RESET_REQUIRED case is not implemented in amplify-js/packages/amazon-cognito-identity-js/src/CognitoUser.js

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.

https://docs.amplify.aws/lib/q/platform/js

Apache License 2.0

9.42k stars 2.12k forks source link

RESET_REQUIRED case is not implemented in amplify-js/packages/amazon-cognito-identity-js/src/CognitoUser.js #2602

Open sgrillon14 opened 5 years ago

sgrillon14 commented 5 years ago

Is your feature request related to a problem? Please describe. When user status is NEW_PASSWORD_REQUIRED is OK but not RESET_REQUIRED

Describe the solution you'd like

if (challengeName === 'NEW_PASSWORD_REQUIRED') {
    ....
     return callback.newPasswordRequired(userAttributes, requiredAttributes);
}

add this:

if (challengeName === 'RESET_REQUIRED') {
     ...
     return callback.resetRequired(userAttributes, requiredAttributes);
}

stale[bot] commented 5 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

sgrillon14 commented 5 years ago

What do you need as information to implement this part?

sammartinez commented 4 years ago

@sgrillon14 Inside of Amplify, we do have this workflow. Are you looking to not use Amplify just the Cognito piece ? Please let us know if this is a valid use case for you. If not, please feel free to close this request.

sgrillon14 commented 4 years ago

This use case is a basic case but the users of the library are obliged to tinker to implement this case. The basic case is that a cognito admin creates users. Users arrive in this case from the first use, without skip this step, they will never use the application.

Example: https://github.com/NoraUi/bakery/blob/6a7c9c6d00ff7af40a6aa6d3108f86be49d2592e/bakery-front/src/app/shared/services/aws/aws.service.ts

onFailure: err => {
          console.log(err);
          if (err.code === 'PasswordResetRequiredException' || err.code === 'UserNotConfirmedException') {

simpson commented 4 years ago

Can we get this re-opened?

mishellnovosel commented 4 years ago

@sammartinez, I have same question as @simpson. Will there be any solution of how to handle "RESET_REQUIRED" from amplify perspective?

My case is like this: In case of something going wrong from user perspective we might need to reset password from AWS Cognito. Cognito then sets status to following: "Account Status | Enabled / RESET_REQUIRED". When tried to login with the user I receive following response message: "Password reset required for the user". Now the thing is that I can't set up new password from Amplify, because to do that I would need to have "User" object that I can't access.

I've tried to use "Auth.forgotPasswordSubmit" & "Auth.forgotPassword" to set password with code, but then I get a response that I can't send code: "Can't resend confirmation code for this user".

Is there some kind of workaround over this?

vrunda-thacker commented 4 years ago

I too am facing similar problem, on importing some users via CSV, their account status shows as RESET_REQUIRED, when trying to login via Amplify, it returns NotAuthorizedException, Incorrect username or password.

How does frontend know that for this user password reset is required?

mishellnovosel commented 4 years ago

I actually do have a solution to "RESET_REQUIRED" after you click on it in Cognito ( NOT importing users ). I received the reset Code via registered user email ( I received it after few hours - and that caused the issue ). With that Code and message "Password reset required for the user" I'm redirecting a user to "Reset password" screen where he enters the received code and new password ( same as if user asked password reset on his own ).

The main issue I see here is that his Code has expiration time, and what if user doesn't receive it. Do the admin needs to reset it everytime? Can there be some method to trigger that from frontend side ( as Auth.forgotPassword isn't working )?

klintan commented 4 years ago

@vrunda-thacker did you ever solve this issue ?

I have the exact same issue: Importing users works, status is RESET_REQUIRE but amplify always gives the error NotAuthorizedException and not the proper PasswordResetRequiredException which is expected. Using amplify.signIn() pretty much makes it impossible to use now, since we can't import several 100 of users (or we can import them but none of them will be able to reset their passwords)

Tried earlier versions of amplify as well + tried to recreate user pool and reimport etc, but still same issues. Am I missing something fundamental or is this a major bug ? How have other people solved this (having a hard time seeing that other people using amplify have never used this feature) Many thanks!

cc @norahsakal

danielbressan commented 4 years ago

Any updates on this? I believe it's the same/similar problem to: https://github.com/aws-amplify/aws-sdk-ios/issues/2298 Which identified the bug on the AWS side and was supposedly being fixed.

boyney123 commented 3 years ago

Got the same issue here, wondering how we can get past this with amplify?

boyney123 commented 3 years ago

I too am facing similar problem, on importing some users via CSV, their account status shows as RESET_REQUIRED, when trying to login via Amplify, it returns NotAuthorizedException, Incorrect username or password.

How does frontend know that for this user password reset is required?

Did you manage to fix this @vrunda-thacker?

tramert commented 3 years ago

I am also having this issue, I have a user permanently logged out at this point....