search

ellaisys / aws-cognito

AWS Cognito package (with MFA Feature) using the AWS SDK for PHP/Laravel
https://ellaisys.github.io/aws-cognito/
MIT License
110 stars 41 forks source link

Error evaluating code regarding NEW_PASSWORD_REQUIRED challenge for API usage #67

Closed gjnvro closed 1 year ago

gjnvro commented 1 year ago

Describe the bug Error evaluating code regarding NEW_PASSWORD_REQUIRED challenge. I believe the issue is with src/Guards/CognitoTokenGuard.php in the hasValidCredentials function, in the scenario that goes through the default break statement for the challenge name, session_token is used as the key when creating a claim but in the login function in the same class, session is expected, not session_token ($this->claim['session']).

To Reproduce Steps to reproduce the behavior:

  1. Follow the guide (no optional change in .env)
  2. Register a user
  3. Login using that user
  4. Error in the CognitoTokenGuard login function

Expected behavior To get a response requiring to change the password (status = NEW_PASSWORD_REQUIRED and with the corresponding session key)

Desktop (please complete the following information):

amitdhongde commented 1 year ago

@gjnvro Thank you for highlighting the issue and the fix you have shared. I shall review it at the earliest and publish it.

amitdhongde commented 1 year ago

This change was released today in v1.1.5. Thank you once again,