amplify-ui
amplify-ui copied to clipboard
aws-amplify
PasswordResetRequiredException does not trigger code email
Before creating a new issue, please confirm:
- [X] I have searched for duplicate or closed issues and discussions.
- [X] I have tried disabling all browser extensions or using a different browser
- [X] I have tried deleting the node_modules folder and reinstalling my dependencies
- [X] I have read the guide for submitting bug reports.
On which framework/platform are you having an issue?
React
Which UI component?
Authenticator
How is your app built?
Create React App / Webpack 5
What browsers are you seeing the problem on?
Firefox, Chrome
Please describe your bug.
After importing users to a Cognito pool, the user is in the RESET_PASSWORD state [1]. When the user tries to sign in, they are kicked to the ConfirmPasswordReset screen and asked for a code, but a code email is never sent.
This case is not currently handled in the UI.
If the user manually presses "Resend Code" the code email is immediately sent.
[1] https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#signup-confirmation-verification-overview
What's the expected behaviour?
A code email should be sent automatically.
Help us reproduce the bug!
- Import a user or otherwise get them in the "Reset Password" state
- Go to the app and attempt to sign in with the username and any password
- Arrive at the ConfirmPasswordReset screen with no code in your email inbox
- Press "Resend Code" and see the code email received normally
example Cognito import CSV (may not match your user pool):
name,given_name,family_name,middle_name,nickname,preferred_username,profile,picture,website,email,email_verified,gender,birthdate,zoneinfo,locale,phone_number,phone_number_verified,address,updated_at,cognito:mfa_enabled,cognito:username
,,,,,,,,,[email protected],True,,,,,,False,,,False,[email protected]
Code Snippet
No response
Additional information and screenshots
Workaround:
I modified the handleSignIn() function to intercept the "PasswordResetRequiredException" and manually send the code using Auth.forgotPassword() (the same function the "Resend Code" button calls). This effectively manually presses "Resend Code" in this case without interrupting the UI flow.
<Authenticator
services={{
async handleSignIn({ username, password }) {
return Auth.signIn(username, password).catch(error => {
if (error.code === "PasswordResetRequiredException") {
Auth.forgotPassword(username);
}
throw error;
});
},
}}
...
/>
@adilosa Thank you for your detailed bug report, we'll prioritize fixing this on our roadmap and update this issue accordingly.
Hi @adilosa !
I'm trying to reproduce this and I have not been able too. Is this still happening to you?
Hi @ErikCH! Thanks for following up. Yes, I just tried again and was able to repo the issue.
I'm using [email protected] and @aws-amplify/[email protected].
I tested by modifying the example CSV above to create a 'new' user email with a suffix. I use [email protected] to create additional accounts I can still receive email for. After importing the CSV into my Cognito User Pool, the new user is created and in the "Reset required" state as expected.
Then, I go to my app and try and sign in via the Amplify UI Components login flow (not-hosted). It correctly brings me to the Reset Password screen but still does not send the code until I manually hit "Resend Code", at which point I get the email almost instantly, repeatedly and every time.
Hi @adilosa ! I was able to reproduce this issue. It should be out on our next release! Or you can install it and test it out using the @next tag @aws-amplify/ui-react@next !
Hey @adilosa, this has been released in @aws-amplify/[email protected]. Please reopen the issue if the issue persists after the upgrade, thanks!
Hey @wlee221 and @ErikCH, I'm on @aws-amplify/[email protected] now and can confirm it's working as expected without my workaround. Thanks so much!