-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: [add] Process new_password_required #8
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work, I think this PR's base should be fix/env
, and it would be merged after #7 is merged. Also, I have a couple of comments here:
@@ -70,5 +72,16 @@ func (a *App) Login(w http.ResponseWriter, r *http.Request) { | |||
return | |||
} | |||
|
|||
if res.ChallengeName != nil && *res.ChallengeName == "NEW_PASSWORD_REQUIRED" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's have NEW_PASSWORD_REQUIRED
defined as a constant similar to flowUsernamePassword
and flowRefreshToken
:
const challengeNamePasswordRequired = "NEW_PASSWORD_REQUIRED"
params = map[string]*string{ | ||
"username": aws.String(username), | ||
"session": res.Session, | ||
} | ||
b, _ := json.Marshal(params) | ||
s := url.QueryEscape(string(b)) | ||
http.Redirect(w, r, fmt.Sprintf("/new_password_required?params=%s", s), http.StatusFound) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good idea, but I think the data
object here is too simple to justify usage of encoding/json
and net/url
. Since go is about simplicity, could we do this instead?
params = map[string]*string{ | |
"username": aws.String(username), | |
"session": res.Session, | |
} | |
b, _ := json.Marshal(params) | |
s := url.QueryEscape(string(b)) | |
http.Redirect(w, r, fmt.Sprintf("/new_password_required?params=%s", s), http.StatusFound) | |
http.Redirect(w, r, fmt.Sprintf("/new_password_required?username=%s&session=%s", username, res.Session), http.StatusFound) |
} | ||
res, err := a.CognitoClient.RespondToAuthChallenge(chall) | ||
if err != nil { | ||
log.Println(err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need this log
here :)
if (document.location.search.includes("params")) { | ||
try { | ||
const m = document.getElementById("params"); | ||
m.style.display = "block"; | ||
const params = document.location.search.replace("?params=", ""); | ||
const str = decodeURIComponent(params); | ||
const data = JSON.parse(str); | ||
$("#username").val(data.username); | ||
$("#session").val(data.session); | ||
} catch (e) { | ||
console.error(e); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on my comment above for login.go
, this would simplify to just reading params from URL, and JSON.parse
wouldn't be needed.
params["SECRET_HASH"] = aws.String(secretHash) | ||
} | ||
chall := &cognito.RespondToAuthChallengeInput{ | ||
ChallengeName: aws.String("NEW_PASSWORD_REQUIRED"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Forgot one thing - this should be a constant IMO just like I mentioned here.
Add handling of NEW_PASSWORD_REQUIRED event.
The account added from the cognito management background will be forced to change the password after logging in.