Resending user signup confirmation email

NabuCasa / pycognito

Python library for using AWS Cognito. With support for SRP.

Apache License 2.0

132 stars 40 forks source link

Resending user signup confirmation email #50

Open amankejriwal opened 3 years ago

amankejriwal commented 3 years ago

Is there a way to send the confirmation email that a new user receives upon signup?

brleinad commented 3 years ago

I think that's what send_verification is for. @amankejriwal did you try that already?

circulon commented 2 years ago

I think that's what send_verification is for. @amankejriwal did you try that already?

send_verification requires an active access token which is obviously not available if the user has not yet a. confirmed their registration b. logged in to get the access token

The client method "resend_confirmation_code" achieves what the OP was asking. I've literally just had this as a requirement (ie my confirm code expired) and resend_confirmation_code is missing ;(

Will look into adding this shortly

circulon commented 2 years ago

@amankejriwal A bit late I know but I have addressed this issue in #99

nk9 commented 2 years ago

Thanks for adding that method. It's important to note, however that admins who have created a user with admin_create_user cannot use resend_confirmiation_code. If you want the welcome email to be re-sent and you're OK with re-setting the user's password, then do this instead:

u = Cognito('your-user-pool-id', 'your-client-id')

user = u.admin_create_user(
    user_email_address,
    temporary_password='NewPassword^56',
    additional_kwargs={`'MessageAction': 'RESEND'},
)

Source: StackOverflow

circulon commented 2 years ago

Thanks for the info @nk9 This caveat should probably go into the docs I will try and find a spot for this when I have time as I use both self register and admin create user methods in my project.

Cheers for the FYI

nk9 commented 2 years ago

I've discovered another fun caveat. The "RESEND" trick above only works if the user's status is FORCE_CHANGE_PASSWORD. Sort of makes sense, I guess. If the user has successfully signed in (state of CONFIRMED), then you have to use admin_reset_password(), which will send an email with the verification code, and force a password reset on next sign in (user Enabled, status RESET_REQUIRED). This means the user has to have their old password available. The user will receive an email, but it will be as if they've clicked "Forgot my password" in the UI. So it won't exactly meet OP's request of getting the original email re-sent.