Sanitize Cognito Errors

[bryan-robitaille]

Any call to Cognito should only return sanitized errors to the Browser.

Acceptable error messages back to the browser from @lib/auth/cognito/initiateSignIn can include:

• NotAuthorized
• PasswordResetRequired
• InternalServiceError

Acceptable error messages back to the browser from @pages/api/account/confirmpassword can include:

• CodeInvalid
• CodeExpired
• PasswordValidationFailed
• InternalServiceError

Acceptable error messages back to the browser from @pages/api/account/forgotpassword can include:

• InternalServiceError UsernotFound should not be transmitted back to the browser. We should perhaps update content to mention that 'If you have an account a reset email has been sent'.

Acceptable error messages back to the browser from @pages/api/account/register can include:

• InternalServiceError UserNameExists should not be transmitted to the client. An email should be generated and sent to the user informing them that someone has tried to register using their email address and if this was them they can reset their password at the following link.

[thiessenp-cds]

For future reference here is a branch I did some initial work on: fix/sanitize-cognito-errors So far this is more of a proof of concept. The approach I took was to use a function that holds logic to sanitize cognito errors by replacing any sensitive error with a generic error. I also added some error enums and a response interface to help make consistency easier