chore(tests): Add aws client tests

Author: Mat Lord

staxapp/auth.py

@@ -83,18 +83,23 @@ def sts_from_cognito_identity_pool(self, token, cognito_client=None, **kwargs):
                 region_name=self.aws_region,
                 config=BotoConfig(signature_version=UNSIGNED),
             )
-        id = cognito_client.get_id(
-            IdentityPoolId=self.identity_pool,
-            Logins={
-                f"cognito-idp.{self.aws_region}.amazonaws.com/{self.user_pool}": token
-            },
-        )
-        id_creds = cognito_client.get_credentials_for_identity(
-            IdentityId=id["IdentityId"],
-            Logins={
-                f"cognito-idp.{self.aws_region}.amazonaws.com/{self.user_pool}": token
-            },
-        )
+        try:
+            id = cognito_client.get_id(
+                IdentityPoolId=self.identity_pool,
+                Logins={
+                    f"cognito-idp.{self.aws_region}.amazonaws.com/{self.user_pool}": token
+                },
+            )
+            id_creds = cognito_client.get_credentials_for_identity(
+                IdentityId=id["IdentityId"],
+                Logins={
+                    f"cognito-idp.{self.aws_region}.amazonaws.com/{self.user_pool}": token
+                },
+            )
+        except ClientError as e:
+            raise InvalidCredentialsException(
+                f"Unexpected Client Error. Error details: {e}"
+            )
         return id_creds
 
     def sigv4_signed_auth_headers(self, id_creds):

tests/test_auth.py

@@ -59,10 +59,20 @@ def testToken(self):
         sa = StaxAuth("ApiAuth")
         self.stub_aws_srp(sa, "valid_username")
         token = sa.id_token_from_cognito(
-            username="valid_username", password="correct", srp_client=self.aws_srp_client
+            username="valid_username",
+            password="correct",
+            srp_client=self.aws_srp_client,
         )
         self.assertEqual(token, "valid_token")
 
+    def testTokenClient(self):
+        """
+        Test the AWSSRP client is invoked and throws an error
+        """
+        sa = StaxAuth("ApiAuth")
+        with self.assertRaises(InvalidCredentialsException):
+            sa.id_token_from_cognito(username="username", password="password")
+
     def testCredentialErrors(self):
         """
         Test that boto errors are caught and converted to InvalidCredentialExceptions
@@ -73,7 +83,9 @@ def testCredentialErrors(self):
         user_not_found_success = False
         try:
             sa.id_token_from_cognito(
-                username="bad_password", password="wrong", srp_client=self.aws_srp_client
+                username="bad_password",
+                password="wrong",
+                srp_client=self.aws_srp_client,
             )
         except InvalidCredentialsException as e:
             self.assertIn("Please check your Secret Key is correct", e.message)
@@ -116,6 +128,16 @@ def testCreds(self):
         self.assertIn("Credentials", creds)
         self.assertTrue(creds.get("IdentityId").startswith("ap-southeast-2"))
 
+    def testCredsClient(self):
+        """
+        Test the cognito client is invoked and throws an error
+        """
+        sa = StaxAuth("ApiAuth")
+        token = jwt.encode({"sub": "unittest"}, "secret", algorithm="HS256")
+        jwt_token = jwt.decode(token, verify=False)
+        with self.assertRaises(InvalidCredentialsException):
+            sa.sts_from_cognito_identity_pool(jwt_token.get("sub"))
+
     def testAuthErrors(self):
         """
       Test that errors are thrown when keys are invalid