Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't change the status of "FORCE_CHANGE_PASSWORD" users #1340

Closed
blazsek opened this issue Jul 30, 2018 · 7 comments
Closed

Can't change the status of "FORCE_CHANGE_PASSWORD" users #1340

blazsek opened this issue Jul 30, 2018 · 7 comments
Assignees
@powerful23
Labels
Auth Related to Auth components/category documentation Related to documentation feature requests

Comments

@blazsek
Copy link

blazsek commented Jul 30, 2018

I'm developing a React app, and implementing the authentication with AWS Amplify and Cognito. I'm not using the withAuthenticator HOC because of a custom sign-in page. I sign up users as an administrator with the AWS CLI, which means they receive the FORCE_CHANGE_PASSWORD status by default.

On the login page, I'd like to detect the user's status after capturing their login details so the app would redirect the user to the forgot password flow in case of a FORCE_CHANGE_PASSWORD status.

However, I find absolutely no way to retrieve the status of a user. All of the following methods omit this parameter: currentAuthenticatedUser(), currentSession(), currentUserInfo(), currentUserPoolUser(), currentCredentials().

I even added a custom attribute "isConfirmed" that would be initialized with a "no" value but the Auth.currentAuthenticatedUser() (as well as other similar methods) don't return a user object for users with the state FORCE_CHANGE_PASSWORD.

Secondly, I can't seem to find any way to initiate the Auth.forgotPassword method for a user with the state FORCE_CHANGE_PASSWORD. If I call the forgotPassword method for a new user, I get the following message: User password cannot be reset in the current state.

To sum up:
#1: I can't detect the state of the user.
#2: I can't call the forgotPassword method for users with the FORCE_CHANGE_PASSWORD STATE.

Any help would be greatly appreciated.
@manueliglesias manueliglesias added the Auth Related to Auth components/category label Jul 30, 2018
@haverchuck haverchuck added bug Something isn't working feature-request Request a new feature labels Jul 31, 2018
@powerful23
Copy link
Contributor

@blazsek the user need to sign in with the temporary password first, the flow is like:

Auth.signIn(username, temp_password)
.then(user => {
    if (user.challengeName === 'NEW_PASSWORD_REQUIRED') {
          Auth.completeNewPassword(user, new_password, requiredAttributes)
               .then(user => {
               });
    }
}

Maybe you can have look at this and this
Sorry for now it's not in the documentation. Will mark it as document enhancement.

@powerful23 powerful23 added documentation Related to documentation feature requests and removed bug Something isn't working feature-request Request a new feature labels Jul 31, 2018
@AmoDinho
Copy link

AmoDinho commented Jan 17, 2019
edited
Loading

Hi @powerful23 I have a similar problem but I get "Password cannot be empty", I'm using aws-amplify v1.1.17...

This ia a code snippet of what I have:



 await Auth.signIn({username:this.state.email,password:this.state.password})
                  .then(user => {
                    console.log(user);
                      if (user.challengeName === 'NEW_PASSWORD_REQUIRED'){
                        this.setState({passwordChallenge: true,isLoading: false});
                        Auth.completeNewPassword({
                            user,
                            //password: this.state.password,
                            newPassword: this.state.newPassword
                        }).then(user => {
                            window.LOG_LEVEL='DEBUG'
                            Auth.signIn({username: user.username,password: this.state.newPassword })      
                            window.LOG_LEVEL='DEBUG'
                            this.props.userHasAuthenticated(true);
                              
                        }).catch(e => {
                            window.LOG_LEVEL='DEBUG'
                            console.log(this.state);
                            console.log(e);
                            
                        });

Any help would be great..

@zyzski
Copy link

zyzski commented Feb 20, 2019

looks like it's not possible to reset the user password if they are in the FORCE_CHANGE_PASSWORD state

unfortunately, might have to use the aws-sdk with a cloud function to handle this. otherwise I can see a solution where you create users with the same initial password and automatically complete the Auth.completeNewPassword function. wouldn't be very secure.

@jordanranz
Copy link
Contributor

The initial question seems to have been answered. Closing. Please reopen this if you have any further questions or concerns.

@ludwikd
Copy link

ludwikd commented Oct 3, 2019

Hi @powerful23 I have a similar problem but I get "Password cannot be empty", I'm using aws-amplify v1.1.17...

This ia a code snippet of what I have:



 await Auth.signIn({username:this.state.email,password:this.state.password})
                  .then(user => {
                    console.log(user);
                      if (user.challengeName === 'NEW_PASSWORD_REQUIRED'){
                        this.setState({passwordChallenge: true,isLoading: false});
                        Auth.completeNewPassword({
                            user,
                            //password: this.state.password,
                            newPassword: this.state.newPassword
                        }).then(user => {
                            window.LOG_LEVEL='DEBUG'
                            Auth.signIn({username: user.username,password: this.state.newPassword })      
                            window.LOG_LEVEL='DEBUG'
                            this.props.userHasAuthenticated(true);
                              
                        }).catch(e => {
                            window.LOG_LEVEL='DEBUG'
                            console.log(this.state);
                            console.log(e);
                            
                        });

Any help would be great..

As they say better late, then never ;)
You should call (pass list of params, not an object)
Auth.completeNewPassword(user,newPassword: this.state.newPassword)
not

Auth.completeNewPassword({
user,
newPassword: this.state.newPassword
})

this should solve Your issue

@jonalexander
Copy link

@blazsek the user need to sign in with the temporary password first, the flow is like:

Auth.signIn(username, temp_password)
.then(user => {
    if (user.challengeName === 'NEW_PASSWORD_REQUIRED') {
          Auth.completeNewPassword(user, new_password, requiredAttributes)
               .then(user => {
               });
    }
}

Maybe you can have look at this and this
Sorry for now it's not in the documentation. Will mark it as document enhancement.

this does not work unless you pass the arguments as UsernamePasswordOpts. https://aws-amplify.github.io/amplify-js/api/globals.html#usernamepasswordopts

Auth.signIn({ username: string, password: string })

@github-actions
Copy link

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 12, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@powerful23 powerful23

Labels
Auth Related to Auth components/category documentation Related to documentation feature requests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@jordanranz @zyzski @manueliglesias @jonalexander @haverchuck @powerful23 @AmoDinho @blazsek @ludwikd