search

capless / warrant

Python library for using AWS Cognito. With support for SRP.
Apache License 2.0
468 stars 192 forks source link

Change temporary password - chicken and egg??? #71

Closed flycast closed 6 years ago

flycast commented 6 years ago

OK, this is a really stupid and basic question... 1) Create a new user in a user pool. 2) User tried to authenticate using temporary password. 3) Exception is raised about force password change 4) Try to change password - Can't without access token

Can't get an access token without authenticating. Can't get access token without changing password.

How do we get around this?

I see a number of posts here 25, 13, 14 and 29 but is is still not making sense to my noobie brain.

import boto3
from warrant import Cognito

identity_pool_id = 'us-east-1_XXXXXXXXXX'
app_client_id = 'XXXXXXXXXXXXXXXXXXXXXXX'
username = 'erics'
password = 'XXXXXXXX'
new_password = 'newXXXXXXXX'

cog = Cognito(identity_pool_id, app_client_id, username)

try:
    cog.authenticate(password=password)
except:
    cog.change_password(password, new_password)

Traceback (most recent call last): File "C:\Users\Eric\Documents\cognito.py", line 15, in <module> cog.change_password(password, new_password) File "C:\Users\Eric\AppData\Local\Programs\Python\Python36\lib\site-packages\warrant\__init__.py", line 613, in change_password self.check_token() File "C:\Users\Eric\AppData\Local\Programs\Python\Python36\lib\site-packages\warrant\__init__.py", line 253, in check_token raise AttributeError('Access Token Required to Check Token') AttributeError: Access Token Required to Check Token

armicron commented 6 years ago

Don't use except without a specific exception.

except ForceChangePasswordException:

When this exception occurs you need to call set_new_password_challenge(new_password) https://github.com/capless/warrant/blob/master/warrant/aws_srp.py#L224

flycast commented 6 years ago

Thanks for the fast response. Changed to:

try:
    cog.authenticate(password)
except ForceChangePasswordException:
    cog.change_password(password, new_password)

Get:

NameError: name 'ForceChangePasswordException' is not defined

armicron commented 6 years ago

You need to import it from https://github.com/capless/warrant/blob/master/warrant/exceptions.py

flycast commented 6 years ago

Thank you for your patience and help. I really appreciate how prompt you have been.

I am a python 3 noobie. For those who run into this issue you can import the exceptions using:

from warrant.exceptions import *

armicron commented 6 years ago

@flycast it's a bad practice to use '*' in imports, be patient with it.

flycast commented 6 years ago

Better to only import the bare minimum that you need? from warrant.exceptions import ForceChangePasswordException

bjinwright commented 6 years ago

Can we close this one?

davidtweaver commented 6 years ago

I'm loathe to re-raise this issue, but I keep getting the following error and it seems connected to this issue:


raise ParamValidationError(report=report.generate_report())
botocore.exceptions.ParamValidationError: Parameter validation failed:
Invalid type for parameter AuthParameters.USERNAME, value: None, type: <type 'NoneType'>, valid types: <type 'basestring'>

My code looks like this:

cog = Cognito(identity_pool_id, app_client_id, username)
cog.new_password_challenge(password, new_password)

Where obviously those variables are set elsewhere in my code