Supporting external logic for restoring / generating custom password

rahulpsd18 / cognito-backup-restore

AIO Tool for backing up and restoring AWS Cognito User Pools

MIT License

196 stars 64 forks source link

Supporting external logic for restoring / generating custom password #1

Closed juno-visualsquares closed 6 years ago

juno-visualsquares commented 6 years ago

For migrating cognito user pool, people might want to do silently for recovering a hashed password / use custom new password policy for each user
If all users are imported with the same new password (current password parameter's behavior), it is risky for any system

An example usage, create a pwd_module.js

var exports = module.exports = {};

exports.getPwdForUsername = function(username) {
    // Do custom logic generate password / lookup in a backup for hashed password here
    return 'XXXXX';
}

Usage: node ./build/cli/cli.js restore --pwdModule {absolute path for pwd_module.js}

juno-visualsquares commented 6 years ago

I am planning to add a local csv output too, as when pwd/pwdModule options, people would care about whether the users are imported with specified pwd.

'username', 'password'
'AAA', 'ABCDEF'
'BBB', 'BBBBBB'
'CCC', '(N/A, generated by Cognito)'

This might be wanted when people are going to migrate cognito user pool. Any suggestion/comment on that?

rahulpsd18 commented 6 years ago

Hey, thanks for this. I appreciate you for taking time out and implementing this. But I was planning to remove the custom password setting option completely and make use of cognito generated password via email with OTP only.

Reason being, any access to manipulate user's password, where you know it or provide it (current implementation) or control it's generation (your PR) is a security loophole.

Any suggestions?

juno-visualsquares commented 6 years ago

understand that concern. Security usually comes with compromise in flexibility.

For my usage, use of aws cognito user pool also creates enormous vendor lock-in for product if one cannot migrate a user pool without disturbing every user to reverify email and reset password on migration. We need to take a salt-and-hash approach before cognito to keep ourselves never knowing user input, this feature could be one essential part of it.

Programmers need to strike a balance of using these options or not, and handle security at their own risk if they do(e.g. Access control on their storage). (I personally would prefer hoping these options but give text warnings)

rahulpsd18 commented 6 years ago

Yeah, I see where you are coming from. I appreciate you for taking time out and contribute. I will gladly merge and release once I get around verifying the changes. Thanks 😄

rahulpsd18 commented 5 years ago

@all-contributors please add @juno-visualsquares for code and ideas

allcontributors[bot] commented 5 years ago

@rahulpsd18

I've put up a pull request to add @juno-visualsquares! :tada: