使用 AWS Cognito 忘记密码表单
[英]Forgot Password Form using AWS Cognito
问题描述
I am implementing a logic of forgot password using AWS Cognito.
我正在使用 AWS Cognito 实现忘记密码的逻辑。 I am so far successful in changing the password using Prompts as given in the documentation.到目前为止,我已经成功地使用文档中给出的提示更改了密码。 Here is the code这是代码
var username = document.getElementById('reset-pass').value;
var data = {
UserPoolId: _config.cognito.userPoolId,
ClientId: _config.cognito.clientId
};
var userPool = new AmazonCognitoIdentity.CognitoUserPool(data);
// setup cognitoUser first
var cognitoUser = new AmazonCognitoIdentity.CognitoUser({
Username: username,
Pool: userPool
});
cognitoUser.forgotPassword({
onSuccess: function (result) {
console.log('call result: ' + result);
},
onFailure: function(err) {
alert(err);
},
inputVerificationCode() {
var verificationCode = prompt('Please input verification code ' ,'');
var newPassword = prompt('Enter new password ' ,'');
cognitoUser.confirmPassword(verificationCode, newPassword, this);
}
});
My question is instead of using prompts, how can I confirm the user on next page.我的问题不是使用提示,而是如何在下一页确认用户。 Example例子
On the first page a user enter the email and mail is sent using the forgotPassword() .在第一页上,用户输入电子邮件,然后使用forgotPassword()发送邮件。
Now user is redirected to a new page.现在用户被重定向到一个新页面。 There i wanted to enter the code as well as the new password and call the cognitoUser.confirmPassword method.在那里我想输入代码和新密码并调用cognitoUser.confirmPassword方法。
What i tried is to create a delay interval and after entering the details it would trigger clear interval on button press.我尝试的是创建一个延迟间隔,在输入详细信息后,它会在按下按钮时触发清除间隔。
function resetPassword() {
var username = document.getElementById('reset-pass').value;
var data = {
UserPoolId: _config.cognito.userPoolId,
ClientId: _config.cognito.clientId
};
var userPool = new AmazonCognitoIdentity.CognitoUserPool(data);
// setup cognitoUser first
var cognitoUser = new AmazonCognitoIdentity.CognitoUser({
Username: username,
Pool: userPool
});
// call forgotPassword on cognitoUser
cognitoUser.forgotPassword({
onSuccess: function (result) {
alert("Mail Sent")
},
onFailure: function (err) {
console.log(err)
},
inputVerificationCode()
{
window.myVar = setInterval(function(){
console.log('check');
}, 10000);
var verificationCode = document.getElementById('code').value;
var newPassword = document.getElementById('fpass').value;
cognitoUser.confirmPassword(verificationCode, newPassword, this);
}
});
}
The HTML Part Of the code-代码的 HTML 部分-
<div class="change">
<form>
<label>Enter Email ID</label>
<input type="email" id="reset-pass" required />
<br />
<div class=""><a href="#" class="btn btn_red" id="next" onclick="resetPassword()">Next</a></div>
</form>
</div>
div class="change-confirm">
<form>
<label>Enter Code</label>
<input type="number" id="code" required />
<br />
<label>Enter New Password</label>
<input type="password" id="fpass" required />
<br />
<div class=""><a href="#" class="btn btn_red" onclick="clearInterval(window.myVar);"> Reset</a></div>
</form>
</div>
But the above code never executed.但是上面的代码从来没有执行过。 Instead it stops execution after some time.相反,它会在一段时间后停止执行。 So my question is is there any way to delay the function call of cognitoUser.confirmPassword method?所以我的问题是有什么方法可以延迟cognitoUser.confirmPassword方法的函数调用? I do not want to use prompts instead get the email and code in a text field after mail is sent.我不想使用提示而是在发送邮件后在文本字段中获取电子邮件和代码。
2 个解决方案
解决方案1
1 2019-12-24 11:58:37
A little late to the party, but it can help someone else.参加聚会有点晚,但可以帮助其他人。
You can pass the congitoUser you have created to the state, and then use cognitoUser.confirmPassword(...) by retrieving the cognitoUser object from the state.您可以将您创建的congitoUser传递给状态,然后通过从状态中检索 cognitoUser 对象来使用cognitoUser.confirmPassword(...) 。
解决方案2
0 2019-10-18 19:54:49
Have you made any progress on this in the last 8 months? 在过去的8个月中,您是否在此方面取得了任何进展? I am working on this exact same problem, since prompts are quite rubbish in many ways. 我正在解决这个完全相同的问题,因为提示在许多方面都是相当垃圾的。 Right now, when a user inputs an email address that does not correspond to one of our users, Cognito sends a 400 error back to the browser, which is FAR from ideal. 现在,当用户输入的电子邮件地址与我们其中一位用户不匹配时,Cognito会将400错误发送回浏览器,这是理想的FAR。
Right now, here is how I am handling it (using Bootstrap 4): 现在,这是我的处理方式(使用Bootstrap 4):
cognitoUser.forgotPassword({
onSuccess: function(result) {
// Hide text box with the reset password link
$('#resetPasswordSection').addClass('d-none');
// Show text box stating that the password has successfully been changed
$('#passwordResetSuccessful').removeClass('d-none');
// Show form for user to sign into their account w/ their new password
$('#signinSection').removeClass('d-none');
},
onFailure: function(err) {
// TODO: DO NOT TELL USER YET IF EMAIL ADDRESS DOES NOT EXIST; INSTEAD
// PROMPT THEM FOR THE VERIFICATION CODE (I am thinking this should be
// done server-side)
// Show text box stating that the password has NOT successfully been changed
$('#passwordResetUnsuccessful').removeClass('d-none');
// Hide form for user to input their verification code & new password
$('#resetPasswordStep2').addClass('d-none');
// Show form for user to input their email address to restart the password
// update process
$('#resetPasswordStep1').removeClass('d-none');
},
inputVerificationCode() {
// Hide form for user to input their email address to start the password
// update process
$('#resetPasswordStep1').addClass('d-none');
// Show form for user to input their verification code & new password
$('#resetPasswordStep2').removeClass('d-none');
// With each keystroke in these 3 input boxes, check if they pass regEx
// requirements and activate the 'Reset Password' button when all 3 inputs do
document.getElementById('codeInputVerify').oninput = checkNewPasswordInputs;
document.getElementById('password1InputReset').oninput = checkNewPasswordInputs;
document.getElementById('password2InputReset').oninput = checkNewPasswordInputs;
let that = this;
// event handler for when a user clicks on the "Reset password" button
function submitChanges(event) {
var verificationCode = $('#codeInputVerify').val();
var newPassword = $('#password1InputReset').val();
// reset all values in the forms
$('#resetPasswordForm').trigger('reset');
$('#signinForm').trigger('reset');
$('#passwordResetUnsuccessful').addClass('d-none');
event.preventDefault();
cognitoUser.confirmPassword(verificationCode, newPassword, that);
}
$('#resetPasswordForm').submit(submitChanges);
}
});
I am thinking the best way to handle this might be to pass the email address back to the server and then handle the response in python (concealing the result from the browser), and then showing the user the HTML form for them to input the verification code and new password whether or not the email address was valid. 我认为处理此问题的最佳方法可能是将电子邮件地址传递回服务器,然后以python处理响应(隐藏来自浏览器的结果),然后向用户显示HTML表单供他们输入验证信息代码和新密码,无论电子邮件地址是否有效。 That way, you can just tell the user that changing the password is valid without revealing to them whether or not the email address they input corresponds to an existing user or not. 这样,您可以告诉用户更改密码是有效的,而无需向他们透露他们输入的电子邮件地址是否对应于现有用户。
Thoughts? 有什么想法吗?
解决方案3
0 2019-10-18 20:08:55
You should consider using the aws-amplify-react which provides a withAuthenticator higher-order component that provides a login flow with forgot password, mfa, etc. And it's maintained by a team of devs who work for AWS.您应该考虑使用aws-amplify-react ,它提供了一个withAuthenticator高阶组件,该组件提供忘记密码、mfa 等的登录流程。它由为 AWS 工作的开发团队维护。
https://aws-amplify.github.io/docs/js/react#add-auth https://aws-amplify.github.io/docs/js/react#add-auth
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.