search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.43k stars 2.13k forks source link

Existing and working user will receive NotAuthorizedException exception with correct username and password when upgraded from 3.0.2 to 4.3.3 #6439

Closed mpiivonen closed 4 years ago

mpiivonen commented 4 years ago

Describe the bug

amazon-cognito-identity-js Cognito, Auth

Updated from version 3.0.2 to 4.3.3 Existing and previously tested and confirmed to work user will receive NotAuthorizedException when trying to login

To Reproduce Steps to reproduce the behavior: Should be able to reproduce which ever login flow functionality or examples that are widely available on web

Expected behavior Would assume user to be able to login, since anything hasn't changed regarding the login flow, configurations, username or password

Code Snippet

const authenticationDetails = new AuthenticationDetails({
    Username: 'username',
    Password: 'password'
  })
  const cognitoUser = new CognitoUser({
    Username: 'username',
    Pool: 'userPool'
  })

cognitoUser.authenticateUser(authenticationDetails, {
      onSuccess: result => {
        // handle success case here and do whatever
      },
      onFailure: err => {
        console.error('error from cognito ',err)
       // handle failure and return error message
      }
    })

{ code: 'NotAuthorizedException', name: 'NotAuthorizedException', message: 'Incorrect username or password.' } }

What is Configured? Oauth2 flow

Allowed OAuth Flows: Authorization code grant Implicit grant

Allowed OAuth Scopes: email, openid

Application client settings: Prevent User Existence Errors Enabled (Recommended)

Additional information I did try with legacy mode as well which didn't have any affect, I also did try with prevent user existence errors enabled with version 3.0.2 and all our unit and integration tests passed with 3.0.2 but none of the login tests pass after upgraded to 4.3.3

elorzafe commented 4 years ago

@mpiivonen can you share your package.json file, also did you try this on a fresh install (without lock files)

mpiivonen commented 4 years ago

Took off most of the packages but in the case you were thinking could cause be with some other package I could provide full package file but here are aws related packages and versions in use:

{
  "name": "",
  "version": "",
  "description": "",
  "private": true,
  "engineStrict": true,
  "engines": {
    "node": ">= 10.0.0"
  },
  "scripts": {
   ...
  },
  "author": "",
  "license": "",
  "repository": {
    "type": "git",
    "url": ""
  },
  "dependencies": {
    "amazon-cognito-identity-js": "4.3.3",
    "aws-sdk": "2.670.0",
    ...
  },
  "devDependencies": {
    ...
  }
}

I did try fresh installs with both versions as removed node_modules and package-lock.json I realized the previous version didn't support client with secret so not sure has this changed and testing using client next with secret.

Used functions are imported as

import {
  CognitoUserPool,
  CognitoUserAttribute,
  CognitoUser,
  AuthenticationDetails
} from 'amazon-cognito-identity-js'
amhinson commented 4 years ago

@mpiivonen Would you be able to share more of your dependencies? Also, when you upgraded to 4.3.3, did you also upgrade any other dependencies?

I tried to test this by creating a user with amazon-cognito-identity-js@3.0.2 & aws-sdk@2.6.10 then upgrading to amazon-cognito-identity-js@4.3.3 & aws-sdk@2.670.0 and logging in, but everything still seemed to work as expected.

mpiivonen commented 4 years ago

@amhinson this should be the complete list of dependencies

  "dependencies": {
    "JSONStream": "1.3.5",
    "amazon-cognito-identity-js": "4.3.3",
    "amazon-cognito-js": "1.1.0",
    "async-generators": "0.2.1",
    "async-stream-generator": "1.0.3",
    "aws-sdk": "2.670.0",
    "axios": "0.19.2",
    "body-parser": "1.19.0",
    "content-disposition": "0.5.2",
    "cookie-parser": "1.4.4",
    "crypto-js": "3.1.9-1",
    "express": "4.16.3",
    "express-list-endpoints": "4.0.1",
    "fast-memoize": "2.5.1",
    "handlebars": "4.7.3",
    "jsonwebtoken": "8.5.1",
    "log4js": "6.1.2",
    "moment": "2.22.2",
    "multer": "1.3.0",
    "multer-s3": "2.7.0",
    "neo4j-driver": "1.6.3",
    "pg": "7.11.0",
    "pg-copy-streams": "2.2.2",
    "pg-query-stream": "3.2.0",
    "request": "2.81.0",
    "shortid": "2.2.8",
    "stream-chain": "2.2.1",
    "stream-concat": "0.3.0",
    "stream-json": "1.3.2",
    "strong-soap": "1.9.0",
    "ts-prune": "0.7.0",
    "utils": "0.3.1",
    "uuid": "3.1.0",
    "xlsx": "0.12.1",
    "xml2json": "0.11.0",
    "yieldable-json": "2.0.0",
    "zlib": "1.0.5"
  },
  "devDependencies": {
    "@types/express": "4.16.0",
    "@types/jest": "22.1.2",
    "@types/jsonwebtoken": "7.2.6",
    "@types/multer": "1.3.6",
    "@types/multer-s3": "2.7.5",
    "@types/node": "10.11.3",
    "@types/pg": "7.4.14",
    "@types/request": "2.0.1",
    "@types/rx": "4.1.1",
    "@types/shortid": "0.0.29",
    "chai": "4.2.0",
    "chai-http": "3.0.0",
    "csvdata": "1.7.0",
    "git-hooks": "1.1.8",
    "jest": "23.6.0",
    "license-to-fail": "2.2.0",
    "nock": "9.0.14",
    "prettier": "1.5.3",
    "ts-jest": "22.0.4",
    "tslint": "5.11.0",
    "tslint-language-service": "0.9.9",
    "typedoc": "0.13.0"
  }

of course there could be a chance some other dependency has changed at the same which would have caused this but can't say for sure since noticed the issue after installed newer amazon-cognito-identity-js, there's amazon-cognito-js in our dependencies but it shouldn't be used at the part where sign in has been implemented.

Thank you for confirming from your part it shouldn't be about the version 4.3.3 and I did do some more testing today between different versions and was able to get the same error with previous 3.0.2 version which would now point that the issue is caused something else.

Sorry for bothering you with this issue, I tested around 10-15 times between versions 3.0.2 and 4.3.3 with fresh installs and ran integration tests and for those times everything did pass with 3.0.2 but doesn't pass anymore so from my point of view this issue can be closed.

amhinson commented 4 years ago

@mpiivonen I see you have crypto-js in your dependencies. It could be worth investigating your usage and versions of the library, since it is also utilized in amazon-cognito-identity-js.

mpiivonen commented 4 years ago

@amhinson thank you for pointing that out, will look into this

mpiivonen commented 4 years ago

To get closure for this issue, it seems there was some validation error with out previous user or user password, after changing or updating these or creating new users everything worked as expected so issue was not caused by crypto-js or any other dependencies

github-actions[bot] commented 3 years ago

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.