please i am stuck with my auth flow in flutter after my confirm registration with aws amplify . The idea is to create a user exactly after the user has completed his registration by retrieving the userid and creating a user with the id but it keeps returning null even after the registration.
In summary what i am trying to archieve is to not return null after the user as confirmed registration.
please if anyone have a solution or have series of better ideas i am really open to anything that would work.
this is my repository below.
#override
Future<String?> get user async {
try {
final awsUser = await Amplify.Auth.getCurrentUser();
return awsUser.userId;
} catch (e) {
return null;
}
}
#override
Future<String?> confirmSignUp({
required String email,
required String confirmationCode,
}) async {
try {
final res = await Amplify.Auth.confirmSignUp(
username: email,
confirmationCode: confirmationCode,
);
return res.isSignUpComplete ? user : null;
} on AuthException catch (e) {
throw AuthFailure(message: e.message);
}
}
#override
Future<void> createNewUser({
required String username,
required String emailAddress,
required String userId,
}) async {
try {
final newUser = User(
id: userId,
username: username,
email: emailAddress,
dateCreated: TemporalDateTime.now(),
);
await Amplify.DataStore.save(newUser);
} on DataStoreException catch (e) {
throw OtherFailure(message: e.message);
}
}
This is my bloc below.
Future<void> confirmRegistration(String email, String username) async {
try {
emit(
state.copyWith(
status: ConfirmRegistrationStatus.submitting,
),
);
final userId = await _iAuthFacade.confirmSignUp(
email: email,
confirmationCode: state.confirmCode,
);
await _iAuthFacade.createNewUser(
username: username,
emailAddress: email,
userId: userId!,
);
emit(state.copyWith(status: ConfirmRegistrationStatus.submitted));
} on AuthFailure catch (e) {
emit(
state.copyWith(
status: ConfirmRegistrationStatus.error,
failure: AuthFailure(message: e.message),
),
);
}
but when i created a diffrent page or dummy page with just setstate it gave me the right result without returning null.
This is it below.
Future<String?> get user async {
try {
final user = await Amplify.Auth.getCurrentUser();
log('user was checked');
return user.userId;
} catch (e) {
log('no user was found');
return null;
}
}
Future<String?> confirmUser() async {
try {
final result = await Amplify.Auth.confirmSignUp(
username: 'johnblle#gmail.com', confirmationCode: '615841');
log('confirm user was triggerd');
setState(() {
isCompleteSignUpComplete = result.isSignUpComplete;
});
return result.isSignUpComplete ? user : null;
} on AuthException catch (e) {
log(e.message);
}
}
Future<void> createNewUser({
required String username,
required String emailAddress,
required String userId,
}) async {
try {
final newUser = User(
id: userId,
username: username,
email: emailAddress,
dateCreated: TemporalDateTime.now(),
);
log('new user wa created');
await Amplify.DataStore.save(newUser);
} on DataStoreException catch (e) {
log(e.message);
}
}
Future<void> confirmSignUpAndRegUser() async {
log('confirmed signup and created new user');
final userId = await confirmUser();
log(userId.toString());
await createNewUser(
username: 'johnblll',
emailAddress: 'johnblle#gmail.com',
userId: userId!,
);
}
In my controller i have a function that creates a user but also checks to make sure that the user does not already exist and then a dashboard function which gets the user from the request and returns any petitions that have been created by that user.
I've looked at mocha, chai and sinon to carry out the tests along with various online resources but have no idea how to begin testing these two functions since they rely on models. Can anyone point me in the right direction to testing the controller or know of any resources which maybe able to help me?
Controller:
const bcrypt = require('bcryptjs');
const passport = require('passport');
const Users = require('../models/Users');
const Petitions = require('../models/Petitions');
const UserController = {
async register(req, res) {
const {name, email, password, passwordCon} = req.body;
let errors = []
// check required fields
if (!name || !email || !password || !passwordCon) {
errors.push({ msg: 'Please enter all fields' });
}
// check passwords match
if (password !== passwordCon) {
errors.push({ msg: 'Passwords do not match' });
}
// check password length
if (password.length < 6) {
errors.push({ msg: 'Password must be at least 6 characters' });
}
// if validation fails, render messages
if (errors.length > 0) {
res.render('user/register', {
errors,
name,
email,
password,
passwordCon
})
} else {
// validation passed
Users.findOne({email: email})
.then(user => {
if (user) {
// user exists
errors.push({msg: 'Email already in use'});
res.render('user/register', {
errors,
name,
email,
password,
passwordCon
});
} else {
const newUser = new Users({
name: name,
email: email,
password: password
});
// hash password
bcrypt.genSalt(10, (error, salt) =>
bcrypt.hash(newUser.password, salt, (error, hash) => {
if (error) throw error;
// set password to hashed
newUser.password = hash;
// save user
newUser.save()
.then(user => {
req.flash('success_msg', 'Registration Success');
res.redirect('/user/login');
})
.catch(error => console.log(error));
}))
}
});
}
},
async dashboard(req, res) {
const user = req.user;
const petitions = await Petitions.find({createdBy: user._id});
console.log('here');
res.render('user/dashboard', {
user: req.user,
petitions: petitions
})
}
};
module.exports = UserController;
Models:
const mongoose = require('mongoose');
const UserSchema = new mongoose.Schema({
createdOn: {
type: Date,
default: Date.now
},
name: {
type: String,
required: true
},
email: {
type: String,
required: true
},
password: {
type: String,
required: true
},
petitions: [
{ type: mongoose.Schema.Types.ObjectId, ref: 'Petitions' }
]
})
const Users = mongoose.model('Users', UserSchema);
module.exports = Users;
const mongoose = require('mongoose');
const PetitionSchema = new mongoose.Schema({
createdOn: {
type: Date,
default: Date.now
},
title: {
type: String,
required: true
},
signaturesNeeded: {
type: String,
required: true
},
description: {
type: String,
required: true
},
createdBy: {
type: mongoose.Schema.Types.ObjectId,
ref: 'Users'
},
signatures: [
{ type: mongoose.Schema.Types.ObjectId, ref: 'Users' }
]
})
const Petitions = mongoose.model('Petitions', PetitionSchema);
module.exports = Petitions;
Can I get the phone number of a user using People API? If not is there any other API that I can use to get a user's phone number? I can't seem to find a anything on that.
below code is what I've tried
First I signIn using auth2.
useEffect(() => {
console.log("window: ", window);
window.gapi.load("client:auth2", initClient);
}, []);
const initClient = () => {
window.gapi.auth2.init({
client_id: "CLIENT_ID",
});
authenticate().then(loadClient);
};
const authenticate = () => {
return window.gapi.auth2
.getAuthInstance()
.signIn({
scope:
"https://www.googleapis.com/auth/contacts
https://www.googleapis.com/auth/contacts.readonly
https://www.googleapis.com/auth/directory.readonly
https://www.googleapis.com/auth/user.addresses.read
https://www.googleapis.com/auth/user.birthday.read
https://www.googleapis.com/auth/user.emails.read
https://www.googleapis.com/auth/user.gender.read
https://www.googleapis.com/auth/user.organization.read
https://www.googleapis.com/auth/user.phonenumbers.read
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile",
})
.then(
(response) => {
console.log("sign in successful: ", response);
},
(err) => {
console.log("error signing in: ", err);
}
);
};
Then I load the client using.
const loadClient = () => {
window.gapi.client.setApiKey("API_KEY");
return window.gapi.client
.load("https://people.googleapis.com/$discovery/rest?version=v1")
.then(
() => {
console.log("GAPI client loaded for api");
},
(err) => {
console.log("error loading GAPI client for api: ", err);
}
);
};
Finally I execute this request to people api to get the info.
I can get the name and email address of the logged in user but I am not getting phone number.
const execute = () => {
return window.gapi.client.people.people
.get({
resourceName: "people/me",
personFields: "names,emailAddresses,phoneNumbers",
})
.then(
(response) => {
console.log("people response: ", response);
},
(err) => {
console.log("people err: ", err);
}
);
};
You will need the user.phonenumbers scope. From the OAuth 2.0 Scopes section:
View your/current user phone numbers
https://www.googleapis.com/auth/user.phonenumbers.read
You can then use people.get("people/me") with personFields="phoneNumbers" to get a Person instance with the phoneNumbers field populated.
When signing in a user with the same email address through the Google and Facebook identity providers, AWS Cognito creates multiple entries in the user pool, one entry per identity provider used:
I have used the example code provided in this tutorial to set up AWS Cognito: The Complete Guide to User Authentication with the Amplify Framework
How can I create just one user instead of multiple users?
Is it possible to have AWS Cognito automatically combine (federate) the entries
from multiple providers into one entry or should AWS Lambda functions be used to accomplish this?
Yes. You can do it by using AdminLinkProviderForUser https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html
The idea is:
In PreSignUp lambda hook, we Link Provider to User if User already signed up. E.g:
import CognitoIdentityServiceProvider from 'aws-sdk/clients/cognitoidentityserviceprovider'
const cognitoIdp = new CognitoIdentityServiceProvider()
const getUserByEmail = async (userPoolId, email) => {
const params = {
UserPoolId: userPoolId,
Filter: `email = "${email}"`
}
return cognitoIdp.listUsers(params).promise()
}
const linkProviderToUser = async (username, userPoolId, providerName, providerUserId) => {
const params = {
DestinationUser: {
ProviderAttributeValue: username,
ProviderName: 'Cognito'
},
SourceUser: {
ProviderAttributeName: 'Cognito_Subject',
ProviderAttributeValue: providerUserId,
ProviderName: providerName
},
UserPoolId: userPoolId
}
const result = await (new Promise((resolve, reject) => {
cognitoIdp.adminLinkProviderForUser(params, (err, data) => {
if (err) {
reject(err)
return
}
resolve(data)
})
}))
return result
}
exports.handler = async (event, context, callback) => {
if (event.triggerSource === 'PreSignUp_ExternalProvider') {
const userRs = await getUserByEmail(event.userPoolId, event.request.userAttributes.email)
if (userRs && userRs.Users.length > 0) {
const [ providerName, providerUserId ] = event.userName.split('_') // event userName example: "Facebook_12324325436"
await linkProviderToUser(userRs.Users[0].Username, event.userPoolId, providerName, providerUserId)
} else {
console.log('user not found, skip.')
}
}
return callback(null, event)
}
Then when user use OAuth with Facebook/Google with User Pool, the Pool will return this User linked.
Note: You may see 2 records in User Pool UI, but when access User record detail, They already merged.
I have been fiddling around with the same issue for a bit. Accepted answer sort of works but does not cover all scenarios. The main one is that once the user signs up with the external login, they will never be able to sign up with a username and password. Currently, Cognito does not allow linking Cognito users to external users.
My scenarios are as follows:
Scenarios
When the user signs up with a username password and signs up with an external provider, link them.
When the user signs up with an external provider allow them to signup with a username and password.
Have a common username between all linked users to use it as a unique id in other services.
My proposed solution is to always create the Cognito user first and link all external users to it.
Proposed solution
user signs up with username/password first then with an external user. No dramas, just link the external user with the Cognito user.
user signs up with external user first then wants to sign up with username/password. In this scenario, create a Cognito user first then link the external user to this new Cognito user. If the user tries to signup with a username/password in the future, they will get a user already exists error. In this case, they can use the forgot password flow to recover then log in.
const {
CognitoIdentityServiceProvider
} = require('aws-sdk');
const handler = async event => {
const userPoolId = event.userPoolId;
const trigger = event.triggerSource;
const email = event.request.userAttributes.email;
const givenName = event.request.userAttributes.given_name;
const familyName = event.request.userAttributes.family_name;
const emailVerified = event.request.userAttributes.email_verified;
const identity = event.userName;
const client = new CognitoIdentityServiceProvider();
if (trigger === 'PreSignUp_ExternalProvider') {
await client.listUsers({
UserPoolId: userPoolId,
AttributesToGet: ['email', 'family_name', 'given_name'],
Filter: `email = "${email}"`
})
.promise()
.then(({
Users
}) => Users.sort((a, b) => (a.UserCreateDate > b.UserCreateDate ? 1 : -1)))
.then(users => users.length > 0 ? users[0] : null)
.then(async user => {
// user with username password already exists, do nothing
if (user) {
return user;
}
// user with username password does not exists, create one
const newUser = await client.adminCreateUser({
UserPoolId: userPoolId,
Username: email,
MessageAction: 'SUPPRESS', // dont send email to user
UserAttributes: [{
Name: 'given_name',
Value: givenName
},
{
Name: 'family_name',
Value: familyName
},
{
Name: 'email',
Value: email
},
{
Name: 'email_verified',
Value: emailVerified
}
]
})
.promise();
// gotta set the password, else user wont be able to reset it
await client.adminSetUserPassword({
UserPoolId: userPoolId,
Username: newUser.Username,
Password: '<generate random password>',
Permanent: true
}).promise();
return newUser.Username;
}).then(username => {
// link external user to cognito user
const split = identity.split('_');
const providerValue = split.length > 1 ? split[1] : null;
const provider = ['Google', 'Facebook'].find(
val => split[0].toUpperCase() === val.toUpperCase()
);
if (!provider || !providerValue) {
return Promise.reject(new Error('Invalid external user'));
}
return client.adminLinkProviderForUser({
UserPoolId: userPoolId,
DestinationUser: {
ProviderName: 'Cognito',
ProviderAttributeValue: username
},
SourceUser: {
ProviderName: provider,
ProviderAttributeName: 'Cognito_Subject',
ProviderAttributeValue: providerValue
}
})
.promise()
});
}
return event;
};
module.exports = {
handler
};
The solution I created handles, I think, all cases. It also tackles some common issues with Cognito.
If the user is signing up with an external provider, link them to any existing account, including Cognito (username/password) or external provider account.
When linking to existing accounts, link only to the oldest account. This is important is you have more than 2 login options.
If the user is signing up with Cognito (username/password), if an external provider already exists, reject the signup with a custom error message (because the accounts cannot be linked).
Note that when linking accounts, the Cognito pre-signup trigger returns an "Already found an entry for username" error. Your client should handle this and reattempt authentication, or ask the user to sign in again. More info on this here:
Cognito auth flow fails with "Already found an entry for username Facebook_10155611263153532"
Here is my lambda, executed on the Cognito pre-signup trigger
const AWS = require("aws-sdk");
const cognito = new AWS.CognitoIdentityServiceProvider();
exports.handler = (event, context, callback) => {
function checkForExistingUsers(event, linkToExistingUser) {
console.log("Executing checkForExistingUsers");
var params = {
UserPoolId: event.userPoolId,
AttributesToGet: ['sub', 'email'],
Filter: "email = \"" + event.request.userAttributes.email + "\""
};
return new Promise((resolve, reject) =>
cognito.listUsers(params, (err, result) => {
if (err) {
reject(err);
return;
}
if (result && result.Users && result.Users[0] && result.Users[0].Username && linkToExistingUser) {
console.log("Found existing users: ", result.Users);
if (result.Users.length > 1){
result.Users.sort((a, b) => (a.UserCreateDate > b.UserCreateDate) ? 1 : -1);
console.log("Found more than one existing users. Ordered by createdDate: ", result.Users);
}
linkUser(result.Users[0].Username, event).then(result => {
resolve(result);
})
.catch(error => {
reject(err);
return;
});
} else {
resolve(result);
}
})
);
}
function linkUser(sub, event) {
console.log("Linking user accounts with target sub: " + sub + "and event: ", event);
//By default, assume the existing account is a Cognito username/password
var destinationProvider = "Cognito";
var destinationSub = sub;
//If the existing user is in fact an external user (Xero etc), override the the provider
if (sub.includes("_")) {
destinationProvider = sub.split("_")[0];
destinationSub = sub.split("_")[1];
}
var params = {
DestinationUser: {
ProviderAttributeValue: destinationSub,
ProviderName: destinationProvider
},
SourceUser: {
ProviderAttributeName: 'Cognito_Subject',
ProviderAttributeValue: event.userName.split("_")[1],
ProviderName: event.userName.split("_")[0]
},
UserPoolId: event.userPoolId
};
console.log("Parameters for adminLinkProviderForUser: ", params);
return new Promise((resolve, reject) =>
cognito.adminLinkProviderForUser(params, (err, result) => {
if (err) {
console.log("Error encountered whilst linking users: ", err);
reject(err);
return;
}
console.log("Successfully linked users.");
resolve(result);
})
);
}
console.log(JSON.stringify(event));
if (event.triggerSource == "PreSignUp_SignUp" || event.triggerSource == "PreSignUp_AdminCreateUser") {
checkForExistingUsers(event, false).then(result => {
if (result != null && result.Users != null && result.Users[0] != null) {
console.log("Found at least one existing account with that email address: ", result);
console.log("Rejecting sign-up");
//prevent sign-up
callback("An external provider account alreadys exists for that email address", null);
} else {
//proceed with sign-up
callback(null, event);
}
})
.catch(error => {
console.log("Error checking for existing users: ", error);
//proceed with sign-up
callback(null, event);
});
}
if (event.triggerSource == "PreSignUp_ExternalProvider") {
checkForExistingUsers(event, true).then(result => {
console.log("Completed looking up users and linking them: ", result);
callback(null, event);
})
.catch(error => {
console.log("Error checking for existing users: ", error);
//proceed with sign-up
callback(null, event);
});
}
};
If you want to allow the user to continue login with email & password ("Option 1: User Signs Up with Username and Signs In with Username or Alias)") besides identity provider (google, facebook, etc) then the accepted solution won't be enough as Cognito can only have one email as verified.
I solve this by adding a Post Confirmation trigger which automatically verify user email if needed:
const AWS = require('aws-sdk');
const cognitoIdp = new AWS.CognitoIdentityServiceProvider();
const markUserEmailAsVerified = async (username, userPoolId) => {
console.log('marking email as verified for user with username: ' + username);
const params = {
UserAttributes: [
{
Name: 'email_verified',
Value: 'true'
}
// other user attributes like phone_number or email themselves, etc
],
UserPoolId: userPoolId,
Username: username
};
const result = await new Promise((resolve, reject) => {
cognitoIdp.adminUpdateUserAttributes(params, (err, data) => {
if (err) {
console.log(
'Failed to mark user email as verified with error:\n' +
err +
'\n. Manual action is required to mark user email as verified otherwise he/she cannot login with email & password'
);
reject(err);
return;
}
resolve(data);
});
});
return result;
};
exports.handler = async (event, context, callback) => {
console.log('event data:\n' + JSON.stringify(event));
const isEmailVerified = event.request.userAttributes.email_verified;
if (isEmailVerified === 'false') {
await markUserEmailAsVerified(event.userName, event.userPoolId);
}
return callback(null, event);
};
Note: This doesn't seem standard development or common requirement so take as it.
In aws-sdk-js-v3 I'm using #subash approach. I find that when you make an error callback, no extra user is created. Just the one that you create with your email.
const {
CognitoIdentityProviderClient,
ListUsersCommand,
AdminCreateUserCommand,
AdminLinkProviderForUserCommand,
AdminSetUserPasswordCommand,
} = require('#aws-sdk/client-cognito-identity-provider')
const client = new CognitoIdentityProviderClient({
region: process.env.REGION,
})
const crypto = require("crypto")
exports.handler = async(event, context, callback) => {
try {
const {
triggerSource,
userPoolId,
userName,
request: {
userAttributes: { email, name }
}
} = event
if (triggerSource === 'PreSignUp_ExternalProvider') {
const listParam = {
UserPoolId: userPoolId,
Filter: `email = "${email}"`,
}
const listData = await client.send(new ListUsersCommand(listParam))
let [providerName, providerUserId] = userName.split('_')
providerName = providerName.charAt(0).toUpperCase() + providerName.slice(1)
let linkParam = {
SourceUser: {
ProviderAttributeName: 'Cognito_Subject',
ProviderAttributeValue: providerUserId,
ProviderName: providerName,
},
UserPoolId: userPoolId,
}
if (listData && listData.Users.length > 0) {
linkParam['DestinationUser'] = {
ProviderAttributeValue: listData.Users[0].Username,
ProviderName: 'Cognito',
}
}
else {
const createParam = {
UserPoolId: userPoolId,
Username: email,
MessageAction: 'SUPPRESS',
UserAttributes: [{
//optional name attribute.
Name: 'name',
Value: name,
}, {
Name: 'email',
Value: email,
}, {
Name: 'email_verified',
Value: 'true',
}],
}
const createData = await client.send(new AdminCreateUserCommand(createParam))
const pwParam = {
UserPoolId: userPoolId,
Username: createData.User.Username,
Password: crypto.randomBytes(40).toString('hex'),
Permanent: true,
}
await client.send(new AdminSetUserPasswordCommand(pwParam))
linkParam['DestinationUser'] = {
ProviderAttributeValue: createData.User.Username,
ProviderName: 'Cognito',
}
}
await client.send(new AdminLinkProviderForUserCommand(linkParam))
//throw error to prevent additional user creation
callback(Error('Social account was set, retry to sign in.'), null)
}
else {
callback(null, event)
}
}
catch (err) {
console.error(err)
}
}
However, it is a bad UX as the first sign in with federated identity will only create the user but not allowing it to authenticate. However, the subsequent sign in with federated identity will show no such issue. Let me know, if you get any other solution for that first sign in.
It's also useful to keep email_verified as true so that user can recover their password. Especially true if you are using aws-amplify authenticator. This should be in your post authentication trigger.
const {
CognitoIdentityProviderClient,
AdminUpdateUserAttributesCommand,
} = require('#aws-sdk/client-cognito-identity-provider')
const client = new CognitoIdentityProviderClient({
region: process.env.REGION,
})
exports.handler = async(event, context, callback) => {
try {
const {
userPoolId,
userName,
request: {
userAttributes: { email_verified }
}
} = event
if (!email_verified) {
const param = {
UserPoolId: userPoolId,
Username: userName,
UserAttributes: [{
Name: 'email_verified',
Value: 'true',
}],
}
await client.send(new AdminUpdateUserAttributesCommand(param))
}
callback(null, event)
}
catch (err) {
console.error(err)
}
}
I am trying authentication using amazon-cognito-vuex-module package
https://github.com/Botre/amazon-cognito-vuex-module
Following is my code for cognito configuration:
export default new Vuex.Store({
modules: {
auth,
cognito: new AmazonCognitoVuexModule({
region: 'us-east-1',
userPoolId: '<myPoolId>',
clientId: '<myClientId>'
})
},
strict: debug
})
and this is how I am trying authenticating user:
this.$store.dispatch('authenticateUser', { email: this.input.username, password: this.input.password })
authenticateUser function is as follows:
authenticateUser ({ commit, state }, payload) {
return new Promise((resolve, reject) => {
commit('setAuthenticating', true)
const email = payload.email
const password = payload.password
const user = new CognitoUser({
Username: email,
Pool: state.pool
})
user.authenticateUser(
new AuthenticationDetails({
Username: email,
Password: password
}),
{
onFailure: function (error) {
commit('setAuthenticating', false)
reject(error)
},
onSuccess: function (session) {
commit('setAuthenticating', false)
commit('setAuthenticated', user)
resolve(session)
},
newPasswordRequired: function (userAttributes, requiredAttributes) {
commit('setAuthenticating', false)
delete userAttributes.email_verified // Immutable field
user.completeNewPasswordChallenge(
payload.newPassword,
userAttributes,
this
)
}
}
)
})
}
Getting following error in response:
{"__type":"NotAuthorizedException","message":"User is not authorized
to get auth details."}