10353 Bug: Duplicate Cognito Accounts #5260
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cognito will throw an error with the message
Alias entry already exists for a different username
when we attempt to create two accounts with the same email nearly simultaneously. Unfortunately, Cognito still creates the duplicate account despite the failure. We sometimes run into the error when a user quickly hits submit multiple times inCreatePetitionerAccount/CreatePetitionerAccountForm.tsx
.This PR fixes the issue on the front end by adding a debounce and deactivating the signup button. For all practical purposes, that should solve the issue.
I thought about how we might enforce no duplicate Cognito users on the back end, too, which would be ideal. I think the solution would go something like this: On getting the duplicate error message, we delete the duplicate account. This is easier said than done: because the request "fails," we don't get the duplicate Cognito user id with which to key off of. Instead, then, we would need to kick off some asynchronous task to get all users associated with the email and delete those without
custom:userId
or something (since our custom attributes--which we set after successfully signing up a user in Cognito--won't have been set for the failed Cognito request).Frankly, I don't think it is worth it. I am happy enough with the front-end fix and pointing out that the issue is, after all, due to a bug with Cognito. That said, if reviewers think that this back-end solution is worthwhile, I can set it up.
(Note: The bug that this PR fixes explains some of 10459. The other part is related to the old Cognito-hosted signup page. Therefore, after this fix, we should no longer be creating any users without
custom:userId
.)