diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a71b2e9f8d..0cabd1dbf8d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,14 @@ Unreleased Changes ------------------ +* Issue - Aws::CognitoIdentity - Six operations of `Aws::CognitoIdentity::Client` + were whitelisted to be unsigned when sent in version 2.1.9. Two of these + operations were incorrectly documented in the API reference and require + authentication. Fixed this and added integration tests to ensure they are + correctly signed. + + See [related GitHub issue #882](https://github.com/aws/aws-sdk-ruby/issues/882). + 2.1.9 (2015-07-28) ------------------ diff --git a/aws-sdk-core/features/cognitoidentity/step_definitions.rb b/aws-sdk-core/features/cognitoidentity/step_definitions.rb index 0412f69647a..c7b1d48244d 100644 --- a/aws-sdk-core/features/cognitoidentity/step_definitions.rb +++ b/aws-sdk-core/features/cognitoidentity/step_definitions.rb @@ -4,3 +4,27 @@ After("@cognitoidentity") do end + +Given(/^I have an Aws::CognitoIdenty::Client without credentials$/) do + @client = Aws::CognitoIdentity::Client.new( + credentials: nil, + validate_params: false + ) + expect(@client.config.credentials).to be(nil) +end + +When(/^I make a (\w+) request$/) do |operation| + begin + @client.send(Seahorse::Util.underscore(operation)) + rescue => error + @error = error + end +end + +Then(/^I should not receive an Aws::CognitoIdentity::Errors::MissingAuthenticationTokenException$/) do + expect(@error).not_to be_kind_of(Aws::CognitoIdentity::Errors::MissingAuthenticationTokenException) +end + +Then(/^I should receive a missing credentials error$/) do + expect(@error).to be_kind_of(Aws::Errors::MissingCredentialsError) +end diff --git a/aws-sdk-core/features/cognitoidentity/unsigned_requests.feature b/aws-sdk-core/features/cognitoidentity/unsigned_requests.feature new file mode 100644 index 00000000000..05917d111f9 --- /dev/null +++ b/aws-sdk-core/features/cognitoidentity/unsigned_requests.feature @@ -0,0 +1,37 @@ +# language: en +@cognitoidentity @unsigned-requests +Feature: Amazon Cognito Idenity + + Scenario Outline: Unsigned requests + Given I have an Aws::CognitoIdenty::Client without credentials + When I make a request + Then I should not receive an Aws::CognitoIdentity::Errors::MissingAuthenticationTokenException + + Examples: + | operation | + | GetCredentialsForIdentity | + | GetId | + | GetOpenIdToken | + | UnlinkIdentity | + + Scenario Outline: Signed requests + Given I have an Aws::CognitoIdenty::Client without credentials + When I make a request + Then I should receive a missing credentials error + + Examples: + | operation | + | CreateIdentityPool | + | DeleteIdentities | + | DeleteIdentityPool | + | DescribeIdentity | + | DescribeIdentityPool | + | GetIdentityPoolRoles | + | GetOpenIdTokenForDeveloperIdentity | + | ListIdentities | + | ListIdentityPools | + | LookupDeveloperIdentity | + | MergeDeveloperIdentities | + | SetIdentityPoolRoles | + | UnlinkDeveloperIdentity | + | UpdateIdentityPool | diff --git a/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb b/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb index e8250d63a78..daf2f7524c4 100644 --- a/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb +++ b/aws-sdk-core/lib/aws-sdk-core/plugins/request_signer.rb @@ -77,8 +77,6 @@ class Handler < Seahorse::Client::Handler GetCredentialsForIdentity GetId GetOpenIdToken - ListIdentityPools - UnlinkDeveloperIdentity UnlinkIdentity ))