From 803d1e31cf56a6160b59a479a30df55eb14582a8 Mon Sep 17 00:00:00 2001
From: Andrei Manea <2915659+andrei821@users.noreply.github.com>
Date: Mon, 15 Sep 2025 20:51:59 +0300
Subject: [PATCH] Handle missing session in auth challenge

---
 00-baseCore/cognito-triggers/create-auth-challenge.js | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/00-baseCore/cognito-triggers/create-auth-challenge.js b/00-baseCore/cognito-triggers/create-auth-challenge.js
index e14a4cc..82e99fd 100644
--- a/00-baseCore/cognito-triggers/create-auth-challenge.js
+++ b/00-baseCore/cognito-triggers/create-auth-challenge.js
@@ -17,16 +17,13 @@ exports.handler = async (event = {}) => {
   let passCode
   const phoneNumber = event.request.userAttributes.phone_number
 
-  if (
-    (event.request.session &&
-      event.request.session.length &&
-      event.request.session.slice(-1)[0].challengeName == "SRP_A") ||
-    event.request.session.length == 0
-  ) {
+  const session = event.request.session || []
+
+  if (!session.length || session.slice(-1)[0].challengeName === "SRP_A") {
     passCode = crypto_secure_random_digit.randomDigits(6).join("")
     await sendSMSviaSNS(phoneNumber, passCode)
   } else {
-    const previousChallenge = event.request.session.slice(-1)[0]
+    const previousChallenge = session.slice(-1)[0]
     passCode = previousChallenge.challengeMetadata.match(/CODE-(\d*)/)[1]
   }