search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.42k stars 2.12k forks source link

NotAuthorizedException Incorrect username or password for every error #9399

Closed careignition-cps closed 2 years ago

careignition-cps commented 2 years ago

Before opening, please confirm:

JavaScript Framework

React

Amplify APIs

Authentication

Amplify Categories

auth

Environment information

``` # Put output below this line System: OS: Windows 10 10.0.19043 CPU: (8) x64 Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz Memory: 2.34 GB / 15.73 GB Binaries: Node: 16.13.0 - C:\Program Files\nodejs\node.EXE Yarn: 1.22.17 - ~\node_modules\.bin\yarn.CMD npm: 8.1.3 - C:\Program Files\nodejs\npm.CMD Browsers: Edge: Spartan (44.19041.1266.0), Chromium (96.0.1054.43) Internet Explorer: 11.0.19041.1202 npmPackages: @babel/core: ^7.15.5 => 7.15.5 (7.12.3) @babel/eslint-parser: ^7.15.7 => 7.15.7 @emotion/react: ^11.6.0 => 11.6.0 @emotion/styled: ^11.6.0 => 11.6.0 @iconify/icons-ant-design: ^1.1.0 => 1.1.0 @iconify/icons-eva: ^1.1.0 => 1.1.0 @iconify/icons-ic: ^1.1.10 => 1.1.10 @iconify/react: ^3.0.1 => 3.0.1 @mui/icons-material: 5.2.0 => 5.2.0 @mui/lab: ^5.0.0-alpha.47 => 5.0.0-alpha.47 @mui/material: ^5.1.1 => 5.1.1 @mui/styles: ^5.1.1 => 5.1.1 @mui/utils: ^5.0.0 => 5.1.1 @react-pdf/renderer: ^2.0.21 => 2.0.21 @testing-library/jest-dom: ^5.14.1 => 5.14.1 apexcharts: ^3.32.0 => 3.32.0 aws-sdk: ^2.1044.0 => 2.1044.0 change-case: ^4.1.2 => 4.1.2 date-fns: ^2.24.0 => 2.24.0 dom-to-image: ^2.6.0 => 2.6.0 eslint: ^7.32.0 => 7.32.0 eslint-config-airbnb: ^18.2.1 => 18.2.1 eslint-config-prettier: ^8.3.0 => 8.3.0 eslint-config-react-app: ^6.0.0 => 6.0.0 eslint-plugin-flowtype: ^6.0.1 => 6.0.1 (5.10.0) eslint-plugin-import: ^2.24.2 => 2.24.2 eslint-plugin-jsx-a11y: ^6.4.1 => 6.4.1 eslint-plugin-prettier: ^4.0.0 => 4.0.0 eslint-plugin-react: ^7.25.2 => 7.25.2 eslint-plugin-react-hooks: ^4.2.0 => 4.2.0 faker: ^5.5.3 => 5.5.3 formik: ^2.2.9 => 2.2.9 framer-motion: ^4.1.17 => 4.1.17 history: ^5.0.1 => 5.0.1 html-to-image: ^1.9.0 => 1.9.0 html2canvas: ^1.3.3 => 1.3.3 imagediff: 1.0.8 lodash: ^4.17.21 => 4.17.21 numeral: ^2.0.6 => 2.0.6 prettier: ^2.4.1 => 2.4.1 prop-types: ^15.7.2 => 15.7.2 react: ^17.0.2 => 17.0.2 react-apexcharts: ^1.3.9 => 1.3.9 react-dom: ^17.0.2 => 17.0.2 react-helmet-async: ^1.1.2 => 1.1.2 react-icons: ^4.3.1 => 4.3.1 react-router-dom: ^6.0.0-beta.4 => 6.0.0-beta.4 react-scripts: ^4.0.3 => 4.0.3 recharts: ^2.1.6 => 2.1.6 simplebar: ^5.3.5 => 5.3.5 simplebar-react: ^2.3.5 => 2.3.5 web-vitals: ^2.1.0 => 2.1.0 yup: ^0.32.9 => 0.32.9 npmGlobalPackages: @aws-amplify/cli: 7.6.2 npm: 8.1.3 yarn: 1.22.17 ```

Describe the bug

I have been able to log in and log out for a while with the exact same email and password combination. However, now, every time I try to log in (I tried the following cases: disabled my user on the console, reset my users passcode on the console) I get the error: NotAuthorizedException: Incorrect username or password.

To check if I am just not remembering right, I created a NEW user. The user now has the status FORCE_CHANGE_PASSWORD on the console. However, my console is logging the same error, not authorized.

Expected behavior

Expected behavior: being able to log in with correct credentials and being able to get any error other than NotAuthorizedException.

Reproduction steps

I yarn start my project and credentials_should_work should_have_diff_error

This worked two weeks ago, I have changed no code. I simply signed out for the first time in three weeks

Code Snippet

// Put your code below this line.
import React, { useState, useEffect } from 'react';
import { useNavigate, useLocation } from 'react-router-dom';
import {
  CognitoUserPool,
  CognitoUserSession,
  AuthenticationDetails,
  CognitoUser,
  CookieStorage
} from 'amazon-cognito-identity-js';
import * as AWS from 'aws-sdk/global';
import UserPool from '../UserPool';
import GetLoggedInStatus from './GetLoggedInStatus';

export default () => {
  const [email, setEmail] = useState('');
  const [password, setPassword] = useState('');
  const navigate = useNavigate();
  const location = useLocation();
  const cognitoUser = UserPool.getCurrentUser();

  useEffect(() => {
    if (GetLoggedInStatus() === true) {
      if (location.pathname === '/') {
        console.log(location);
        navigate('dashboard');
      }
    } else {
      navigate('/');
    }
  }, []);

  const logout = () => {
    const user = UserPool.getCurrentUser();
    if (user) {
      user.signOut();
      console.log('user exists');
      navigate('/');
    }
    console.log('logout');
  };

  const onSubmit = (event) => {
    event.preventDefault();

    const userData = {
      Username: email,
      Password: password
    };

    const authDetails = new AuthenticationDetails({ userData });

    const user = new CognitoUser({
      Username: email,
      Pool: UserPool
    });

    user.authenticateUser(authDetails, {
      onSuccess: (data) => {
        console.log('onSuccess:', data);
        if (location.pathname === '/') {
          navigate('dashboard');
        }
      },
      onFailure: (err) => {
        console.error('onFailure:', err);
      },
      newPasswordRequired: (data) => {
        console.log('newPasswordRequired', data);
      }
    });
  };

  return (
    <div>
      {!GetLoggedInStatus() === true && (
        <div>
          <form onSubmit={onSubmit}>
            <input type="text" required value={email} onChange={(e) => setEmail(e.target.value)} />
            <input
              type="text"
              required
              value={password}
              onChange={(e) => setPassword(e.target.value)}
            />
            <button type="submit">Login</button>
          </form>
        </div>
      )}
      {GetLoggedInStatus() === true && (
        <div>
          <button onClick={logout}>Logout</button>
        </div>
      )}
    </div>
  );
};

User pool

import { CognitoUserPool } from 'amazon-cognito-identity-js';

const poolData = {
  UserPoolId: 'xxxxx',
  ClientId: 'xxxxxx'
};

export default new CognitoUserPool(poolData);

GetLoggedInStatus

import UserPool from '../UserPool';

function GetLoggedInStatus() {
  let prom = false;
  new Promise((resolve, reject) => {
    const user = UserPool.getCurrentUser();
    console.log('in promise');
    if (user) {
      console.log('user exists');
      user.getSession((err, session) => {
        if (err) {
          console.log('user does not exist');
          prom = false;
          reject();
        } else {
          resolve(session);
          console.log('user exists');
          prom = true;
        }
      });
    } else {
      console.log(user);
      reject(Error('no user'));
      // prom = false;
    }
  })
    .then(() => true)
    .catch((e) => {
      console.log(e);
      return false;
    });
  return prom;
}

export default GetLoggedInStatus;

Log output

See screenshot above

// Put your logs below this line

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

jamessouth commented 2 years ago

I had this same issue. Cognito recently rolled out a new console and suddenly my test account usernames and passwords didn't work. To fix, try:

  1. Log in to the new console > user pools > your pool.
  2. Click on the app integration tab.
  3. At the bottom is app client list. Click on your app.
  4. The top box is app client information. Click edit.
  5. At the bottom, uncheck/check prevent user existence errors.

When I unchecked this my u/p worked again, then I checked it back and they still work as expected. Hope this helps!

chrisbonifacio commented 2 years ago

Hi @careignition-cps 👋 thanks for raising this issue. Can you try @jamessouth's steps and see if that helps at all? If not, I'll try to reproduce the issue and see if I can find a solution/workaround for you.

chrisbonifacio commented 2 years ago

Hi 👋 Closing this as we have not heard back from you. If you are still experiencing this issue and in need of assistance, please feel free to comment and provide us with any information previously requested by our team members so we can re-open this issue and be better able to assist you. Thank you!

visomi-dev commented 1 year ago

If you are here because you have a similar error and you cannot find the answer, when you create a user from the admin or with the admin sdk from the frontend you have to use the authentication flow "USER_PASSWORD_AUTH" previously you should have configured it in the app client:

https://docs.amplify.aws/lib/auth/switch-auth/q/platform/js/

michaelgutierrez0 commented 1 month ago

Thank you @visomi-dev this just saved me! In order for the app client to perform ChangePassword you have to allow the app client to perform the flow "USER_PASSWORD_AUTH".