Force Password Change Status Not Updating

[evanlalo]

Hi,

I've managed to create a user and get redirected to my password change form after login but I'm having a couple of issues.

1. When I attempt to reset my password and thus update the user's status to "confirmed", I get a validation error. The request I'm sending has the following payload.

   '_token' => 'hKVIQyW4hEJmd7Q1Bs3QiOyfYv8gDui2wC9L1AdH',
   'email' => 'some@email.com',
   'password' => '**********',
   'password_confirmation' => '********',

This fails because the validation rules are looking for "token".

        return [
            'token'    => 'required_without:code',
            'code'     => 'required_without:token',
            'email'    => 'required|email',
            'password' => 'required|confirmed|min:8',
        ];

What is "token" supposed to be? Is that the temporary password that I was emailed?

Just for testing, I removed the "token" and "code" from the validation rules and then continued on to the next issue.

2. Currently, my user in Cognito has a confirmation status of "FORCE_CHANGE_PASSWORD" which is identified by the constant AwsCognitoClient::FORCE_CHANGE_PASSWORD. The if statement that runs to determine whether password should be updated does not include this constant. See below.

            if (($user['UserStatus'] == AwsCognitoClient::USER_STATUS_CONFIRMED) ||
                ($user['UserStatus'] == AwsCognitoClient::RESET_REQUIRED_PASSWORD)) {
                $response = $client->resetPassword($request[$paramToken], $request[$paramUsername], $request[$passwordNew]);
            } else {
                $response = false;
            } 

However, even if I add in a check for AwsCognitoClient::FORCE_CHANGE_PASSWORD, I still get a failed update due to the missing token.

Some guidance would be greatly appreciated. This seems like a great package and I would love to be able to use it.

Thanks,

[amitdhongde]

Hi,

I've managed to create a user and get redirected to my password change form after login but I'm having a couple of issues.

1. When I attempt to reset my password and thus update the user's status to "confirmed", I get a validation error. The request I'm sending has the following payload.

  '_token' => 'hKVIQyW4hEJmd7Q1Bs3QiOyfYv8gDui2wC9L1AdH',
  'email' => 'some@email.com',
  'password' => '**********',
  'password_confirmation' => '********',

This fails because the validation rules are looking for "token".

        return [
            'token'    => 'required_without:code',
            'code'     => 'required_without:token',
            'email'    => 'required|email',
            'password' => 'required|confirmed|min:8',
        ];

What is "token" supposed to be? Is that the temporary password that I was emailed?

Just for testing, I removed the "token" and "code" from the validation rules and then continued on to the next issue.

2. Currently, my user in Cognito has a confirmation status of "FORCE_CHANGE_PASSWORD" which is identified by the constant AwsCognitoClient::FORCE_CHANGE_PASSWORD. The if statement that runs to determine whether password should be updated does not include this constant. See below.

            if (($user['UserStatus'] == AwsCognitoClient::USER_STATUS_CONFIRMED) ||
                ($user['UserStatus'] == AwsCognitoClient::RESET_REQUIRED_PASSWORD)) {
                $response = $client->resetPassword($request[$paramToken], $request[$paramUsername], $request[$passwordNew]);
            } else {
                $response = false;
            } 

However, even if I add in a check for AwsCognitoClient::FORCE_CHANGE_PASSWORD, I still get a failed update due to the missing token.

Some guidance would be greatly appreciated. This seems like a great package and I would love to be able to use it.

Thanks,

Thank you for reaching out. A demo application using the same package is available on https://github.com/ellaisys/demo_cognito_app. This has the forgot password feature implemented. Request you to check this out and us know if the issue is resolved or not. Cheers !!

[amitdhongde]

Issue resolved