From 392cc95d025352008f79bc5f13598b883b2d1620 Mon Sep 17 00:00:00 2001
From: Taliesin Millhouse <taliesinwrmillhouse@gmail.com>
Date: Sun, 15 Aug 2021 15:03:54 +1000
Subject: [PATCH] feat: set password

---
 CHANGELOG.md         |  7 +++++++
 change_password.go   |  4 ++++
 forgot_password.go   |  4 ++++
 set_password.go      | 33 +++++++++++++++++++++++++++++++++
 set_password_test.go | 42 ++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 90 insertions(+)
 create mode 100644 set_password.go
 create mode 100644 set_password_test.go

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9f48e1a..5210dce 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## v0.3.0 - 2021-08-15
+### Added
+* Added ```SetPassword``` function.
+
+### Changed
+* Improved comments on ```ChangePassword``` and ```ForgotPassword``` functions.
+
 ## v0.2.0 - 2021-08-12
 ### Added
 * Added ```ChangePassword```, ```ForgotPassword``` and ```ForgotPasswordConfirmation``` functions.
diff --git a/change_password.go b/change_password.go
index a5e8234..83e87cf 100644
--- a/change_password.go
+++ b/change_password.go
@@ -9,6 +9,10 @@ import (
 )
 
 // ChangePassword changes a user's password.
+//
+// - Use auth.ForgotPassword if the user doesn't know their password.
+//
+// - Use auth.SetPassword if the user has a requirement for their password to be reset.
 func ChangePassword(ctx context.Context, accessToken string, oldPassword string, newPassword string) error {
 	if err := checkPackage(); err != nil {
 		return xerror.Wrap("checkPackage call failed", err)
diff --git a/forgot_password.go b/forgot_password.go
index 9d2eae6..adc12f4 100644
--- a/forgot_password.go
+++ b/forgot_password.go
@@ -9,6 +9,10 @@ import (
 )
 
 // ForgotPassword will initiate a forgot password request.
+//
+// - Use auth.ChangePassword and auth.ChangePasswordConfirm to update a user's password that doesn't require resetting.
+//
+// - Use auth.SetPassword if the user has a requirement for their password to be reset.
 func ForgotPassword(ctx context.Context, emailAddress string) (*cognitoidentityprovider.ForgotPasswordOutput, error) {
 	output, err := CognitoClient.ForgotPassword(ctx, &cognitoidentityprovider.ForgotPasswordInput{
 		ClientId: aws.String(CognitoClientID),
diff --git a/set_password.go b/set_password.go
new file mode 100644
index 0000000..e38b844
--- /dev/null
+++ b/set_password.go
@@ -0,0 +1,33 @@
+package auth
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
+	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider/types"
+	"github.com/gofor-little/xerror"
+)
+
+// SetPassword sets a password for a user that has a requirement for their password to be changed. The session parameter
+// can be obtained from the output.Session return value of auth.SignIn.
+//
+// - Use auth.ForgotPassword if the user doesn't know their password.
+//
+// - Use auth.ChangePassword and auth.ChangePasswordConfirm to update a user's password that doesn't require resetting.
+func SetPassword(ctx context.Context, session string, emailAddress string, password string) (*cognitoidentityprovider.RespondToAuthChallengeOutput, error) {
+	output, err := CognitoClient.RespondToAuthChallenge(ctx, &cognitoidentityprovider.RespondToAuthChallengeInput{
+		ChallengeName: types.ChallengeNameTypeNewPasswordRequired,
+		ClientId:      aws.String(CognitoClientID),
+		ChallengeResponses: map[string]string{
+			"NEW_PASSWORD": password,
+			"USERNAME":     emailAddress,
+		},
+		Session: aws.String(session),
+	})
+	if err != nil {
+		return nil, xerror.Wrap("failed to set password", err)
+	}
+
+	return output, nil
+}
diff --git a/set_password_test.go b/set_password_test.go
new file mode 100644
index 0000000..13ce2e4
--- /dev/null
+++ b/set_password_test.go
@@ -0,0 +1,42 @@
+package auth_test
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
+	auth "github.com/gofor-little/aws-auth"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSetPassword(t *testing.T) {
+	setup(t)
+	defer teardown(t)
+
+	testCases := []struct {
+		emailAddress string
+		password     string
+	}{
+		{"john@example.com", "test-Password1234!!"},
+	}
+
+	for i, tc := range testCases {
+		t.Run(fmt.Sprintf("TestSignIn_%d", i), func(t *testing.T) {
+			_, err := auth.CognitoClient.AdminCreateUser(context.Background(), &cognitoidentityprovider.AdminCreateUserInput{
+				UserPoolId:        aws.String(auth.CognitoUserPoolID),
+				Username:          aws.String(tc.emailAddress),
+				TemporaryPassword: aws.String(tc.password),
+			})
+			require.NoError(t, err)
+
+			// Sign in so we can get a session to set a new password.
+			output, err := auth.SignIn(context.Background(), tc.emailAddress, tc.password)
+			require.NoError(t, err)
+
+			_, err = auth.SetPassword(context.Background(), *output.Session, tc.emailAddress, tc.password)
+			require.NoError(t, err)
+		})
+	}
+}