search

ellaisys / aws-cognito

AWS Cognito package (with MFA Feature) using the AWS SDK for PHP/Laravel
https://ellaisys.github.io/aws-cognito/
MIT License
110 stars 41 forks source link

Auth Middleware is not working [security issue !!] #28

Closed MielPoule closed 2 years ago

MielPoule commented 2 years ago

The line 51 on Http/Middleware/AwsCognitoAuthentificate.php has been commented :

#Http/Middleware/AwsCognitoAuthentificate.php
[...]
51 //  $this->authenticate($request);

This is a huge security issue has the middleware don't validate authentification anymore...

amitdhongde commented 2 years ago

Thank you for sharing the input. We will surely review and fix it as appropriate.

amitdhongde commented 2 years ago

This issue is fixed in the release with tag v1.0.6