更新用户电子邮件地址后从 Cognito 发送的双重验证电子邮件
[英]Double verification emails sent from Cognito upon updating user email address
问题描述
I am using AWS Cognito for user management in my application.
我在我的应用程序中使用 AWS Cognito 进行用户管理。 The userpool is configured that the users login with a unique username and a password, and that multiple users can have the same email addess.用户池配置为用户使用唯一的用户名和密码登录,并且多个用户可以具有相同的电子邮件地址。 I am using Amplify built-in components for authentification.我正在使用 Amplify 内置组件进行身份验证。
The problem I can't seem to resolve, are double verification mesages upon updating user email.我似乎无法解决的问题是更新用户电子邮件时出现双重验证消息。 When an an email is chaged CustomMessage_UpdateUserAttribute is triggered, and when user wants to verify the changed email CustomMessage_VerifyUserAttribute is triggered.当电子邮件被更改时 CustomMessage_UpdateUserAttribute 被触发,当用户想要验证更改的电子邮件时 CustomMessage_VerifyUserAttribute 被触发。 I have a custom lambda function that listens for these triggers among others and sends corresponding emails based on the action user is trying to perform: login, verify email, reset password etc.我有一个自定义 lambda 函数,它侦听这些触发器,并根据用户尝试执行的操作发送相应的电子邮件:登录、验证电子邮件、重置密码等。
So if a user modifies his email address, CustomMessage_UpdateUserAttribute is triggered and the user recieves an email with the following (default) message "Please verify your account and enter the following verification code to reset your password: xxxxxx".因此,如果用户修改了他的电子邮件地址,则会触发 CustomMessage_UpdateUserAttribute 并且用户会收到一封带有以下(默认)消息的电子邮件“请验证您的帐户并输入以下验证码以重置您的密码:xxxxxx”。 However, when this user loggs in, amplify recognises that the user is in the "verifyContact" state, and displays the screen you can see below.但是,当该用户登录时,amplify 会识别出该用户处于“verifyContact”状态,并显示您可以在下面看到的屏幕。
The user has two options:用户有两个选择:
- to skip the verification, or跳过验证,或
- to select the only attribute that awaits verification and click on "verify" button.选择等待验证的唯一属性,然后单击“验证”按钮。
Clicking on the "verify" button triggers CustomMessage_VerifyUserAttribute and sends yet another email to the user.单击“验证”按钮会触发 CustomMessage_VerifyUserAttribute 并向用户发送另一封电子邮件。 The user is redirected to the following screen.用户被重定向到以下屏幕。
The second screen shows where user is supposed to input newly sent code (from the second email).第二个屏幕显示用户应该在哪里输入新发送的代码(来自第二封电子邮件)。 So the user has absolutely no need for the first email (and code) that is sent automatically when the email is updated.因此,用户绝对不需要在电子邮件更新时自动发送的第一封电子邮件(和代码)。 I have tried to find a way to avoid sending the email, but have not found a good solution.我试图找到一种方法来避免发送电子邮件,但没有找到好的解决方案。 Congito won't let you override the message in lambda without sending the confirmation code in it, which is completely unnecessary since there is no place where user can input it. Congito 不会让您在不发送确认代码的情况下覆盖 lambda 中的消息,这是完全没有必要的,因为没有用户可以输入它的地方。 I don't want to disable email verification, or set email_verified to true upon updating.我不想禁用电子邮件验证,或在更新时将 email_verified 设置为 true。
Do you have any suggestions what I could do?你有什么建议我可以做什么吗?
1 个解决方案
解决方案1
0 2021-06-22 10:18:51
If anybody is facing the same problem, a workaround is to update email_verified field twice.如果有人面临同样的问题,解决方法是更新 email_verified 字段两次。 When updating the email, set email_verified to true.更新电子邮件时,将 email_verified 设置为 true。 This will prevent Cognito from sending and email on CustomMessage_UpdateUserAttribute.这将阻止 Cognito 在 CustomMessage_UpdateUserAttribute 上发送和发送电子邮件。 Then in a separate user attribute update request update only email_verified field to false.然后在单独的用户属性更新请求中只将 email_verified 字段更新为 false。 This will set the user to "verifyContact" state and request email verification on login.这会将用户设置为“verifyContact”状态并在登录时请求电子邮件验证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.