"""Cognito-specific exceptions for challenge and MFA flows."""
from fastapi import HTTPException
from starlette.status import HTTP_400_BAD_REQUEST
[docs]
class ChallengeRequiredError(Exception):
"""Internal signal: Cognito returned a challenge instead of tokens.
Not raised directly to the HTTP layer — caught by the service and
converted to a ChallengeResponse.
"""
[docs]
def __init__(self, challenge_name: str, session: str) -> None:
self.challenge_name = challenge_name
self.session = session
[docs]
class InvalidChallengeError(HTTPException):
"""Raised when the challenge response is incorrect or the session is expired."""
[docs]
def __init__(self, detail: str = "Invalid or expired challenge") -> None:
super().__init__(status_code=HTTP_400_BAD_REQUEST, detail=detail)
[docs]
class MfaSetupError(HTTPException):
"""Raised when a TOTP setup or verification operation fails."""
[docs]
def __init__(self, detail: str = "MFA setup failed") -> None:
super().__init__(status_code=HTTP_400_BAD_REQUEST, detail=detail)