AWS cognito documentation change
Summary
Updated Node.js migration lambda example to add proper error handling with callbacks, removed mock user database, and fixed trigger source comparisons
Security assessment
Changes improve authentication flow handling by adding explicit error callbacks and removing hardcoded credentials example, but no specific security vulnerability is mentioned
Diff
diff --git a/cognito/latest/developerguide/user-pool-lambda-migrate-user.md b/cognito/latest/developerguide/user-pool-lambda-migrate-user.md index f0d988ff0..9b5478370 100644 --- a//cognito/latest/developerguide/user-pool-lambda-migrate-user.md +++ b//cognito/latest/developerguide/user-pool-lambda-migrate-user.md @@ -154,14 +154,2 @@ Node.js - const validUsers = { - belladonna: { password: "Test123", emailAddress: "[email protected]" }, - }; - - // Replace this mock with a call to a real authentication service. - const authenticateUser = (username, password) => { - if (validUsers[username] && validUsers[username].password === password) { - return validUsers[username]; - } - return null; - }; - - const lookupUser = (username) => { - const user = validUsers[username]; + exports.handler = (event, context, callback) => { + var user; @@ -169,10 +157,3 @@ Node.js - if (user) { - return { emailAddress: user.emailAddress }; - } - return null; - }; - - const handler = async (event) => { - if (event.triggerSource === "UserMigration_Authentication") { - // Authenticate the user with your existing user directory service - const user = authenticateUser(event.userName, event.request.password); + if (event.triggerSource == "UserMigration_Authentication") { + // authenticate the user with your existing user directory service + user = authenticateUser(event.userName, event.request.password); @@ -185,0 +167,4 @@ Node.js + context.succeed(event); + } else { + // Return error to Amazon Cognito + callback("Bad password"); @@ -187 +172 @@ Node.js - } else if (event.triggerSource === "UserMigration_ForgotPassword") { + } else if (event.triggerSource == "UserMigration_ForgotPassword") { @@ -189 +174 @@ Node.js - const user = lookupUser(event.userName); + user = lookupUser(event.userName); @@ -193 +178 @@ Node.js - // Required to enable password-reset code to be sent to user + // required to enable password-reset code to be sent to user @@ -196,0 +182,4 @@ Node.js + context.succeed(event); + } else { + // Return error to Amazon Cognito + callback("Bad password"); @@ -197,0 +187,3 @@ Node.js + } else { + // Return error to Amazon Cognito + callback("Bad triggerSource " + event.triggerSource); @@ -199,2 +190,0 @@ Node.js - - return event; @@ -203,2 +192,0 @@ Node.js - export { handler }; -