ellaisys / aws-cognito Goto Github PK
View Code? Open in Web Editor NEWAWS Cognito package (with MFA Feature) using the AWS SDK for PHP/Laravel
Home Page: https://ellaisys.github.io/aws-cognito/
License: MIT License
aws-cognito's People
Contributors
Stargazers
Watchers
Forkers
bluefyn-international 16hands saad-malik aniruddh-j fpena sunnydesign trusfin ketsakda eturiatravel hidaayah sayaarief mielpoule reksmeysrey maciejsk victorycto viniciusazevedo-mm daiduong47 grooowthinc nylton muhammad3ec zhariffadam danilopinotti palpalani eteamsys samadovdenis minhchu krishnamurtyp kjtrackpro st-cuongnguyen2 dbr77 alegiac rayat ashishimple stonec0der gjnvro oppy-tech jamesrusso glazebrook jeffortegad marcodefelice amarnikaws-cognito's Issues
Returning `null` when trying to attempt login
I'm using the code to login with guard api provided here.
When I try to debug $cognitoClaim, it is null.
Also an error I get when debugging is
Error executing "AdminInitiateAuth" on "https://cognito-idp.us-east-1.amazonaws.com"; AWS HTTP error: cURL error 77: error setting certificate verify locations: ▶
CAfile: /Applications/MAMP/Library/OpenSSL/cert.pem\n
CApath: none (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://cognito-idp.us-east-1.amazonaws.com
Using Laravel 8, package version 1.0.0, PHP 8.0.3.
Email passed exists in the local database.
What are reasons behind this?
Auth Middleware is not working [security issue !!]
The line 51 on Http/Middleware/AwsCognitoAuthentificate.php has been commented :
#Http/Middleware/AwsCognitoAuthentificate.php
[...]
51 // $this->authenticate($request);
This is a huge security issue has the middleware don't validate authentification anymore...
Undefined variable $claim in vendor/ellaisys/aws-cognito/src/Auth/AuthenticatesUsers.php, line: 67
In Auth/AuthenticatesUsers.php need renamed $response to $claim in 64 and 66 lines, or renamed $claim to $response in 67 line.
if (config('cognito.add_missing_local_user_sso')) {
$response = $this->createLocalUser($credentials);
if ($response) {
return $claim;
}
} //End if
Laravel 9 - Laravel Breeze support
Hi guys,
First of all, thanks for your hard work.
Do you think there are any chance to have this working on Laravel 9 and Laravel Breeze/Laravel Jetstream packages?
Thanks.
Verification code is not sending
User registration is working but the verification email is not sending. ?
Verification Email not receiving
I used the package and follow the steps in documentation to register new users. It is successfully registered but my user is not receiving verification email. When i checked UserPool via console, it seems like user's email is already verified. I think that is the reason why my user is not receiving verification email link via email
I have configured UserPool for receiving email verification link
When i checked package code, i found we are forcefully setting email_verified as true in the file src/AwsCognitoClient.php
//Force validate email
if ($attributes['email']) {
$attributes['email_verified'] = 'true';
}
I doubt this is the reason why i am not receiving verification email. I don't want any user got automatically verified
Any suggestions?
Get claim data for logged in user
Im using the web driver and have all authentication etc set up (thanks for the library btw!)
I'd like to check some custom attributes for the logged in user in middleware, to verify what they can and cant access in the system. I cant see any way of doing that - can you point me in the right directions?
Error evaluating code regarding NEW_PASSWORD_REQUIRED challenge for API usage
Describe the bug
Error evaluating code regarding NEW_PASSWORD_REQUIRED challenge. I believe the issue is with src/Guards/CognitoTokenGuard.php in the hasValidCredentials function, in the scenario that goes through the default break statement for the challenge name, session_token is used as the key when creating a claim but in the login function in the same class, session is expected, not session_token ($this->claim['session']).
To Reproduce
Steps to reproduce the behavior:
- Follow the guide (no optional change in .env)
- Register a user
- Login using that user
- Error in the CognitoTokenGuard login function
Expected behavior
To get a response requiring to change the password (status = NEW_PASSWORD_REQUIRED and with the corresponding session key)
Desktop (please complete the following information):
- OS: Windows
- Client: Postman
- Version: Latest
Cleartext Passwords are stored in database
I think it's not a good idea to save the raw cleartext password in the users table. You don't need to save the password at all! It's stored and verified by AWS Cognito.
Laravel Session/Cookie not respecting Cognito access token TTL
Is your feature request related to a problem? Please describe.
Laravel session cookie doesn't respect the JWT access token's expiry, unless I'm understanding/doing something wrong,
because I would like the ability to be able to use the Cognito option to close all sessions (logout all devices) and once the JWT Token expires and tries to refresh the Laravel session gets logged out.
Describe the solution you'd like
That the Laravel cookie gets adjusted to respect & use the same expiry for its cookie as the JWT
Describe alternatives you've considered
No Idea
Additional context
Laravel Cookie expires after 2 hours even with this package implemented, yet the Cognito JWT access token is set to expire in 5 minutes.
Please maybe I'm not understanding everything correctly or am missing a crucial point in how this works, any help is appreciated.
laravel octane supports ?
is this library support for using with laravel octane?
Can you please anyone suggest how I can manage the new generated token for authentication purpose ?
OAuth2 Token as Token
hey it's me again.
I have a frontend that generates an oauth2 token via the hosted UI of Cognito. How can I use it in the backend to authenticate the user, when I try it via the normal API guard which uses the Cognito-token driver? Every time I try to send a request the backend sends
{
"message": "Invalid Authentication Token"
}back.
It's working when I use Cognito to generate a bearer token, but I need to use OAuth2.
Frontend and Backend are using the same ClientID and Secret. What am I doing wrong?
Route:
Route::middleware('aws-cognito')->get('/user', function () {
return \auth()->guard('api')->user();
});Guards:
'guards' => [
'web' => [
'driver' => 'cognito-session', // This line is important for using AWS Cognito as Web Driver
'provider' => 'users',
],
'api' => [
'driver' => 'cognito-token', // This line is important for using AWS Cognito as API Driver
'provider' => 'users',
],
],Implementing MFA
Discussed in #48
Originally posted by gadget-man October 22, 2022
Hello! I've been looking to implement Cognito MFA (SMS) in my code. I've been previously using black-bits, but have just come across this repo. I can see that MFA was added in an earlier commit - however I can't see from the demo-app how it is implemented. Does anyone have any 'live' examples of how the login page of the demo app needs to be updated to catch SMS_MFA as the ChallengeName and allow the user to enter and submit the MFA code?
Any pointers in the right direction would be much appreciated!
Laravel 8 / PHP 8
Hi guys,
First of all great work!
Do you think there are any chance to have this working on laravel 8 and PHP 8?
A change to composer.json deps would be enough?
Thanks
Wrong key in config.php?
Shouldnt this be "AWS_SECRET_ACCESS_KEY"?
Line 18 in f7c9527
Get Access/refresh tokens
I'm trying to use the library to create a simple portal around a lambda API thats authenticated using Cognito access tokens, so when a user logs in I need to be able to retrieve the access token associated with the cognito reponse you receive in the session guard hasValidCredentials method.
Would you be open to a pull request that made this data available either by:
- Firing an event so the developer could do what they wanted with the response
or - Adding a config value to auto save this to the session
Let me know what you think
`createCognitoUser` returns the AWS Cognito User instead of `true`
Is your feature request related to a problem? Please describe.
I would like to suggest a feature—specifically when registering new Cognito users.
I am using AWS Cognito as my authentication provider. I'm able to successfully create a user within Cognito, but would like the users' sub (uuid) returned so that I can use that within my Laravel application. This way the user_id within my Laravel application matches the Username (or sub) in Cognito. FWIW, I am using laravel as an API.
Describe the solution you'd like
When calling createCognitoUser(), the aws instance is returned instead of true. For example, a sample of the response:
"Username" => "84583468-8081-7000-901f-9d3de5b6b68b"
"Attributes" => array:6 [
0 => array:2 [
"Name" => "sub"
"Value" => "84583468-8081-7000-901f-9d3de5b6b68b"
]
1 => array:2 [
"Name" => "email_verified"
"Value" => "true"
]
2 => ...
Describe alternatives you've considered
I've tried implementing the register() method, but do not wish to provide a password. I'd like Cognito to generate a temporary password just as it does when calling createCognitoUser().
Additional context
I have updated this file: vendor/ellaisys/aws-cognito/src/AwsCognitoClient.php This is right around line #468.
Here I am returning the user that is created in Cognito. I'm also throwing an exception if the username exists.
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
...
try {
$user = $this->client->adminCreateUser($payload);
//Add user to the group
if (!empty($groupname)) {
$this->adminAddUserToGroup($username, $groupname);
}
} catch (CognitoIdentityProviderException $e) {
throw new BadRequestHttpException($e->getAwsErrorMessage()); // "message": "An account with the given email already exists.",
}
...
Returning the $user above is returning me the AWS Cognito user. From there, I'm able to do something like this:
$user = new User([
'given_name' => $request->given_name,
'family_name' => $request->family_name,
'email' => $request->email,
'phone_number' => $request->phone_number,
]);
$user->id = $response['User']['Username']; // 84583468-8081-7000-901f-9d3de5b6b68b
$user->save();
Question: Does this work with Enterprise SAML IDPs?
As a part of our cognito, we intend on using the enterprise connections. Does/Will this work with those IDP connections?
Refresh token trait should return AwsCognitoClaim
Describe the bug
A clear and concise description of what the bug is.
As per your tutorial upon successful token refresh we should receive instanceof AwsCognitoClaim, however RefreshToken.php returns json so if ($claim instanceof AwsCognitoClaim) { check fails.
It seems sending $claim object is best replacement, and sendFailedCognitoResponse in case of error
InvalidSignatureException during registration
i have done the most basic setup of the package and cognito and tried to register an user.
out of the box i am getting the following error:
"message": "Error executing \"AdminCreateUser\" on \"https://cognito-idp.eu-central-1.amazonaws.com\"; AWS HTTP error: Client error: `POST https://cognito-idp.eu-central-1.amazonaws.com` resulted in a `400 Bad Request` response:\n{\"__type\":\"InvalidSignatureException\",\"message\":\"The request signature we calculated does not match the signature you pr (truncated...)\n InvalidSignatureException (client): The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. - {\"__type\":\"InvalidSignatureException\",\"message\":\"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\"}",
"exception": "Aws\\CognitoIdentityProvider\\Exception\\CognitoIdentityProviderException",
AWS_ACCESS_KEY ID and SECRET have Administrator access just to rule out the permission issue.
do you have any suggestions? what am i doing wrong?
i think the issue is on cognito side since the sdk is throwing the error and not your package
class RegisterController extends ApiBaseController
{
use RegistersUsers;
public function __invoke(Request $request)
{
$validator = $request->validate([
'email' => 'required|email|max:64|unique:users',
'password' => 'required|confirmed|min:8|max:64'
]);
$collection = collect($request->all());
$data = $collection->only('name', 'email', 'password'); //passing 'password' is optional.
try {
if ($cognitoRegistered = $this->createCognitoUser($data)) {
User::create($collection->only('email'));
return response()->json($cognitoRegistered);
}
} catch (InvalidUserFieldException $e) {
dd($e);
}
return response()->json($cognitoRegistered);
}
}Changepassword: Argument #1 ($request) must be of type Illuminate\\Http\\Request,
When accessing the chancepassword() method with below requWhen accessing the chancepassword() method with below request:
<?php
namespace App\Http\Controllers\Api\V1;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Http;
use Illuminate\Http\Request;
use Ellaisys\Cognito\Auth\ChangePasswords as CognitoChangePasswords;
class UserController extends Controller
{
use CognitoChangePasswords;
/**
* Post to the Endpoint for changing a password of a User.
*/
public function changepassword(\Illuminate\Http\Request $request)
{
$reset_password = $this->reset($request, 'email', 'password', 'new_password');
return $reset_password;
}
public function getUser()
{
return response()->json(Auth::user());
}
}
I get the following error:
{
"message": "App\\Http\\Controllers\\Api\\V1\\UserController::changepassword(): Argument #1 ($request) must be of type Illuminate\\Http\\Request, Ellaisys\\Cognito\\AwsCognitoClient given, called in C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\ellaisys\\aws-cognito\\src\\Auth\\ChangePasswords.php on line 66",
"exception": "TypeError",
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\app\\Http\\Controllers\\Api\\V1\\UserController.php",
"line": 17,
"trace": [
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\ellaisys\\aws-cognito\\src\\Auth\\ChangePasswords.php",
"line": 66,
"function": "changepassword",
"class": "App\\Http\\Controllers\\Api\\V1\\UserController",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\app\\Http\\Controllers\\Api\\V1\\UserController.php",
"line": 23,
"function": "reset",
"class": "App\\Http\\Controllers\\Api\\V1\\UserController",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Controller.php",
"line": 54,
"function": "changepassword",
"class": "App\\Http\\Controllers\\Api\\V1\\UserController",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\ControllerDispatcher.php",
"line": 45,
"function": "callAction",
"class": "Illuminate\\Routing\\Controller",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Route.php",
"line": 262,
"function": "dispatch",
"class": "Illuminate\\Routing\\ControllerDispatcher",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Route.php",
"line": 205,
"function": "runController",
"class": "Illuminate\\Routing\\Route",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
"line": 721,
"function": "run",
"class": "Illuminate\\Routing\\Route",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 128,
"function": "Illuminate\\Routing\\{closure}",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\ellaisys\\aws-cognito\\src\\Http\\Middleware\\AwsCognitoAuthenticate.php",
"line": 52,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Ellaisys\\Cognito\\Http\\Middleware\\AwsCognitoAuthenticate",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\fruitcake\\laravel-cors\\src\\HandleCors.php",
"line": 52,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Fruitcake\\Cors\\HandleCors",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Middleware\\SubstituteBindings.php",
"line": 50,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Routing\\Middleware\\SubstituteBindings",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Middleware\\ThrottleRequests.php",
"line": 127,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Middleware\\ThrottleRequests.php",
"line": 103,
"function": "handleRequest",
"class": "Illuminate\\Routing\\Middleware\\ThrottleRequests",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Middleware\\ThrottleRequests.php",
"line": 55,
"function": "handleRequestUsingNamedLimiter",
"class": "Illuminate\\Routing\\Middleware\\ThrottleRequests",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Routing\\Middleware\\ThrottleRequests",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 103,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
"line": 723,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
"line": 698,
"function": "runRouteWithinStack",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
"line": 662,
"function": "runRoute",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Router.php",
"line": 651,
"function": "dispatchToRoute",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
"line": 167,
"function": "dispatch",
"class": "Illuminate\\Routing\\Router",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 128,
"function": "Illuminate\\Foundation\\Http\\{closure}",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\nova\\src\\Http\\Middleware\\ServeNova.php",
"line": 24,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Laravel\\Nova\\Http\\Middleware\\ServeNova",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest.php",
"line": 21,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull.php",
"line": 31,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\ConvertEmptyStringsToNull",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest.php",
"line": 21,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\TrimStrings.php",
"line": 40,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\TrimStrings",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize.php",
"line": 27,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance.php",
"line": 86,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\fruitcake\\laravel-cors\\src\\HandleCors.php",
"line": 52,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Fruitcake\\Cors\\HandleCors",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Http\\Middleware\\TrustProxies.php",
"line": 39,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Http\\Middleware\\TrustProxies",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Http\\Middleware\\TrustHosts.php",
"line": 48,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 167,
"function": "handle",
"class": "Illuminate\\Http\\Middleware\\TrustHosts",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Pipeline\\Pipeline.php",
"line": 103,
"function": "Illuminate\\Pipeline\\{closure}",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
"line": 142,
"function": "then",
"class": "Illuminate\\Pipeline\\Pipeline",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Http\\Kernel.php",
"line": 111,
"function": "sendRequestThroughRouter",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\public\\index.php",
"line": 52,
"function": "handle",
"class": "Illuminate\\Foundation\\Http\\Kernel",
"type": "->"
},
{
"file": "C:\\Users\\elmer\\Documents\\GitHub\\HubApi\\server.php",
"line": 21,
"function": "require_once"
}
]
}
```est:
Login is redirected and fails
Describe the bug
When I attempt login from Vue application frontend, nothing happens. The call response is empty, then another get request occurs. This is probably not important.
Digging into the code, I can see that the EloquentUserProvider is trying to run a DB query. I think this provider should not be in use at all.
To Reproduce
Steps to reproduce the behavior:
- I copied the AuthController.php from your demo project
- I created a route in Laravel to call AuthController->attemptLogin
- I directed my Vue application to call this route and send 'email' and 'password'
- The response is empty and then another call occurs
Expected behavior
There should be some response. Logged in, invalid, whatever.
Screenshots
Desktop (please complete the following information):
- OS: pop_os (Debian linux)
- Browser: Firefox
- Version: 111.0
Smartphone (please complete the following information):
N/A
Additional context
N/A
Ability to impersonate the user
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Call to a member function except() on array
AuthenticateUser.php line 64 sends an (array) $credentials to CreateLocalUser
$response = $this->createLocalUser($credentials, $keyPassword);
and throw an error
Call to a member function except() on array
as on line 98 it's trying to remove password from it
$credentials->except($keyPassword)
Login Error cognito.validation.auth.failed
after execute login
if ($claim = $this->attemptLogin($collection1, 'api', 'email', 'password', true)) {
if ($claim instanceof AwsCognitoClaim) {
return $claim->getData();
} else {
return response()->json(['status' => 'error', 'message' => $claim], 400);
} //End if
i get this output
{
"status": "error",
"message": {
"headers": {},
"original": {
"error": "cognito.validation.auth.failed",
"message": "Required parameter $user follows optional parameter $challenge"
},
"exception": null
}
}
Hardcoded phone number.
Describe the bug
There is a hard coded phone number in the RegisterUsers trait.
$collection['phone']='+919MASKED';
Refresh Method expects a validated user?
Describe the bug
The refresh method expects a validated user, but the reason to call refresh is that the token is expired (or nearing expiration).
//Get Authenticated user
$authUser = Auth::guard('api')->user();
//Get User Data
$user = $client->getUser($authUser[$paramUsername]);
$authUser will be null here, if we are using Headers guard on the API and the token is expired (But refresh token is good).
Architectural change for the request for the Token Guard
I built a more like api based a laravel application. There are also some other api services which is built with serverless structure and using cognito authorizers. Since both of the services are being used in the mobile platforms two different token structure is needed. To make it mono structure, it is being requested from me to use same cogito token for authorization. I have read the implementation especially for Token system and following is my solution which I believe will work better. Especially the reason I suggest this solution is the fact that cognito mobil sdks do the most of the job easily in terms of login, registration and token refreshing vice versa.
Solution
The package already verify the token and claim the user. However, I believe if we can add a column to User's data named sub, we can easily match the user and return the user. That's how we can use the powerful features of the User model.
Example Token Verification Payload
{
"sub": "aaaaaaaa-bbbb-cccc-dddd-example",
"aud": "xxxxxxxxxxxxexample",
"email_verified": true,
"token_use": "id",
"auth_time": 1500009400,
"iss": "https://cognito-idp.ap-southeast-2.amazonaws.com/ap-southeast-2_example",
"cognito:username": "anaya",
"exp": 1500013000,
"given_name": "Anaya",
"iat": 1500009400,
"email": "[email protected]"
}
Additional context
Since the program is already in production it is hard to make radical changes in the code. That's why what I am seeking for basically a cognito authorizer which I can match the verified user with already existing users using their sub. Why I am creating this issue is that I saw that this packages simply ignores sub and uses username since it is also unique. However, I think it is important to involve the sub which corresponds to id in our case.
I also could not understand the match mechanism of the package. From the example code
//Register User in cognito
if ($cognitoRegistered=$this->createCognitoUser($data)) {
//If successful, create the user in local db
User::create($collection->only('name', 'email'));
} //End if
I understand that you are matching users using their email by default. To change it the keyUsername should be changed. Can we change it to phone_number for example. If yes how we can do it?
class CognitoTokenGuard extends TokenGuard
{
/**
* Username key
*
* @var \string
*/
protected $keyUsername;
...
Appreciate your help and understanding.
FORCE PASSWORD CHANGE Not working
Hi,
I set environment like ;
AWS_COGNITO_FORCE_PASSWORD_CHANGE_API=false
AWS_COGNITO_FORCE_PASSWORD_AUTO_UPDATE_API=true
but Cognito still set user status as Force change password.
InvalidTokenException is thrown occasionally when the app runs on aws
Hello,
I am using this package and works like a charm, however, sometimes it throws an InvalidTokenException, and if I am running the same request, everything works alright. This happens only when the application is running on aws lambda, while on linux this error doesn't occur.
Does anyone have any idea why this would happen?
InvalidSignatureException
Hi,
Registration works fine but when I try to get login I am getting the below error. Can you please guide is there anything I am missing?
{
"status": "error",
"message": {
"headers": {},
"original": {
"error": "InvalidSignatureException",
"message": "InvalidSignatureException"
},
"exception": null
}
}
InvalidParameterException when login
Sorry I am using your library for my project. Creating a new account is very convenient. But I have difficulty with login. I tried to fix it in many ways but they all say InvalidParameterException. Please help me. Thank you
Can we have variable key names for the LocalUser table in the attemptLogin method?
The $keyUsername is literal at this point.
I expect the key name to be variable, as in the Guard implementation.
API Registration/Login flow
Hello,
Thank you for the great package! :)
I'm using it with laravel 8 app, for developing an API.
- Registration works ok, user is added to Pool
- When logging in, the API returns
{
"status": "error",
"message": {
"session_token": "SESSION_TOKEN_HERE",
"username": "USERNAME",
"status": "NEW_PASSWORD_REQUIRED"
}
}
Then, if I try to call the user profile API endpoint (or any other API endpoint ) using the session_token from above, I'm getting this error:
{
"error": "UNAUTHORIZED_REQUEST",
"exception": "InvalidTokenException"
}
The API endpoints use the 'aws-cognito' middleware. Any ideas how to fix this? I also tried setting 'force_password_change_api' in the cognito.php config file to false, but it still adds the new users with Enabled / FORCE_CHANGE_PASSWORD status.
Thanks
Add web views as partials
SSO enabled and no local user in DB, JSON returned and not redirected to home
Describe the bug
A clear and concise description of what the bug is.
When you have SSO enabled and the user you are trying to login with is not setup in the local database after login you get JSON returned instead of being redirected to home. If you then try and login again you get redirected to the home page. Below is what is retuned after intial login with no local user setup
{"email":"[email protected]","updated_at":"2023-11-21T16:37:51.000000Z","created_at":"2023-11-21T16:37:51.000000Z","id":67}
To Reproduce
Steps to reproduce the behavior:
- Go to '...'
- Click on '....'
- Scroll down to '....'
- See error
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Smartphone (please complete the following information):
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
Additional context
Add any other context about the problem here.
Force Password Change Status Not Updating
Hi,
I've managed to create a user and get redirected to my password change form after login but I'm having a couple of issues.
- When I attempt to reset my password and thus update the user's status to "confirmed", I get a validation error. The request I'm sending has the following payload.
'_token' => 'hKVIQyW4hEJmd7Q1Bs3QiOyfYv8gDui2wC9L1AdH',
'email' => '[email protected]',
'password' => '**********',
'password_confirmation' => '********',
This fails because the validation rules are looking for "token".
return [
'token' => 'required_without:code',
'code' => 'required_without:token',
'email' => 'required|email',
'password' => 'required|confirmed|min:8',
];
What is "token" supposed to be? Is that the temporary password that I was emailed?
Just for testing, I removed the "token" and "code" from the validation rules and then continued on to the next issue.
- Currently, my user in Cognito has a confirmation status of "FORCE_CHANGE_PASSWORD" which is identified by the constant
AwsCognitoClient::FORCE_CHANGE_PASSWORD. Theifstatement that runs to determine whether password should be updated does not include this constant. See below.
if (($user['UserStatus'] == AwsCognitoClient::USER_STATUS_CONFIRMED) ||
($user['UserStatus'] == AwsCognitoClient::RESET_REQUIRED_PASSWORD)) {
$response = $client->resetPassword($request[$paramToken], $request[$paramUsername], $request[$passwordNew]);
} else {
$response = false;
}
However, even if I add in a check for AwsCognitoClient::FORCE_CHANGE_PASSWORD, I still get a failed update due to the missing token.
Some guidance would be greatly appreciated. This seems like a great package and I would love to be able to use it.
Thanks,
No Token Exception
Hey guys, I am trying to build a simple login currently. The login is based on your demo application but I always get the error "No Token Exception", Unauthorized Request... I don't know what I am doing wrong though. The registration works just fine without any errors but the login works only if I don't use the middleware or try to get the Cognito user instead of the db user for example:
Route::get('/home', function (AwsCognito $cognito) {
ddd($cognito->user());
return view('index');
});or
Route::middleware('aws-cognito')->get('/home', function () {
//ddd($cognito->user());
return view('index');
});Cognito Config is unedited on my profile is a repository called finance_aws which can be used to rebuild my application as long as you add your .env file.
Here's my code:
User.php:
<?php
namespace App\Http\Controllers;
use App\Models\User;
use Ellaisys\Cognito\Auth\AuthenticatesUsers;
use Ellaisys\Cognito\Auth\RegistersUsers;
use Ellaisys\Cognito\AwsCognitoClient;
use Illuminate\Contracts\Foundation\Application;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Routing\Redirector;
class UserController extends Controller
{
use RegistersUsers, AuthenticatesUsers;
public function register(Request $request, AwsCognitoClient $client): Application|RedirectResponse|Redirector|JsonResponse
{
$collection = collect($request->all());
$data = $collection->only(['email', 'username']);
try {
if ($this->createCognitoUser($data)) {
$user = new User($collection->toArray());
if(!$user->save()) {
$this->delete($collection->get('username'), $client);
}
return redirect(route('login'));
}
} catch (\Exception $e) {
return response()->json(['code' => $e->getCode(), 'msg' => $e->getMessage()]);
}
return response()->json(['status' => 'error']);
}
public function delete(String $username, AwsCognitoClient $client) {
$client->deleteUser($username);
if(User::find($username)->delete()) return response()->json(['success' => true]);
else response()->json(['success' => false]);
}
public function getPrivateInfo(String $username, AwsCognitoClient $client) {
return $client->getUser($username);
}
}Kernel.php:
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'aws-cognito' => \Ellaisys\Cognito\Http\Middleware\AwsCognitoAuthenticate::class
];config/app.php:
'providers' => [
/*
* Laravel Framework Service Providers...
*/
Illuminate\Auth\AuthServiceProvider::class,
Illuminate\Broadcasting\BroadcastServiceProvider::class,
Illuminate\Bus\BusServiceProvider::class,
Illuminate\Cache\CacheServiceProvider::class,
Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
Illuminate\Cookie\CookieServiceProvider::class,
Illuminate\Database\DatabaseServiceProvider::class,
Illuminate\Encryption\EncryptionServiceProvider::class,
Illuminate\Filesystem\FilesystemServiceProvider::class,
Illuminate\Foundation\Providers\FoundationServiceProvider::class,
Illuminate\Hashing\HashServiceProvider::class,
Illuminate\Mail\MailServiceProvider::class,
Illuminate\Notifications\NotificationServiceProvider::class,
Illuminate\Pagination\PaginationServiceProvider::class,
Illuminate\Pipeline\PipelineServiceProvider::class,
Illuminate\Queue\QueueServiceProvider::class,
Illuminate\Redis\RedisServiceProvider::class,
Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
Illuminate\Session\SessionServiceProvider::class,
Illuminate\Translation\TranslationServiceProvider::class,
Illuminate\Validation\ValidationServiceProvider::class,
Illuminate\View\ViewServiceProvider::class,
/*
* Package Service Providers...
*/
/*
* Application Service Providers...
*/
App\Providers\AppServiceProvider::class,
App\Providers\AuthServiceProvider::class,
// App\Providers\BroadcastServiceProvider::class,
App\Providers\EventServiceProvider::class,
App\Providers\RouteServiceProvider::class,
Barryvdh\Debugbar\ServiceProvider::class,
Aws\Laravel\AwsServiceProvider::class,
Ellaisys\Cognito\Providers\AwsCognitoServiceProvider::class,
],
'aliases' => [
'App' => Illuminate\Support\Facades\App::class,
'Arr' => Illuminate\Support\Arr::class,
'Artisan' => Illuminate\Support\Facades\Artisan::class,
'Auth' => Illuminate\Support\Facades\Auth::class,
'Blade' => Illuminate\Support\Facades\Blade::class,
'Broadcast' => Illuminate\Support\Facades\Broadcast::class,
'Bus' => Illuminate\Support\Facades\Bus::class,
'Cache' => Illuminate\Support\Facades\Cache::class,
'Config' => Illuminate\Support\Facades\Config::class,
'Cookie' => Illuminate\Support\Facades\Cookie::class,
'Crypt' => Illuminate\Support\Facades\Crypt::class,
'Date' => Illuminate\Support\Facades\Date::class,
'DB' => Illuminate\Support\Facades\DB::class,
'Eloquent' => Illuminate\Database\Eloquent\Model::class,
'Event' => Illuminate\Support\Facades\Event::class,
'File' => Illuminate\Support\Facades\File::class,
'Gate' => Illuminate\Support\Facades\Gate::class,
'Hash' => Illuminate\Support\Facades\Hash::class,
'Http' => Illuminate\Support\Facades\Http::class,
'Js' => Illuminate\Support\Js::class,
'Lang' => Illuminate\Support\Facades\Lang::class,
'Log' => Illuminate\Support\Facades\Log::class,
'Mail' => Illuminate\Support\Facades\Mail::class,
'Notification' => Illuminate\Support\Facades\Notification::class,
'Password' => Illuminate\Support\Facades\Password::class,
'Queue' => Illuminate\Support\Facades\Queue::class,
'RateLimiter' => Illuminate\Support\Facades\RateLimiter::class,
'Redirect' => Illuminate\Support\Facades\Redirect::class,
// 'Redis' => Illuminate\Support\Facades\Redis::class,
'Request' => Illuminate\Support\Facades\Request::class,
'Response' => Illuminate\Support\Facades\Response::class,
'Route' => Illuminate\Support\Facades\Route::class,
'Schema' => Illuminate\Support\Facades\Schema::class,
'Session' => Illuminate\Support\Facades\Session::class,
'Storage' => Illuminate\Support\Facades\Storage::class,
'Str' => Illuminate\Support\Str::class,
'URL' => Illuminate\Support\Facades\URL::class,
'Validator' => Illuminate\Support\Facades\Validator::class,
'View' => Illuminate\Support\Facades\View::class,
'Debugbar' => Barryvdh\Debugbar\Facades\Debugbar::class,
'AWS' => Aws\Laravel\AwsFacade::class,
],LoginController:
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
//use Illuminate\Foundation\Auth\AuthenticatesUsers; //Removed for AWS Cognito
use Ellaisys\Cognito\Auth\AuthenticatesUsers;
use Illuminate\Contracts\Foundation\Application;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Routing\Redirector;
//Added for AWS Cognito
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* Authenticate User
*
* @throws \HttpException
*
* @return mixed
*/
public function login(\Illuminate\Http\Request $request)
{
try {
//Convert request to collection
$collection = collect($request->all());
//Authenticate with Cognito Package Trait (with 'web' as the auth guard)
if ($response = $this->attemptLogin($collection, 'web')) {
if ($response===true) {
$request->session()->regenerate();
return redirect(route('home'))->with('success', true);
} else if ($response===false) {
// If the login attempt was unsuccessful you may increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
//
//$this->incrementLoginAttempts($request);
//
//$this->sendFailedLoginResponse($collection, null);
} else {
return $response;
} //End if
} //End if
} catch(Exception $e) {
Log::error($e->getMessage());
return $response->back()->withInput($request);
} //Try-catch ends
} //Function ends
public function logout(Request $request): Redirector|Application|RedirectResponse
{
auth()->guard('web')->logout();
if($request->getSession()->invalidate()) {
return redirect(route('app.index'))->with('success', true);
} else {
return redirect(route('app.index'))->with('success', false);
}
}
} //Class endsWebRoutes:
<?php
use App\Http\Controllers\AuthController;
use App\Http\Controllers\UserController;
use Ellaisys\Cognito\AwsCognito;
use Ellaisys\Cognito\AwsCognitoClient;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Route;
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/
Route::middleware('web')->get('/', function (AuthController $controller, AwsCognito $cognito, Request $request) {
$request->session()->start();
return view('index');
})->name('app.index');
Route::middleware('aws-cognito')->get('/home', function (AuthController $controller, AwsCognito $cognito) {
//ddd($cognito->user());
return view('index');
});
Route::middleware('aws-cognito')->get('/privacy', function () {
return view('privacy');
})->name('privacy');
Route::middleware('aws-cognito')->get('/impress', function () {
return view('impress');
})->name('impress');
Auth::routes();
Route::get('/login', function () {
return view('auth.login');
})->name('login');
Route::middleware('aws-cognito')->post('/password/change', function (Request $request, AuthController $controller) {
return $controller->changePassword($request);
})->name('cognito.action.change.password');
Route::middleware('aws-cognito')->get('/password/change', function () {
return view('auth.passwords.change');
})->name('cognito.form.change.password');
Route::get('/register', function () {
return view('auth.register');
})->name('user.register');
Route::post('/register', function (Request $request, UserController $controller, AwsCognitoClient $client) {
return $controller->register($request, $client);
});ChangePasswordController:
<?php
namespace App\Http\Controllers\Auth;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Support\Facades\Validator;
use Ellaisys\Cognito\Auth\ChangePasswords as CognitoChangePasswords; //Added for AWS Cognito
use Exception;
use Illuminate\Validation\ValidationException;
use Ellaisys\Cognito\Exceptions\AwsCognitoException;
use Ellaisys\Cognito\Exceptions\NoLocalUserException;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Aws\CognitoIdentityProvider\Exception\CognitoIdentityProviderException;
class ChangePasswordController extends Controller
{
/*
|--------------------------------------------------------------------------
| Confirm Password Controller
|--------------------------------------------------------------------------
|
| This controller is responsible for handling password confirmations and
| uses a simple trait to include the behavior. You're free to explore
| this trait and override any functions that require customization.
|
*/
use CognitoChangePasswords;
/**
* Where to redirect users when the intended url fails.
*
* @var string
*/
protected $redirectTo = '/';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('auth');
}
/**
* Action to update the user password
*
* @param \Illuminate\Http\Request $request
*/
public function actionChangePassword(Request $request)
{
try
{
//Validate request
$validator = Validator::make($request->all(), [
'email' => 'required|email',
'password' => 'string|min:8',
'new_password' => 'required|confirmed|min:8',
]);
$validator->validate();
// Get Current User
$userCurrent = auth()->guard('web')->user();
if ($this->reset($request)) {
auth()->guard()->logout();
$request->session()->invalidate();
return redirect(route('login'))->with('success', true);
} else {
return redirect()->back()
->with('status', 'error')
->with('message', 'Password updated failed');
} //End if
} catch(Exception $e) {
$message = 'Error sending the reset mail.';
if ($e instanceof ValidationException) {
$message = $e->errors();
} else if ($e instanceof CognitoIdentityProviderException) {
$message = $e->getAwsErrorMessage();
} else {
//Do nothing
} //End if
return redirect()->back()
->with('status', 'error')
->with('message', $message);
} //Try-catch ends
}
}Is it config/config.php? Or is it config/cognito.php?
When I am trying this laravel module, I found that the config file name is config/config.php instead of config/cognito.php.
Your README.md also refers the config file as cognito.php but it is called config.php in config directory.
And it seems that there is no CLI command to generate such config file.
Would you please take a look? Thank you very much.
Call of "$claim = $this->attemptLogin..." returns false on user first login
Describe the bug
I'am using this as API.
Like i said in the title, when i register a new user, the first login i made in my app to the attemptLogin function returns false instead of the array with tokens. Only the first try after new registration.
To fix the issue i've done this :
$claim = $this->attemptLogin($collection, 'api', 'email', 'password', true);
if($claim === false) $claim = $this->attemptLogin($collection, 'api', 'email', 'password', true);
The false is returned by Auth::guard($guard)->attempt($credentials, $rememberMe); in Ellaisys\Cognito\Auth\AutheticasUsers.php
Thanks you,
Christophe
RefreshToken returns array instead of AwsCognitoClaim
Describe the bug
In the documentation for refresh token, it is telling us to check if the $claim is an AwsCognitoClaim. However, in RefreshToken.php line 97, the refresh function is returning an array through this line of code:
return $claim->getData();
This returns an array instead of the instance of AwsCognitoClaim.
To Reproduce
Try out the code provided in the documentation using postman.
Expected behavior
The refresh() function should return the $claim instead of $claim->getData().
Screenshots
N/A
Desktop (please complete the following information):
N/A
Smartphone (please complete the following information):
N/A
Additional context
None.
User Model Reference Incorrect
Describe the bug
A clear and concise description of what the bug is.
On line 143 of aws-cognito/config/cognito.php you have the following
'sso_user_model' => env('AWS_COGNITO_USER_MODEL', 'App\User'),
when it should be
'sso_user_model' => env('AWS_COGNITO_USER_MODEL', 'App\Models\User'),
To Reproduce
Steps to reproduce the behavior:
- Go to '...'
- Click on '....'
- Scroll down to '....'
- See error
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Smartphone (please complete the following information):
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
Additional context
Add any other context about the problem here.
Problem migration
Describe the bug
The anonymous migrations are compatible since laravel 8.37: https://laravel-news.com/laravel-anonymous-migrations
Fetch Password Policy from Cognito.
Fetch Password Policy from Cognito and validate the request accordingly for change password and reset password functionality.
Identity Providers
Using this package are you able to use different identity providers (Google, Apple)? I might be blind but I'm not seeing anything in the docs.
Best Regards,
Jovan
How to use `actingAs` in unit tests
Hi,
We have feature tests that send requests to the api on behalf of a user to make sure our controllers behave appropriately. We previously used the actingAs method now that we're using Cognito the validation is made on AWS side.
Is there something that exists that could help me within this package or should I implement a mechanic to handle authentication with a real user?
Thank you
Add guard for just JWT validation.
Is your feature request related to a problem? Please describe.
When using Laravel for just and API we cannot use the hosted cognito login screen. Since the guard only checks for tokens it generates and does not actually verify or validate the JWT token itself.
Describe the solution you'd like
An additional guard which validates the access token and verifies its signature against the public key available at the well known URL. You could then cache the well known certificate for a period of time and even cache the access token for a period of time to prevent the crypto operations every request.
Describe alternatives you've considered
We have considered using this for our registration component to create the users and then writing our own Guard for the validation, but I think this fits in this package.
An alternative would be to use Auth0 or Okta which provide libraries for this very purpose.
Force user logout
In my application an admin is able to sign out a user from the app after the admin changed the user roles or access levels to some data. This is in order to the user will have to pass the sign-in flow to get the new roles and permissions.
In the official documentation described the method AdminUserGlobalSignOut - it allows us to make a user force lougout without using his access token.
But I didn't find a way how I can do it using the package, only sighOut() which requires user access token.
/**
* Revoke the access-token from AWS Cognito in a user pool.
*
* @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#globalsignout
*
* @param string $accessToken
* @return bool
*/
public function signOut(string $accessToken)
{
try {
$this->client->globalSignOut([
'AccessToken' => $accessToken
]);
} catch (CognitoIdentityProviderException $e) {
if ($e->getAwsErrorCode() === self::COGNITO_NOT_AUTHORIZED_ERROR) {
return true;
} //End if
throw $e;
} catch (Exception $e) {
throw $e;
} //Try-catch ends
return true;
} //Function endsThere's a way to do a user logout on behalf of an admin?
Revert "Update AuthenticatesUsers.php"
Hi!
I see you has reverts all changes from my pull request. Also, I see that you has merged all my forked repository along with unnecessary changes. But I can send you clean pull request treesome only necessary commits.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.