search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.44k stars 2.13k forks source link

Auth.currentAuthenticatedUser() still exists after user has been deleted through UI #9796

Closed daviddalmaso closed 2 years ago

daviddalmaso commented 2 years ago

Before opening, please confirm:

JavaScript Framework

React Native

Amplify APIs

Authentication

Amplify Categories

auth, function, api

Environment information

``` # Put output below this line System: OS: macOS 12.2.1 CPU: (8) arm64 Apple M1 Memory: 80.22 MB / 16.00 GB Shell: 5.8 - /bin/zsh Binaries: Node: 16.13.0 - /opt/homebrew/Cellar/node@16/16.13.0/bin/node Yarn: 1.22.17 - /opt/homebrew/bin/yarn npm: 8.1.0 - /opt/homebrew/Cellar/node@16/16.13.0/bin/npm Browsers: Chrome: 100.0.4896.75 Firefox: 99.0 Safari: 15.3 npmPackages: @babel/core: ^7.12.9 => 7.17.8 @expo/vector-icons: ^12.0.5 => 12.0.5 @react-native-async-storage/async-storage: ~1.15.0 => 1.15.17 @react-native-community/netinfo: ^7.1.7 => 7.1.12 @react-native-community/slider: ^4.2.1 => 4.2.1 @react-native-masked-view/masked-view: 0.2.6 => 0.2.6 @react-native-picker/picker: ^2.2.1 => 2.4.0 @react-navigation/bottom-tabs: ^6.0.9 => 6.2.0 @react-navigation/material-top-tabs: ^6.0.6 => 6.1.1 @react-navigation/native: ^6.0.6 => 6.0.8 @react-navigation/stack: ^6.0.11 => 6.1.1 HelloWorld: 0.0.1 aws-amplify: ^4.3.12 => 4.3.18 aws-amplify-react-native: ^6.0.2 => 6.0.4 dayjs: ^1.10.7 => 1.11.0 eslint: ^8.12.0 => 8.12.0 eslint-config-airbnb: ^19.0.4 => 19.0.4 eslint-config-prettier: ^8.5.0 => 8.5.0 eslint-plugin-import: ^2.25.4 => 2.25.4 eslint-plugin-jsx-a11y: ^6.5.1 => 6.5.1 eslint-plugin-react: ^7.29.4 => 7.29.4 eslint-plugin-react-native: ^4.0.0 => 4.0.0 expo: ~44.0.0 => 44.0.6 expo-analytics-amplitude: ~11.1.0 => 11.1.1 expo-linking: ~3.0.0 => 3.0.0 expo-splash-screen: ^0.14.1 => 0.14.2 expo-status-bar: ~1.2.0 => 1.2.0 expo-store-review: ~5.1.0 => 5.1.1 hermes-inspector-msggen: 1.0.0 husky: ^7.0.4 => 7.0.4 lint-staged: ^12.3.7 => 12.3.7 prettier: ^2.6.1 => 2.6.1 prop-types: ^15.8.1 => 15.8.1 (15.7.2) react: 17.0.1 => 17.0.1 react-dom: 17.0.1 => 17.0.1 react-native: 0.64.3 => 0.64.3 react-native-confirmation-code-field: ^7.3.0 => 7.3.0 react-native-country-picker-modal: ^2.0.0 => 2.0.0 react-native-gesture-handler: 2.2.0 => 2.2.0 react-native-image-slider-box: ^1.1.20 => 1.1.20 react-native-loading-spinner-overlay: ^3.0.0 => 3.0.0 react-native-onboarding-swiper: ^1.2.0 => 1.2.0 react-native-pager-view: ^5.4.9 => 5.4.15 react-native-phone-input: ^1.3.3 => 1.3.3 react-native-progress: ^5.0.0 => 5.0.0 react-native-reanimated: 2.3.1 => 2.3.1 react-native-safe-area-context: ^3.3.2 => 3.4.1 react-native-tab-view: ^3.1.1 => 3.1.1 react-native-uuid: ^2.0.1 => 2.0.1 reanimated-bottom-sheet: ^1.0.0-alpha.22 => 1.0.0-alpha.22 npmGlobalPackages: @react-native-community/cli: 6.3.1 dotenv-cli: 4.1.0 dotenv: 10.0.0 eas-cli: 0.43.0 eslint-plugin-react-native: 4.0.0 eslint-plugin-react: 7.29.4 eslint: 8.12.0 expo-cli: 5.0.3 npm: 8.1.0 react-native-eject: 0.1.2 ```

Describe the bug

When my app first opens, I check for an authenticated user using the following code block.

Auth.currentAuthenticatedUser({
      bypassCache: false  // Optional, By default is false. If set to true, this call will send a request to Cognito to get the latest user data
    }).then(user => {
      setUser(user)
    })
    .catch(err => {
      // console.log(err)
    });

I have recently switched to using CUSTOM_AUTH for my authenticationFlowType. Previously I was able to delete users through the Cognito console and this would change the behavior of the function above such that no user is returned (and I would redirect the user to a sign up / login screen).

However, when using the CUSTOM_AUTH authenticationFlowType, I have not had this behavior. Instead, after deleting the user from the Cognito console, that user still pops up as the currentAuthenticatedUser.

Expected behavior

I am expecting the Auth.currentAuthenticatedUser() to not return a CognitoUser object if that user has been deleted from Cognito.

Reproduction steps

  1. Install aws-amplify with a react-native project
  2. Add auth to the project amplify add auth a. Set up the auth to use phone number as the sign in method b. Set up a custom authentication flow with custom DefineAuthChallenge, CreateAuthChallenge, VerifyAuthChallenge, and PreSignUp lambda triggers. Implementations of these lambdas can be found from this tutorial.
  3. Create a basic check in your App.js file to check for currentAuthenticatedUser
  4. Set authenticationFlowType to CUSTOM_AUTH to the top of your App.js 
    
import Amplify, { Auth } from "aws-amplify";
import awsconfig from '~/aws-exports';

Amplify.configure(awsconfig) Auth.configure({ authenticationFlowType: 'CUSTOM_AUTH' })

5. Successfully create a user using the new authentication flow
6. Disable and delete the new user from the Cognito UI / console
7. Reload application --> `currentAuthenticatedUser` returns the deleted CognitoUser is what I'm seeing

### Code Snippet

```javascript
// Put your code below this line.
import Amplify, { Auth } from 'aws-amplify';
import React, { useEffect } from 'react';
import { Text, View } from 'react-native';
import awsconfig from '~/aws-exports';
import { getAppContext } from "~/context/appContext";

Amplify.configure(awsconfig)
Auth.configure({
  authenticationFlowType: 'CUSTOM_AUTH'
})

const App = () => {
  const { isSignedIn, setUser } = getAppContext()

  useEffect(() => {
    prepareUser()
  }, [])

  const prepareUser = async () => {
    Auth.currentAuthenticatedUser({
      bypassCache: false  // Optional, By default is false. If set to true, this call will send a request to Cognito to get the latest user data
    }).then(user => {
      setUser(user)
    })
    .catch(err => {
      // console.log(err)
    });
  }

  if (isSignedIn) {
    return (
      <View>
        <Text>Signed in</Text>
      </View>
    )   
  } else {
    return (
      <View>
        <Text>NOT signed in</Text>
      </View>
    )
  }
}

const AppWithContext = () => {
  return (
    <GlobalState>
      <App/>
    </GlobalState>
  )
}

export default AppWithContext

Log output

``` // Put your logs below this line ```

aws-exports.js

/* eslint-disable */
// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.

const awsmobile = {
    "aws_project_region": "us-east-1",
    "aws_appsync_graphqlEndpoint": "https://5xhhjzphsvgozibfmuoomvazpy.appsync-api.us-east-1.amazonaws.com/graphql",
    "aws_appsync_region": "us-east-1",
    "aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS",
    "aws_cognito_identity_pool_id": "us-east-1:bb958fd4-db3a-463e-a4ba-eaa3d126c8cf",
    "aws_cognito_region": "us-east-1",
    "aws_user_pools_id": "us-east-1_rIufQYxG6",
    "aws_user_pools_web_client_id": "4eg1h0lf237to02fhtrhh4dq16",
    "oauth": {},
    "aws_cognito_username_attributes": [
        "PHONE_NUMBER"
    ],
    "aws_cognito_social_providers": [],
    "aws_cognito_signup_attributes": [
        "PHONE_NUMBER"
    ],
    "aws_cognito_mfa_configuration": "OFF",
    "aws_cognito_mfa_types": [
        "SMS"
    ],
    "aws_cognito_password_protection_settings": {
        "passwordPolicyMinLength": 8,
        "passwordPolicyCharacters": []
    },
    "aws_cognito_verification_mechanisms": [
        "PHONE_NUMBER"
    ]
};

export default awsmobile;

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

vyomr13 commented 2 years ago

Hi I was able to repro this. Access and Id tokens are stateless and are valid until they are expired and the library on the client will use it until expires to try to get new ones. Could you change the code to this instead?

Auth.currentAuthenticatedUser({
    bypassCache: true
})

Here is the documentation link, https://docs.amplify.aws/lib/auth/manageusers/q/platform/js/#retrieve-current-authenticated-user

daviddalmaso commented 2 years ago

This seemed to have solved my issue. Simple fix, sorry, that I had tried that.

Why is it though that setting bypassCache to false doesn't create this issue for a separate authenticationFlowType?

github-actions[bot] commented 1 year ago

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server amplify-help forum.