/Result/AdminGetUserResponse.php
@@ -81,7 +81,7 @@ class AdminGetUserResponse extends Result
     private $preferredMfaSetting;
 
     /**
-     * The MFA options that are activated for the user. The possible values in this list are `SMS_MFA` and
+     * The MFA options that are activated for the user. The possible values in this list are `SMS_MFA`, `EMAIL_OTP`, and
      * `SOFTWARE_TOKEN_MFA`.
      *
      * @var string[]

diff --git a/src/Result/AdminInitiateAuthResponse.php b/src/Result/AdminInitiateAuthResponse.php
@@ -19,9 +19,10 @@ class AdminInitiateAuthResponse extends Result
      *
      * - `MFA_SETUP`: If MFA is required, users who don't have at least one of the MFA methods set up are presented with an
      *   `MFA_SETUP` challenge. The user must set up at least one MFA type to continue to authenticate.
-     * - `SELECT_MFA_TYPE`: Selects the MFA type. Valid MFA options are `SMS_MFA` for text SMS MFA, and `SOFTWARE_TOKEN_MFA`
-     *   for time-based one-time password (TOTP) software token MFA.
-     * - `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE`, delivered via SMS.
+     * - `SELECT_MFA_TYPE`: Selects the MFA type. Valid MFA options are `SMS_MFA` for SMS message MFA, `EMAIL_OTP` for email
+     *   message MFA, and `SOFTWARE_TOKEN_MFA` for time-based one-time password (TOTP) software token MFA.
+     * - `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE`that your user pool delivered in an SMS message.
+     * - `EMAIL_OTP`: Next challenge is to supply an `EMAIL_OTP_CODE` that your user pool delivered in an email message.
      * - `PASSWORD_VERIFIER`: Next challenge is to supply `PASSWORD_CLAIM_SIGNATURE`, `PASSWORD_CLAIM_SECRET_BLOCK`, and
      *   `TIMESTAMP` after the client-side SRP calculations.
      * - `CUSTOM_CHALLENGE`: This is returned if your custom authentication flow determines that the user should pass

diff --git a/src/Result/GetUserResponse.php b/src/Result/GetUserResponse.php
@@ -45,7 +45,7 @@ class GetUserResponse extends Result
     private $preferredMfaSetting;
 
     /**
-     * The MFA options that are activated for the user. The possible values in this list are `SMS_MFA` and
+     * The MFA options that are activated for the user. The possible values in this list are `SMS_MFA`, `EMAIL_OTP`, and
      * `SOFTWARE_TOKEN_MFA`.
      *
      * @var string[]

diff --git a/src/Result/InitiateAuthResponse.php b/src/Result/InitiateAuthResponse.php
@@ -21,7 +21,8 @@ class InitiateAuthResponse extends Result
      *
      * > All of the following challenges require `USERNAME` and `SECRET_HASH` (if applicable) in the parameters.
      *
-     * - `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE`, delivered via SMS.
+     * - `SMS_MFA`: Next challenge is to supply an `SMS_MFA_CODE`that your user pool delivered in an SMS message.
+     * - `EMAIL_OTP`: Next challenge is to supply an `EMAIL_OTP_CODE` that your user pool delivered in an email message.
      * - `PASSWORD_VERIFIER`: Next challenge is to supply `PASSWORD_CLAIM_SIGNATURE`, `PASSWORD_CLAIM_SECRET_BLOCK`, and
      *   `TIMESTAMP` after the client-side SRP calculations.
      * - `CUSTOM_CHALLENGE`: This is returned if your custom authentication flow determines that the user should pass

diff --git a/src/ValueObject/EmailMfaSettingsType.php b/src/ValueObject/EmailMfaSettingsType.php
@@ -0,0 +1,78 @@
+<?php
+
+namespace AsyncAws\CognitoIdentityProvider\ValueObject;
+
+/**
+ * User preferences for multi-factor authentication with email messages. Activates or deactivates email MFA and sets it
+ * as the preferred MFA method when multiple methods are available. To activate this setting, advanced security features
+ * [^1] must be active in your user pool.
+ *
+ * [^1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
+ */
+final class EmailMfaSettingsType
+{
+    /**
+     * Specifies whether email message MFA is active for a user. When the value of this parameter is `Enabled`, the user
+     * will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been
+     * trusted.
+     *
+     * @var bool|null
+     */
+    private $enabled;
+
+    /**
+     * Specifies whether email message MFA is the user's preferred method.
+     *
+     * @var bool|null
+     */
+    private $preferredMfa;
+
+    /**
+     * @param array{
+     *   Enabled?: null|bool,
+     *   PreferredMfa?: null|bool,
+     * } $input
+     */
+    public function __construct(array $input)
+    {
+        $this->enabled = $input['Enabled'] ?? null;
+        $this->preferredMfa = $input['PreferredMfa'] ?? null;
+    }
+
+    /**
+     * @param array{
+     *   Enabled?: null|bool,
+     *   PreferredMfa?: null|bool,
+     * }|EmailMfaSettingsType $input
+     */
+    public static function create($input): self
+    {
+        return $input instanceof self ? $input : new self($input);
+    }
+
+    public function getEnabled(): ?bool
+    {
+        return $this->enabled;
+    }
+
+    public function getPreferredMfa(): ?bool
+    {
+        return $this->preferredMfa;
+    }
+
+    /**
+     * @internal
+     */
+    public function requestBody(): array
+    {
+        $payload = [];
+        if (null !== $v = $this->enabled) {
+            $payload['Enabled'] = (bool) $v;
+        }
+        if (null !== $v = $this->preferredMfa) {
+            $payload['PreferredMfa'] = (bool) $v;
+        }
+
+        return $payload;
+    }
+}
diff --git a/src/ValueObject/SMSMfaSettingsType.php b/src/ValueObject/SMSMfaSettingsType.php
@@ -12,8 +12,8 @@
 final class SMSMfaSettingsType
 {
     /**
-     * Specifies whether SMS text message MFA is activated. If an MFA type is activated for a user, the user will be
-     * prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.
+     * Specifies whether SMS message MFA is activated. If an MFA type is activated for a user, the user will be prompted for
+     * MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.
      *
      * @var bool|null
      */