Closed juno-visualsquares closed 6 years ago
I am planning to add a local csv output too, as when pwd/pwdModule options, people would care about whether the users are imported with specified pwd.
'username', 'password'
'AAA', 'ABCDEF'
'BBB', 'BBBBBB'
'CCC', '(N/A, generated by Cognito)'
This might be wanted when people are going to migrate cognito user pool. Any suggestion/comment on that?
Hey, thanks for this. I appreciate you for taking time out and implementing this. But I was planning to remove the custom password setting option completely and make use of cognito generated password via email with OTP only.
Reason being, any access to manipulate user's password, where you know it or provide it (current implementation) or control it's generation (your PR) is a security loophole.
Any suggestions?
understand that concern. Security usually comes with compromise in flexibility.
For my usage, use of aws cognito user pool also creates enormous vendor lock-in for product if one cannot migrate a user pool without disturbing every user to reverify email and reset password on migration. We need to take a salt-and-hash approach before cognito to keep ourselves never knowing user input, this feature could be one essential part of it.
Programmers need to strike a balance of using these options or not, and handle security at their own risk if they do(e.g. Access control on their storage). (I personally would prefer hoping these options but give text warnings)
Yeah, I see where you are coming from. I appreciate you for taking time out and contribute. I will gladly merge and release once I get around verifying the changes. Thanks 😄
@all-contributors please add @juno-visualsquares for code and ideas
@rahulpsd18
I've put up a pull request to add @juno-visualsquares! :tada:
An example usage, create a
pwd_module.js
Usage: node ./build/cli/cli.js restore --pwdModule {absolute path for pwd_module.js}