fix(authenticator): redirect to sign-in after account confirmation (#6789)

* fix(authenticator): handle auto sign-in for refresh scenario in signup confirmation

Co-authored-by: Philipp Andreas Paul <phandpau@amazon.de>

Author: osama-rizk

.changeset/quiet-numbers-talk.md

@@ -0,0 +1,5 @@
+---
+'@aws-amplify/ui': patch
+---
+
+fix(authenticator): redirect to sign-in after account confirmation

packages/e2e/features/ui/components/authenticator/sign-in-with-email.feature

@@ -48,6 +48,24 @@ Feature: Sign In with Email
     Then I click the "Confirm" button
     Then I confirm request '{"headers": { "X-Amz-Target": "AWSCognitoIdentityProviderService.ConfirmSignUp" } }'
 
+  @angular @react @vue @svelte @react-native
+  Scenario: Sign in with unconfirmed credentials redirects to sign-in after confirmation
+
+  Tests that after confirming an unconfirmed account, user is redirected to sign-in screen (not sign-up screen).
+
+    When I type my "email" with status "UNCONFIRMED"
+    Then I type my password
+    Then I spy request '{ "headers": { "X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth" } }'
+    Then I click the "Sign in" button
+    Then I confirm request '{"headers": { "X-Amz-Target": "AWSCognitoIdentityProviderService.InitiateAuth" } }'
+    Then I see "Confirmation Code"
+    Then I type a valid confirmation code
+    Then I intercept '{ "headers": { "X-Amz-Target": "AWSCognitoIdentityProviderService.ConfirmSignUp" } }' with fixture "confirm-sign-up-with-email"
+    Then I click the "Confirm" button
+    Then I don't see "Confirmation Code"
+    Then I see "Sign in"
+    Then I don't see "Create Account"
+
   @angular @react @vue @svelte @react-native
   Scenario: Sign in with confirmed credentials
     When I type my "email" with status "CONFIRMED"

packages/ui/src/machines/authenticator/actors/__tests__/signUp.test.ts

@@ -5,6 +5,7 @@ import * as AuthModule from 'aws-amplify/auth';
 
 import { SignUpMachineOptions, signUpActor } from '../signUp';
 import { SignUpContext } from '../../types';
+import guards from '../../guards';
 
 jest.mock('aws-amplify');
 
@@ -32,7 +33,164 @@ describe('signUpActor', () => {
   afterEach(() => {
     jest.clearAllMocks();
     jest.clearAllTimers();
-    service.stop();
+    service?.stop();
+  });
+
+  // New tests for shouldManualSignIn guard
+  describe('shouldManualSignIn guard', () => {
+    const createMockContext = (step: string) =>
+      ({
+        step,
+        loginMechanisms: ['username'],
+        socialProviders: [],
+        formValues: {},
+        touched: {},
+        validationError: {},
+      }) as any;
+
+    const createMockEvent = (signUpStep: string) => ({
+      type: 'done.invoke.confirmSignUp' as any,
+      data: {
+        nextStep: { signUpStep },
+      },
+    });
+
+    it('should return true when nextStep is DONE and contextStep is CONFIRM_SIGN_UP', () => {
+      const context = createMockContext('CONFIRM_SIGN_UP');
+      const event = createMockEvent('DONE');
+      const meta = {} as any;
+
+      const result = guards.shouldManualSignIn(context, event, meta);
+      expect(result).toBe(true);
+    });
+
+    it('should return false when nextStep is COMPLETE_AUTO_SIGN_IN', () => {
+      const context = createMockContext('CONFIRM_SIGN_UP');
+      const event = createMockEvent('COMPLETE_AUTO_SIGN_IN');
+      const meta = {} as any;
+
+      const result = guards.shouldManualSignIn(context, event, meta);
+      expect(result).toBe(false);
+    });
+
+    it('should return false when contextStep is not CONFIRM_SIGN_UP', () => {
+      const context = createMockContext('SIGN_UP');
+      const event = createMockEvent('DONE');
+      const meta = {} as any;
+
+      const result = guards.shouldManualSignIn(context, event, meta);
+      expect(result).toBe(false);
+    });
+
+    it('should return false when nextStep is not DONE', () => {
+      const context = createMockContext('CONFIRM_SIGN_UP');
+      const event = createMockEvent('CONFIRM_SIGN_UP');
+      const meta = {} as any;
+
+      const result = guards.shouldManualSignIn(context, event, meta);
+      expect(result).toBe(false);
+    });
+  });
+
+  describe('confirmSignUp with shouldManualSignIn', () => {
+    it('should transition to resolved with SIGN_IN step when shouldManualSignIn is true', async () => {
+      const mockConfirmSignUp = jest.fn().mockResolvedValue({
+        nextStep: { signUpStep: 'DONE' },
+      });
+
+      service = interpret(
+        signUpActor(signUpMachineProps)
+          .withContext({
+            step: 'CONFIRM_SIGN_UP',
+            username: mockUsername,
+            formValues: {
+              confirmation_code: mockConfirmationCode,
+            },
+            loginMechanisms: ['username'],
+          } as unknown as SignUpContext)
+          .withConfig({
+            actions: {
+              clearFormValues: jest.fn(),
+              clearError: jest.fn(),
+              clearTouched: jest.fn(),
+              sendUpdate: jest.fn(),
+              setNextSignUpStep: jest.fn(),
+              setSignInStep: (context) => {
+                context.step = 'SIGN_IN';
+              },
+            },
+            services: {
+              confirmSignUp: mockConfirmSignUp,
+              validateSignUp: jest.fn().mockResolvedValue(null),
+            },
+            guards: {
+              shouldAutoSignIn: jest.fn(() => false),
+              shouldManualSignIn: jest.fn(() => true),
+            },
+          })
+      );
+
+      service.start();
+
+      // Submit confirmation code
+      service.send({ type: 'SUBMIT' });
+      await flushPromises();
+
+      // Should reach resolved state
+      expect(service.getSnapshot().value).toBe('resolved');
+
+      // Should have called setSignInStep action and set step to 'SIGN_IN'
+      expect(service.getSnapshot().context.step).toBe('SIGN_IN');
+    });
+  });
+
+  describe('confirmSignUp flow with refresh scenario', () => {
+    it('should route directly to resolved when coming from sign-in flow', async () => {
+      const mockConfirmSignUp = jest.fn().mockResolvedValue({
+        nextStep: { signUpStep: 'DONE' },
+      });
+
+      service = interpret(
+        signUpActor(signUpMachineProps)
+          .withContext({
+            step: 'CONFIRM_SIGN_UP', // This indicates refresh scenario
+            username: mockUsername,
+            formValues: {
+              confirmation_code: mockConfirmationCode,
+            },
+            loginMechanisms: ['username'],
+          } as unknown as SignUpContext)
+          .withConfig({
+            actions: {
+              clearFormValues: jest.fn(),
+              clearError: jest.fn(),
+              sendUpdate: jest.fn(),
+              setNextSignUpStep: jest.fn(),
+              setSignInStep: jest.fn(),
+            },
+            services: {
+              confirmSignUp: mockConfirmSignUp,
+            },
+          })
+      );
+
+      service.start();
+
+      // Submit confirmation
+      service.send({ type: 'SUBMIT' });
+      await flushPromises();
+
+      // Verify confirmSignUp was called (with full context as first parameter)
+      expect(mockConfirmSignUp).toHaveBeenCalled();
+
+      // Verify the service was called with context containing the right data
+      const callArgs = mockConfirmSignUp.mock.calls[0][0];
+      expect(callArgs.username).toBe(mockUsername);
+      expect(callArgs.formValues.confirmation_code).toBe(mockConfirmationCode);
+
+      // Should reach resolved state directly
+      expect(service.getSnapshot().value).toBe('resolved');
+    });
   });
 
   // @todo-migration

packages/ui/src/machines/authenticator/actors/signUp.ts

@@ -285,6 +285,11 @@ export function signUpActor({ services }: SignUpMachineOptions) {
                     actions: ['setNextSignUpStep', 'clearFormValues'],
                     target: '#signUpActor.autoSignIn',
                   },
+                  {
+                    cond: 'shouldManualSignIn',
+                    actions: ['clearFormValues', 'setSignInStep'],
+                    target: '#signUpActor.resolved',
+                  },
                   {
                     actions: 'setNextSignUpStep',
                     target: '#signUpActor.init',

packages/ui/src/machines/authenticator/guards.ts

@@ -36,6 +36,10 @@ const shouldConfirmSignUpFromSignIn = (
 const shouldAutoSignIn = (_: AuthActorContext, { data }: AuthEvent) =>
   (data as SignUpOutput)?.nextStep.signUpStep === 'COMPLETE_AUTO_SIGN_IN';
 
+const shouldManualSignIn = (context: AuthActorContext, { data }: AuthEvent) =>
+  (data as SignUpOutput)?.nextStep.signUpStep === 'DONE' &&
+  context.step === 'CONFIRM_SIGN_UP';
+
 const hasCompletedSignIn = (_: AuthActorContext, { data }: AuthEvent) =>
   (data as SignInOutput)?.nextStep.signInStep === 'DONE';
 
@@ -215,6 +219,7 @@ const GUARDS: MachineOptions<AuthActorContext, AuthEvent>['guards'] = {
   isShouldConfirmUserAttributeStep,
   isUserAlreadyConfirmed,
   shouldAutoSignIn,
+  shouldManualSignIn,
   shouldConfirmResetPassword,
   shouldConfirmSignIn,
   shouldConfirmSignInWithNewPassword,