The way I'm logging in to my app is by entering a username and then aws amplify generates and send the one-time password to the registered email address of the user and then the user is asked to enter the one-time password.
What I want is to test my scenario automatically.
Searched a lot but what I git is a simple username and password login using the Cognito strategy of the cypress.
Any help is appreciated.
Related
I've created a user pool for our development environment, wherein I've made MFA required. Then I create a new user using AdminCreateUser where I pass the phone_number and email of the user.
The problem I'm facing is only during e2e Cypress tests. After the user is created, I'm able to login with the temporary password, but in the next step it takes me to the SMS_MFA challenge. I've no way to proceed further with SMS_MFA during e2e tests.
But if I had the option of setting up SOFTWARE_TOKEN_MFA after setting the permanent password, that'd solve the problem for the e2e tests. For SOFTWARE_TOKEN_MFA, I'm using an OTP generator NodeJS library which takes in the secret code and gives me an OTP.
Anyone know how can I setup SOFTWARE_TOKEN_MFA setting up permanent password in AWS Cognito?
I am doing a web app in Django. I hardly tried to create a TokenGenerator for verifying the user's email to activate the user's account
coming to the problem,
how to send the verification email to the user account while
signup. while signup, users can receive a verification link email
with a token generator
the user has to input the password at the time of account signup
After verifying the email user can log in to the respective page via their mail id and password
while login it should check whether an email is present in the DB
(DB will be updated with user emails )
for the first question, Django has built-in functions and classes for sending emails, you can check them here: https://docs.djangoproject.com/en/3.2/topics/email/ and this post will help you send and email: https://dev.to/yash2115/how-to-send-e-mail-in-django-37ge, and if you want sen an email for any user's sign up you have to use signals, check it here: https://docs.djangoproject.com/en/3.2/ref/signals/
other questions are all related and they are pre-built in Django, these links will help you: https://learndjango.com/tutorials/django-login-and-logout-tutorial
https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django/Authentication
repositories which may help:
https://github.com/shoukreytom/pdfstack
https://github.com/shoukreytom/notes
https://github.com/shoukreytom/blog (advanced - apis)
https://github.com/mitchtabian/Food2Fork
I want to achieve the following user case:
If the user logged in with a new device, my app will send an email to notify the user and requires the user to enter the code in the email to successfully logged in the app.
The way I thought is to create a custom authentication flow to achieve this, but I cannot find any information about the user login device in defineAuthChallenge and createAuthChallenge. Did I miss something here? Is this the correct way to achieve the user case?
More info about the custom authentication flow:
https://aws.amazon.com/blogs/mobile/customizing-your-user-pool-authentication-flow/
You can try to implement this using the post authentication lambda trigger. This will send you the user login details (except password) when user attempts to sign in.
I'm following this tutorial https://serverless-stack.com/chapters/test-the-apis.html to create a react js app with AWS.
I followed every steps but now I'm facing a challenge, when i want to test my api with npx command with a user I created in the user pool, it needs to change his password.
npx aws-api-gateway-cli-test --username='mail#example.com' --password='password' --user-pool-id='user-pool-id' --app-client-id='app-client-id' --cognito-region='region' --identity-pool-id='identity-pool' --invoke-url='url' --api-gateway-region='region' --path-template='/notes' --method='POST' --body='{"content":"hello world","attachment":"hello.jpg"}'
npx: installed 106 in 7.229s
Authenticating with User Pool
Given user needs to set a new password
All ids are hidden in the command.
How can I do that ? I tried the change password command but it needs an access token and I don't know where to found it.
Thanks for your help
I'm using the flask-login library, and I haven't been able to find any good tutorials or documentation on how to go about allowing a user to reset their password through an email. What direction/resources can I look at on how to do this? A thorough google search didn't reveal anything useful.
Base logic:
Create reset password form with email field.
When user submit form then you should:
check this email in database
generate undistinguished crypto random secret key (next just secret key)
store this key, current timestamp and user identifier to cache or database
send it to user email or sms
When user apply secret key (for example with url or special form) you should:
validate it (exist, not expired, not used before)
get user identifier
delete or mark as used current secret key
provide logic to enter/generate new password.
Logic to enter/generate password can be different:
login user and show form to enter new password - one time login key
show form to enter password than login if valid
generate new password and send it to user email
generate new secret key for form to enter new password and send it to user email
generate new secret key to approve form, send it via sms, show form to enter new password and approval secret key then login if valid
flask-login doesn't take care of reset password emails and other such things. Its just there to manage sessions and cookies.
You should use Flask-Security which adds password reset functionality and other common security related features to flask. Flask-Security uses flask-login to handle sessions, but adds other features on top to round out the security features:
Email Confirmation
If desired you can require that new users confirm their email address.
Flask-Security will send an email message to any new users with an
confirmation link. Upon navigating to the confirmation link, the user
will be automatically logged in. There is also view for resending a
confirmation link to a given email if the user happens to try to use
an expired token or has lost the previous email. Confirmation links
can be configured to expire after a specified amount of time.
Password Reset/Recovery
Password reset and recovery is available for when a user forgets his
or her password. Flask-Security sends an email to the user with a link
to a view which they can reset their password. Once the password is
reset they are automatically logged in and can use the new password
from then on. Password reset links can be configured to expire after a
specified amount of time.
User Registration
Flask-Security comes packaged with a basic user registration view.
This view is very simple and new users need only supply an email
address and their password. This view can be overrided[sic] if your
registration process requires more fields.
Flask-Login only provides user session management for Flask. It handles the common tasks of logging in, logging out, and remembering your users’ sessions over extended periods of time. but not reset password, change password, email confirmation etc.
Flask-security was the best and easy option to do these. It pretty much handles everything. but it is not actively maintained.
Note
This project is non maintained anymore. Consider the
Flask-Security-Too project as an alternative. -- From flask-security
Github repo
So i recommend Flask-Security-Too library which is improved version and actively maintained. It also has much more features like 2FA Auth, Unified Sign-In etc
You can install install it using pip
pip install flask-security-too flask-sqlalchemy
and import libraries like
from flask-security import current_user, login_required
There are some complete (but simple) examples available in the examples directory of the Flask-Security repo.
Documentation : https://flask-security-too.readthedocs.io/en/stable/index.html