search

ellaisys / aws-cognito

AWS Cognito package (with MFA Feature) using the AWS SDK for PHP/Laravel
https://ellaisys.github.io/aws-cognito/
MIT License
107 stars 42 forks source link

Wrong regex on check password #89

Closed gioppy closed 5 months ago

gioppy commented 6 months ago

Describe the bug When creating a user and the temporary password is set by Cognito, the verification for password on Laravel (both attempt login or reset password) generate an error, but the password is correctly valid.

To Reproduce Steps to reproduce the behavior: I register a user with inviteUser, so Cognito assign a temporary password. The password for the user pool is set with the default settings (1 lowercase, 1 uppercase, 1 number 1 special char, 8 chars length).

Screenshot 2024-01-06 alle 11 12 34

The regex of special chars that use AWS has many characters compared with the regex on AwsCognitoUserPool ((?=.*[!@#$%^&*])). When i try to login with a temporary password (for ex. 3,Wtbz8h, this is a valid temporary password generated by Cognito) i recieve an error of password validation, because the regex implemented on package is too more restrictive.

Expected behavior The regex for password validation must be follow the same characters of Cognito special chars.

Additional context I create the action for login and reset password with api routes. Creation of user via cli command.

amitdhongde commented 5 months ago

@gioppy Thank you for highlighting this. We will have it reviewed and resolved.

amitdhongde commented 5 months ago

refer http://awspasswordregex.s3-website-eu-west-1.amazonaws.com/

amitdhongde commented 5 months ago

Released in version 1.2.2