amplify-android
amplify-android copied to clipboard
Problem with ResetPassword with non-existing address
Before opening, please confirm:
- [X] I have searched for duplicate or closed issues and discussions.
Language and Async Model
Java
Amplify Categories
Authentication
Gradle script dependencies
// Put output below this line
implementation 'com.amplifyframework:core:1.24.0'
implementation 'com.amplifyframework:aws-auth-cognito:1.24.0'
Environment information
# Put output below this line
------------------------------------------------------------
Gradle 7.0.2
------------------------------------------------------------
Build time: 2021-05-14 12:02:31 UTC
Revision: 1ef1b260d39daacbf9357f9d8594a8a743e2152e
Kotlin: 1.4.31
Groovy: 3.0.7
Ant: Apache Ant(TM) version 1.10.9 compiled on September 27 2020
JVM: 15.0.2 (Oracle Corporation 15.0.2+7-27)
OS: Mac OS X 10.16 x86_64
Please include any relevant guides or documentation you're referencing
No response
Describe the bug
Hi guys, I'm using amplify and Cognito service to perform auth operations with my app. The app is "Kabeh" and you can find it into Amplifi Console.
On the Android side, I tried to reset the user's password by passing his email and, for an existing address, everything works fine. But I'm having a problem when the user sets a wrong email address (for example, the address of a user that doesn't exist in cognito). On the web side the resetPassword method returns an error (and this is the correct behavior) but on the mobile side everything works as if the email existed. I aspect an exception like "UserNotExists", or similar.
I'm using this library: https://github.com/aws-amplify/amplify-android implementation 'com.amplifyframework:core:1.24.0' implementation 'com.amplifyframework:aws-auth-cognito:1.24.0'
Reproduction steps (if applicable)
No response
Code Snippet
// Put your code below this line.
Amplify.Auth.resetPassword(email, res -> {}, error -> {});
Log output
// Put your logs below this line
amplifyconfiguration.json
No response
GraphQL Schema
// Put your schema below this line
Additional information and screenshots
No response
Thanks for reaching out to us. Are you using email as user name? Amplify.Auth.resetPassword("username", { Log.i("AuthQuickstart", "Password reset OK: $it") }, { Log.e("AuthQuickstart", "Password reset failed", error) } )
On trying to reproduce this issue in a setup where username is used for login. If a non existent user id is passed it goes to error callback with the exception "UserNotFoundException".
I've already tried. Using username or email that not exists always returns OK, no error.
Any news about this issue?
@CeccoCQ I tried repro the issue and observe that expected error is returned in the exception callback. Could you please verify your code.
UserNotFoundException{message=User not found in the system., cause=com.amazonaws.services.cognitoidentityprovider.model.UserNotFoundException: Username/client id combination not found. (Service: AmazonCognitoIdentityProvider; Status Code: 400; Error Code: UserNotFoundException; Request ID: 70d0a712-25bd-430e-94de-7fb09c660707), recoverySuggestion=Please enter correct username.}
Hi @sdhuka ,
my code is simple:
Amplify.Auth.resetPassword(email, res -> {}, error -> {});
if I set email = "[email protected]", the method never invoke the error callback.
I've already seen the logs without interesting info.
I think that a (paid) technical support that answer "on my side all works" is not a really good support :) (I don't know if you are a AWS engineer, and if I hadn't written a post here, I'd still be waiting).
Hi @CeccoCQ. Do you have email configured as an alias for username (user can sign in with a username or an email) or can the user only sign in with an email? Could you also provide the code you use for sign up, confirm user, and sign in? This will help us reproduce your auth flow.
@eeatonaws user can signin with email or username. The confirm is made by lambda trigger. The signin is this:
List<AuthUserAttribute> authUserAttributeList = new ArrayList<>();
authUserAttributeList.add(new AuthUserAttribute(AuthUserAttributeKey.familyName(), "firstname));
authUserAttributeList.add(new AuthUserAttribute(AuthUserAttributeKey.givenName(), "lastname"));
authUserAttributeList.add(new AuthUserAttribute(AuthUserAttributeKey.email(), "[email protected]"));
AuthSignUpOptions options = AuthSignUpOptions.builder()
.userAttributes(authUserAttributeList)
.build();
String username = SecureUtils.SHA1.makeHash("[email protected]");
Amplify.Auth.signUp(username, userDTO.getPassword(), options, source::setResult, source::setException);
I have to create a SHA1 because I'm not able to signup with only email as first parameter.
But the behaviour is the same, if I try to recover an email throught username:
String username = SecureUtils.SHA1.makeHash(email);
and
Amplify.Auth.resetPassword(username, source::setResult, source::setException);
all works fine with an unexisting email.
Hi @CeccoCQ, thank you for providing more details about your auth flow and setup. We are working on reproducing the issue with the additional information you provided.
@CeccoCQ have you marked email as an alias, which in Cognito terms means I can use it to sign in with in addition to username.
Why closed? This bug is still present for me. I've marked my mail as alias and if I try to reset password with Email (or alias) not works.
Same behaviour done by webapp, works.
Why closed? This bug is still present for me. I've marked my mail as alias and if I try to reset password with Email (or alias) not works.
Same behaviour done by webapp, works.
not sure, if this will help. I had usernames only setting, but https://stackoverflow.com/questions/65019768/aws-amplify-amplify-js-forgotpassword-returns-no-error-with-invalid-username
setting in cognito app client helped
@CeccoCQ are you still experiencing this issue? If so, could you try checking your user pool settings as @zemacnica suggested?
Closing due to inactivity. Please reopen this issue or create a new issue if you are still experiencing the issue.
⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.