Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amplify.Auth.confirmResetPassword does not throw exception when username not found #3209

Closed
jmhuang12 opened this issue Sep 6, 2023 · 6 comments
Closed

Amplify.Auth.confirmResetPassword does not throw exception when username not found #3209

jmhuang12 opened this issue Sep 6, 2023 · 6 comments
Assignees
@ruisebas
Labels
auth Issues related to the Auth category question General question

Comments

@jmhuang12
Copy link

Describe the bug

I have a question regarding the confirmResetPassword method.

  1. Shouldn't userNotFoundException be thrown when you call the confirmResetPassword method for an user who is not in Cognito User Pool?

  2. Also shouldn't codeMismatchException be thrown when calling confirmResetPassword for a wrong confirmation code?
    per https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ForgotPassword.html#API_ForgotPassword_Errors

see also https://docs.amplify.aws/lib/auth/password_management/q/platform/ios/#reset-password.

However, no exception is thrown for both of these scenarios.

I also referred to a similar issue -> aws-amplify/amplify-js#4699
However, "Prevent User Existence Errors turned to Enabled" under app client no longer has a "legacy" option.

Please help. thanks

Steps To Reproduce

do {
                        var res = Amplify.Auth.confirmResetPassword(for: "username", with: " ", confirmationCode: "1233")
                    } catch let error as AuthError {
                        print("Reset password failed with error \(error)")
                        if let cognitoAuthError = error.underlyingError as? AWSCognitoAuthError {
                            switch cognitoAuthError {
                            case .aliasExists:
                                print("alias exists")
                            case .codeDelivery:
                                print("code delivery")
                            case .codeExpired:
                                print("code expired")
                            case .codeMismatch:
                                Text("wrong code")
                            case .failedAttemptsLimitExceeded:
                                print("failed attempts limit exceeded")
                            case .deviceNotTracked:
                                print("device not tracked")
                            case .errorLoadingUI:
                                print("error loading UI")
                            case .invalidAccountTypeException:
                                print("invalid account type exception")
                            case .invalidParameter:
                                print("invalid parameter")
                            case .invalidPassword:
                                print("invalid password")
                            case .lambda:
                                print("lambda")
                            case .limitExceeded:
                                print("limit exceeded")
                            case .mfaMethodNotFound:
                                print("mfaMethodNotFound")
                            case .network:
                                print("network")
                            case .passwordResetRequired:
                                print("passwordResetRequired")
                            case .requestLimitExceeded:
                                print("requestLimitExceeded")
                            case .resourceNotFound:
                                print("resourceNotFound")
                            case .softwareTokenMFANotEnabled:
                                print("softwareTokenMFANotEnabled")
                            case .userCancelled:
                                print("userCancelled")
                            case .userNotConfirmed:
                                print("userNotConfirmed")
                            case .userNotFound:
                                print("userNotFound")
                            case .usernameExists:
                                print("usernameExists")
                            }
                        }
                    } catch {
                        print("Unexpected error: \(error)")
                    }

Expected behavior

exception thrown for nonexistent user name or wrong confirmation code

Amplify Framework Version

2.12.0

Amplify Categories

Auth

Dependency manager

Swift PM

Swift version

5.8.1

CLI version

12.1.1

Xcode version

14.3.1

Relevant log output

<details>
<summary>Log Messages</summary>


INSERT LOG MESSAGES HERE
```

Is this a regression?

No

Regression additional context

No response

Platforms

iOS

OS Version

17

Device

iphone11

Specific to simulators

No response

Additional context

No response
@ruisebas
Copy link
Member

ruisebas commented Sep 7, 2023

Hi @jmhuang12 , thanks for opening this issue.
What you are describing indeed looks like the result of Prevent User Existence Errors being enabled.

Here are the steps to modify this setting:

  1. Sign in to the Amazon Cognito console.
  2. Select an existing user pool from the list.
  3. Click on the App Integration tab.
  4. Under App client list, select an app client from the list.
  5. Under the App client information section, click the Edit button.
  6. Scroll to the bottom to find the Prevent user existence errors checkbox under Advanced security configurations.
  7. Save your changes.

Having said that, you should still be getting a .codeMismatch error when calling confirmResetPassword (for:with:confirmationCode:) with a wrong confirmation code. Are you not getting anything at all (i.e. no success nor failure)?

@ruisebas ruisebas added auth Issues related to the Auth category question General question pending-community-response Issue is pending response from the issue requestor labels Sep 7, 2023
@jmhuang12
Copy link
Author

Hi @jmhuang12 , thanks for opening this issue. What you are describing indeed looks like the result of Prevent User Existence Errors being enabled.

Here are the steps to modify this setting:

  1. Sign in to the Amazon Cognito console.
  2. Select an existing user pool from the list.
  3. Click on the App Integration tab.
  4. Under App client list, select an app client from the list.
  5. Under the App client information section, click the Edit button.
  6. Scroll to the bottom to find the Prevent user existence errors checkbox under Advanced security configurations.
  7. Save your changes.

Having said that, you should still be getting a .codeMismatch error when calling confirmResetPassword (for:with:confirmationCode:) with a wrong confirmation code. Are you not getting anything at all (i.e. no success nor failure)?

======

Thanks for your prompt reply. I have Prevent User Existence Errors disabled in the cognito app client console. I get a success when calling confirmResetPassword (for:with:confirmationCode:) with a wrong confirmation code.

In fact, my XCode compiler tells me that "'catch' block is unreachable because no errors are thrown in 'do' block " when calling confirmResetPassword (for:with:confirmationCode:). So calling "confirmResetPassword" would always be a success and no exception would ever be thrown. Please see the picture.

Screenshot 2023-09-07 at 11 48 00 AM

@ruisebas
Copy link
Member

ruisebas commented Sep 7, 2023

🤔 I'm confused by that, confirmResetPassword(for:with:confirmationCode) not only throws, but it is also an async function without a return type.

So it shouldn't compile unless you call it like this:

try await Amplify.Auth.confirmResetPassword(
    for: username, 
    with: newPassword, 
    confirmationCode: confirmationCode
)

Are you sure you are using Amplify version 2.12.0? You might be using 1.x, which was not async and it did return an operation.
You can check under Package Dependencies in Xcode's Navigator view.

@jmhuang12
Copy link
Author

jmhuang12 commented Sep 8, 2023
edited
Loading

Yes indeed I have Amplify version (1.30.4) installed instead of version 2.12.0. please see the picture for my podfile.lock. Amplify was installed using cocoapod. However, i cannot update Amplify to 2.12.0 by running "pod install --repo-update". How do i update Amplify to the latest version?

🤔 I'm confused by that, confirmResetPassword(for:with:confirmationCode) not only throws, but it is also an async function without a return type.

So it shouldn't compile unless you call it like this:

try await Amplify.Auth.confirmResetPassword(
    for: username, 
    with: newPassword, 
    confirmationCode: confirmationCode
)

Are you sure you are using Amplify version 2.12.0? You might be using 1.x, which was not async and it did return an operation. You can check under Package Dependencies in Xcode's Navigator view.

Screenshot 2023-09-07 at 5 13 32 PM

@ruisebas
Copy link
Member

ruisebas commented Sep 8, 2023

Amplify 2.x is only available through Swift Package Manager and we currently don't have any plans to support CocoaPods.

Amplify 1.x Auth APIs behave differently: they are not async and don't throw errors, but you need to handle the result by either providing a completion handler closure or retaining the returned AnyCancellable and attaching a subscriber.

For example, something like this:

Amplify.Auth.confirmResetPassword(for: username, with: newPassword, confirmationCode: confirmationCode) { result in
    switch result {
    case .success:
        print("Password reset confirmed")
    case .failure(let error):
        print("Reset password failed with error \(error)")
        guard let cognitoAuthError = error.underlyingError as? AWSCognitoAuthError else {
            print("Unexpected error: \(error)")
            return
        }

        // Handle cognitoAuthError...
    }   
}

You can find more information in the v1 doc page

Having said that, we encourage you to migrate, as Amplify v1 is now in Maintenance Mode until May 31st, 2024. This means that we will continue to include updates to ensure compatibility with backend services and security, but no new features will be introduced.

@ruisebas ruisebas self-assigned this Sep 8, 2023
@jmhuang12
Copy link
Author

Amplify v2 is added using SPM. thank you for your help! closing issue.

@github-actions github-actions bot removed the pending-community-response Issue is pending response from the issue requestor label Sep 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ruisebas ruisebas

Labels
auth Issues related to the Auth category question General question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ruisebas @jmhuang12