search

jagregory / cognito-local

Local emulator for Amazon Cognito
MIT License
278 stars 67 forks source link

Bug: USER_PASSWORD_AUTH flow activates 'PASSWORD_VERIFIER' challenge #346

Open Shpionus opened 1 year ago

Shpionus commented 1 year ago

userPasswordAuthFlow by default returns verifyPasswordChallenge (ref).

But USER_PASSWORD_AUTH does not require providing DEVICE_KEY

Steps to reproduce:

  1. Crate pool
aws --endpoint http://127.0.0.1:5000 cognito-idp create-user-pool \
        --pool-name $POOL_NAME \
        --query UserPool.Id --output text \
        --policies "PasswordPolicy={MinimumLength=6,RequireUppercase=true,RequireLowercase=true,RequireNumbers=true,RequireSymbols=true,TemporaryPasswordValidityDays=7}" \
        --username-attributes "email" \
        --account-recovery-setting 'RecoveryMechanisms=[{Priority=1,Name=verified_email}]'
  1. Create client
aws --endpoint http://127.0.0.1:5000 cognito-idp create-user-pool-client \
        --user-pool-id $POOL_ID  \
        --client-name $CLIENT_NAME \
        --no-generate-secret \
        --explicit-auth-flows "ALLOW_USER_PASSWORD_AUTH" "ALLOW_REFRESH_TOKEN_AUTH" \
        --prevent-user-existence-errors ENABLED \
        --query UserPoolClient.ClientId --output text\
  1. Sign up
aws --endpoint http://127.0.0.1:5000 cognito-idp sign-up \
        --client-id $CLIENT_ID \
        --username new_user@gmail.com \
        --password "1qazXSW@"  \
        --user-attributes Name="email",Value="new_user@gmail.com"
{
    "UserConfirmed": false,
    "UserSub": "7c82e5cc-99b6-468d-8c33-9bb0272bbbfe"
}
  1. Sign in
aws --endpoint http://127.0.0.1:5000 cognito-idp initiate-auth \
        --auth-flow USER_PASSWORD_AUTH \
        --auth-parameters USERNAME="new_user@gmail.com",PASSWORD="1qazXSW@" \
        --client-id $CLIENT_ID \
        --debug
{
    "ChallengeName": "PASSWORD_VERIFIER",
    "ChallengeParameters": {},
    "AuthenticationResult": {
        "AccessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkNvZ25pdG9Mb2NhbCJ9.eyJhdXRoX3RpbWUiOjE2NzQwMjg4NDQsImNsaWVudF9pZCI6IjA2NnJodXZ1N2N1dGNwd2liMXlzOXkydDQiLCJldmVudF9pZCI6ImM4MWNiOGM0LTdlNDYtNDU5Yi1hNTQ0LTQ4ZDIzM2NlNTY4MCIsImlhdCI6MTY3NDAyODg0NCwianRpIjoiMDlkOGQ0YzAtOGZiMy00YWZjLWFmNzYtNTQ2Yjc2YmNhMDJhIiwic2NvcGUiOiJhd3MuY29nbml0by5zaWduaW4udXNlci5hZG1pbiIsInN1YiI6IjdjODJlNWNjLTk5YjYtNDY4ZC04YzMzLTliYjAyNzJiYmJmZSIsInRva2VuX3VzZSI6ImFjY2VzcyIsInVzZXJuYW1lIjoibmV3X3VzZXJAZ21haWwuY29tIiwiZXhwIjoxNjc0MTE1MjQ0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjkyMjkvbG9jYWxfM3BPeUp3aUIifQ.K8LVTHNcp4TPYnQUtU8aOgS-V1MPodnEYgFkE09jJyUseN0OE7rZ5fJPBCnVLIiEcdk3sQEnb0QW91JzmHiRrpIHzLZ2rMlcw9wTAplFLVyN-rfL2TW-P2gyyNMmUPBzT8YZDPupL7b6rk67QIcVqSxVQerlGYWn9qXIMKtTXunFcH_EVXpRxz0ctWxXXLZsElodw8Zf3QNjQeXHGpqUFjXO5vCP87LGBV3FxwRac8YP3a0nWNoIBavvvBq4GjjEp1zpdXx-QwDcaJTUWCpq3OW00GPQwT4Pv1hmfXIaIyd52yGhO7V2sovQgtlKcNQRiSxmsDQJp4fVpA3zWaJmYw",
        "RefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb2duaXRvOnVzZXJuYW1lIjoibmV3X3VzZXJAZ21haWwuY29tIiwiZW1haWwiOiJuZXdfdXNlckBnbWFpbC5jb20iLCJpYXQiOjE2NzQwMjg4NDQsImp0aSI6IjI2ZTY0M2VjLWQ1ZGUtNGQ5ZS05YmFiLTZiNTRkMjg5NjJjNyIsImV4cCI6MTY3NDYzMzY0NCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MjI5L2xvY2FsXzNwT3lKd2lCIn0.vzjcCoTHI-gHnf-yDxnXXRT5DDRAt_R3lyx9adHBXhDGs0mABRP5cDOIiNMrTQjALfWtCB9geHRWlxVzwAwPwIV69VqUurIzdUi5zg31Xm9bcWLm_WuQrxrPsvXAw_JSR9Thvh7LfYie_FtnhKHvgIJduvzeAZf2zGHMxiCsVc79ZBrx21jOlFTzCM-UxTCU1rxEkBEbwYEOMclpFzW0N0_VhyRk6ZrNYG6HUgCgFy53ViB672w-n-zeC5jW2bo7259DKw4rBUe6dgXTf4vC8NN0MXGfibKTOmnIPytBgEEA1pnoEG8uPQJKN25FJu2hiJ42P-aJQg3T0I6ru0535w",
        "IdToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IkNvZ25pdG9Mb2NhbCJ9.eyJjb2duaXRvOnVzZXJuYW1lIjoibmV3X3VzZXJAZ21haWwuY29tIiwiYXV0aF90aW1lIjoxNjc0MDI4ODQ0LCJlbWFpbCI6Im5ld191c2VyQGdtYWlsLmNvbSIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwiZXZlbnRfaWQiOiJjODFjYjhjNC03ZTQ2LTQ1OWItYTU0NC00OGQyMzNjZTU2ODAiLCJpYXQiOjE2NzQwMjg4NDQsImp0aSI6IjcyN2ZlMDNlLTQ4YTEtNGRlYi05NTJlLTY5NWM4MzQ0MWZlYSIsInN1YiI6IjdjODJlNWNjLTk5YjYtNDY4ZC04YzMzLTliYjAyNzJiYmJmZSIsInRva2VuX3VzZSI6ImlkIiwiZXhwIjoxNjc0MTE1MjQ0LCJhdWQiOiIwNjZyaHV2dTdjdXRjcHdpYjF5czl5MnQ0IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MjI5L2xvY2FsXzNwT3lKd2lCIn0.DKevzXf4q3eKmjMe2ZPtJDkbNfHeFQ4sKB_juMKPSLh9QkaCxE0qWCJ7gYgeLEn1diCv72WvfkOLpMxVnkPIK36CDGtPJvEpXXIL8I9VWVj4OdwdPMMJLvhBQG7sZdFebBGbY2CiPU-NPoGSIo0rEli3d3E7AzSTPPek6Qfu1jOM3Cr7JTfC60u8o_v_eoas9qncnT826GnAf6Bw8qx5MMjqoMx9f6-5enmmZU4Fwhq5jE9r4xkaI2vV40WV6G5JdlYYgOxK7AmIBlchkeirX8U1F6Lj4Smf_rWWfr64RPmCLiBD86n0Pw0wCd92S40gHQqtbqWhn28lLTyRMqb2kA"
    }
}

Expected: 'UserNotConfirmedException'