Added PasswordResetRequiredException handling

README.md

@@ -40,6 +40,10 @@ before running them.
 Version History
 ---------------
 
+0.2.2 (27/01/2018)
+
+*   Added handling for password reset required responses
+
 0.2.1 (25/01/2018)
 
 *   Added method to return full token payload

examples/login.php

@@ -1,6 +1,7 @@
 <?php
 use pmill\AwsCognito\CognitoClient;
 use pmill\AwsCognito\Exception\ChallengeException;
+use pmill\AwsCognito\Exception\PasswordResetRequiredException;
 
 /** @var CognitoClient $client */
 $client = require(__DIR__ . '/bootstrap.php');
@@ -14,5 +15,8 @@
     if ($e->getChallengeName() === CognitoClient::CHALLENGE_NEW_PASSWORD_REQUIRED) {
         $authenticationResponse = $client->respondToNewPasswordRequiredChallenge($username, 'password_new', $e->getSession());
     }
+} catch (PasswordResetRequiredException $e) {
+    die("PASSWORD RESET REQUIRED");
 }
+
 var_dump($authenticationResponse);

src/CognitoClient.php

@@ -2,6 +2,7 @@
 namespace pmill\AwsCognito;
 
 use Aws\CognitoIdentityProvider\CognitoIdentityProviderClient;
+use Aws\CognitoIdentityProvider\Exception\CognitoIdentityProviderException;
 use Exception;
 use Jose\Component\Core\AlgorithmManager;
 use Jose\Component\Core\Converter\StandardConverter;
@@ -67,18 +68,28 @@ public function __construct(CognitoIdentityProviderClient $client)
      */
     public function authenticate($username, $password)
     {
-        $response = $this->client->adminInitiateAuth([
-            'AuthFlow' => 'ADMIN_NO_SRP_AUTH',
-            'AuthParameters' => [
-                'USERNAME' => $username,
-                'PASSWORD' => $password,
-                'SECRET_HASH' => $this->cognitoSecretHash($username),
-            ],
-            'ClientId' => $this->appClientId,
-            'UserPoolId' => $this->userPoolId,
-        ]);
-
-        return $this->handleAuthenticateResponse($response->toArray());
+        try {
+            $response = $this->client->adminInitiateAuth([
+                'AuthFlow' => 'ADMIN_NO_SRP_AUTH',
+                'AuthParameters' => [
+                    'USERNAME' => $username,
+                    'PASSWORD' => $password,
+                    'SECRET_HASH' => $this->cognitoSecretHash($username),
+                ],
+                'ClientId' => $this->appClientId,
+                'UserPoolId' => $this->userPoolId,
+            ]);
+
+            return $this->handleAuthenticateResponse($response->toArray());
+        } catch (CognitoIdentityProviderException $e) {
+            $errorClass = "pmill\\AwsCognito\\Exception\\" . $e->getAwsErrorCode();
+
+            if (class_exists($errorClass)) {
+                throw new $errorClass($e);
+            } else {
+                throw $e;
+            }
+        }
     }
 
     /**

src/Exception/PasswordResetRequiredException.php

@@ -0,0 +1,16 @@
+<?php
+namespace pmill\AwsCognito\Exception;
+
+use Throwable;
+
+class PasswordResetRequiredException extends \Exception
+{
+    /**
+     * PasswordResetRequiredException constructor.
+     * @param Throwable|null $previous
+     */
+    public function __construct(Throwable $previous = null)
+    {
+        parent::__construct(get_class(), 0, $previous);
+    }
+}