AdminSetUserMFAPreference doesn't make an effect to users MFA options

staradayev commented 2 years ago

Confirm by changing [ ] to [x] below to ensure that it's a bug:

[x] I've gone through Developer Guide and API reference
[x] I've checked AWS Forums and StackOverflow for answers
[x] I've searched for previous similar issues and didn't find any solution
[x] This is an issue with version 2.x of the SDK

Describe the bug AdminSetUserMFAPreference method doesn't enable MFA (SMS) for user. It returns 200 OK, but doesn't make an effect. I mean MFAOptions and UserMFASettingList doesn't change. Same time the same method called from AWS CLI with same params made changes. Moreover, the same time the same method from aws-sdk v3 (@aws-sdk/client-cognito-identity-provider) with exactly the same params(I haven't changed a line of code params) makes those changes.

So the problem is definitely in this method in v2 SDK lib.

P.S. User pool MFA settings are set to Optional. P.P.S. Users I'm trying to apply SMS MFA has valid and verified phone number. P.P.P.S. adminSetUserSettings also have no effect to user (I know, it's deprecating now)

Is the issue in the browser/Node.js? Node.js

If on Node.js, are you running this on AWS Lambda? I've tried both - local Node.js server and for testing purposes, I've tried it on lambda

Details of the browser/Node.js version Output of npx envinfo --browsers or node -v

node -v
v12.13.1

SDK version number I've tried three versions:

v2.396.0
v2.501.0
v2.1111.0 (latest available)

To Reproduce (observed behavior) Steps to reproduce the behavior:

async function setMfa () {
    const userPoolId = process.env.AWS_USER_POOL_ID;

    const cognito = new AWS.CognitoIdentityServiceProvider({
        region: process.env.AWS_REGION,
    });

    const baseParams = {
            Username: 'st*******@gmail.com',
            UserPoolId: userPoolId
    };

    const mfaParams = {
        ...baseParams,
        SMSMfaSettings: {
            Enabled: true,
            PreferredMfa: true
        },
        SoftwareTokenMfaSettings: {
            Enabled: false,
            PreferredMfa: false
        }
    }

    console.log('Create user MFA ' + JSON.stringify(mfaParams))
    await cognito.adminSetUserMFAPreference(mfaParams);
    console.log('Created user MFA')
}

Expected behavior I expect to see SMS MFA enabled via set options to user: MFAOptions or UserMFASettingList

damphan commented 2 years ago

Also happened in aws-sdk-php-laravel

ajredniwja commented 2 years ago

@staradayev apologies for late reply, can you please share you httpRequest thats being sent?

//v2
var req = await cognito.adminSetUserMFAPreference(mfaParams);
console.log(req.httpRequest)

//v3
 const client = new CognitoIdentityProviderClient({
        region: 'us-west-2'
    });
    const input = {
        Username: 'xd',
        UserPoolId: "xd",
        SMSMfaSettings: {
            Enabled: true,
            PreferredMfa: true
        },
        SoftwareTokenMfaSettings: {
            Enabled: false,
            PreferredMfa: false
        }
    }
    const command = new AdminSetUserMFAPreferenceCommand(input);

    client.middlewareStack.add(next => async(args) => {
        console.log("User input: ", args.input);
        console.log("HTTP Request: ", args.request); //request is optional
        const result = await next(args);
        // Output is also optional
        // console.log("Deserialized Output: ", result.output); // same to the return of client.send(command). 
        // console.log("HTTP response: ", result.response);
        return result;
    }, {
        step: "build"
    });

    try {
        var result = await client.send(command);
        console.log(result);
    } catch (err) {
        console.log(err)
    }

Harshil230197 commented 2 years ago

I'm also facing same issue, Anyone have the solution for this

Harshil230197 commented 2 years ago

@ajredniwja here is the httpRequest,

HttpRequest { method: 'POST', path: '/', headers: { 'User-Agent': 'aws-sdk-nodejs/2.1101.0 darwin/v12.13.0' }, body: '', endpoint: Endpoint { protocol: 'https:', host: 'cognito-idp.us-east-1.amazonaws.com', port: 443, hostname: 'cognito-idp.us-east-1.amazonaws.com', pathname: '/', path: '/', href: 'https://cognito-idp.us-east-1.amazonaws.com/', constructor: [Function: Endpoint] { __super__: [Function: Object] } }, region: 'us-east-1', _userAgent: 'aws-sdk-nodejs/2.1101.0 darwin/v12.13.0' }

Harshil230197 commented 2 years ago

Hey @staradayev, Have you found a solution or alternative for this?

Harshil230197 commented 2 years ago

@ajredniwja , You added the tag, Workaround is available, can you give me some idea about how it worked for you?

jay3dec commented 2 years ago

@ajredniwja what is the work around ? Did any figure out how a solution ?

ajredniwja commented 2 years ago

@Harshil230197 @jay3dec the information I was asking was specific to my findings at that time. Can you please open a new issue with latest details specific to your use case?

Harshil230197 commented 2 years ago

My issue is also the same: trying to update the userMFAPeferance with the below command but not seeing any data getting updated. @ajredniwja

await cognito.adminSetUserMFAPreference(mfaParams);