From eff77da6a9a26f3529bce8448a8243a0c44c746b Mon Sep 17 00:00:00 2001
From: Danielle Adams <6271256+danielleadams@users.noreply.github.com>
Date: Fri, 22 Apr 2022 01:12:32 -0400
Subject: [PATCH] Revert "refactor: use a prefix matching for the claim in
 subscriptions (#10199)" (#10264)

This reverts commit 22386de8a9c78003ec135fe39ae6c94e0b7cd5dd.
---
 .../src/__tests__/owner-auth.test.ts          | 18 +++++++--------
 .../src/resolvers/subscriptions.ts            | 23 ++++++++-----------
 2 files changed, 19 insertions(+), 22 deletions(-)

diff --git a/packages/amplify-graphql-auth-transformer/src/__tests__/owner-auth.test.ts b/packages/amplify-graphql-auth-transformer/src/__tests__/owner-auth.test.ts
index 600c25a1d6b..75b3578a52e 100644
--- a/packages/amplify-graphql-auth-transformer/src/__tests__/owner-auth.test.ts
+++ b/packages/amplify-graphql-auth-transformer/src/__tests__/owner-auth.test.ts
@@ -93,13 +93,13 @@ test('owner field with subscriptions', () => {
 
   // expect logic in the resolvers to check for postOwner args as an allowed owner
   expect(out.resolvers['Subscription.onCreatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner, null) )',
   );
   expect(out.resolvers['Subscription.onUpdatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner, null) )',
   );
   expect(out.resolvers['Subscription.onDeletePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.postOwner, null) )',
   );
 });
 
@@ -137,24 +137,24 @@ test('multiple owner rules with subscriptions', () => {
 
   // expect logic in the resolvers to check for owner args as an allowedOwner
   expect(out.resolvers['Subscription.onCreatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner, null) )',
   );
   expect(out.resolvers['Subscription.onUpdatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner, null) )',
   );
   expect(out.resolvers['Subscription.onDeletePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner.split(":")[0], null) )',
+    '#set( $ownerEntity0 = $util.defaultIfNull($ctx.args.owner, null) )',
   );
 
   // expect logic in the resolvers to check for editor args as an allowedOwner
   expect(out.resolvers['Subscription.onCreatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor.split(":")[0], null) )',
+    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor, null) )',
   );
   expect(out.resolvers['Subscription.onUpdatePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor.split(":")[0], null) )',
+    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor, null) )',
   );
   expect(out.resolvers['Subscription.onDeletePost.auth.1.req.vtl']).toContain(
-    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor.split(":")[0], null) )',
+    '#set( $ownerEntity1 = $util.defaultIfNull($ctx.args.editor, null) )',
   );
 });
 
diff --git a/packages/amplify-graphql-auth-transformer/src/resolvers/subscriptions.ts b/packages/amplify-graphql-auth-transformer/src/resolvers/subscriptions.ts
index fc0df3f12fb..f82b52a6af0 100644
--- a/packages/amplify-graphql-auth-transformer/src/resolvers/subscriptions.ts
+++ b/packages/amplify-graphql-auth-transformer/src/resolvers/subscriptions.ts
@@ -35,19 +35,16 @@ const dynamicRoleExpression = (roles: Array<RoleDefinition>): Array<Expression>
   // we only check against owner rules which are not list fields
   roles.forEach((role, idx) => {
     if (role.strategy === 'owner') {
-      const roleClaims = role.claim!.split(':');
-      ownerExpression.push(set(ref(`ownerEntity${idx}`), methodCall(ref('util.defaultIfNull'), ref(`ctx.args.${role.entity!}.split(":")[0]`), nul())));
-      roleClaims.forEach((claim, secIdx) => {
-        ownerExpression.push(
-          iff(
-            not(ref(IS_AUTHORIZED_FLAG)),
-            compoundExpression([
-              set(ref(`ownerClaim${idx}_${secIdx}`), getOwnerClaim(claim)),
-              iff(equals(ref(`ownerEntity${idx}`), ref(`ownerClaim${idx}_${secIdx}`)), set(ref(IS_AUTHORIZED_FLAG), bool(true))),
-            ]),
-          ),
-        );
-      });
+      ownerExpression.push(
+        iff(
+          not(ref(IS_AUTHORIZED_FLAG)),
+          compoundExpression([
+            set(ref(`ownerEntity${idx}`), methodCall(ref('util.defaultIfNull'), ref(`ctx.args.${role.entity!}`), nul())),
+            set(ref(`ownerClaim${idx}`), getOwnerClaim(role.claim!)),
+            iff(equals(ref(`ownerEntity${idx}`), ref(`ownerClaim${idx}`)), set(ref(IS_AUTHORIZED_FLAG), bool(true))),
+          ]),
+        ),
+      );
     }
   });