如何允许我的用户在Cognito用户池上重置他们的密码

How to allow my user to reset their password on Cognito User Pools?

本文关键字:用户 他们的 密码 Cognito 何允许 我的      更新时间:2023-09-26

所以在我的应用程序中,我显然想为用户提供重置密码的方法。我遇到的问题是,用户池的新文档在这个主题上相当模糊。以下是他们告诉您的忘记密码流程,您可以在以下链接找到它:

cognitoUser.forgotPassword({
        onSuccess: function (result) {
            console.log('call result: ' + result);
        },
        onFailure: function(err) {
            alert(err);
        },
        inputVerificationCode() {
            var verificationCode = prompt('Please input verification code ' ,'');
            var newPassword = prompt('Enter new password ' ,'');
            cognitoUser.confirmPassword(verificationCode, newPassword, this);
        }
    });
http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html

然而,当我把这段代码放入我的项目中,其中定义了一个cognituser并登录,似乎什么都没有发生。我知道我需要以某种方式将此代码与向用户发送验证码并要求他们输入新密码集成在一起,但无法找到有关如何做到这一点的任何内容。想法吗?

谢谢

AWS的文档在这个主题上很糟糕(Cognito)。你基本上需要设置cognitoUser,然后调用forgotPassword 

export function resetPassword(username) {
    // const poolData = { UserPoolId: xxxx, ClientId: xxxx };
    // userPool is const userPool = new AWSCognito.CognitoUserPool(poolData);
    // setup cognitoUser first
    cognitoUser = new AWSCognito.CognitoUser({
        Username: username,
        Pool: userPool
    });
    // call forgotPassword on cognitoUser
    cognitoUser.forgotPassword({
        onSuccess: function(result) {
            console.log('call result: ' + result);
        },
        onFailure: function(err) {
            alert(err);
        },
        inputVerificationCode() { // this is optional, and likely won't be implemented as in AWS's example (i.e, prompt to get info)
            var verificationCode = prompt('Please input verification code ', '');
            var newPassword = prompt('Enter new password ', '');
            cognitoUser.confirmPassword(verificationCode, newPassword, this);
        }
    });
}
// confirmPassword can be separately built out as follows...  
export function confirmPassword(username, verificationCode, newPassword) {
    cognitoUser = new AWSCognito.CognitoUser({
        Username: username,
        Pool: userPool
    });
    return new Promise((resolve, reject) => {
        cognitoUser.confirmPassword(verificationCode, newPassword, {
            onFailure(err) {
                reject(err);
            },
            onSuccess() {
                resolve();
            },
        });
    });
}

使用忘记密码流程重置密码有两个步骤:

  1. 通过向服务请求验证码来启动进程。代码将发送到用户的电话/电子邮件。
  2. 使用出厂验证码设置新密码。

使用这两个函数执行上述步骤并重置密码:

  1. cognitoUser.forgotPassword():这将启动忘记密码处理流程。该服务生成验证码并将其发送给用户。通过callback.inputVerificationCode(data)返回的"data"表示验证码被发送到哪里。

  2. cognitoUser.confirmPassword():使用自带此功能的验证码设置新密码

我也有同样的问题。可以通过以下方式使用confirmPassword()来解决这个问题。

//validation of input from form
req.checkBody('email', 'Username is required').notEmpty();
req.checkBody('password', 'Password is required').notEmpty();
req.checkBody('confirmationcode', 'Confirmation Code is required').notEmpty();

var confirmationCode = req.body.confirmationcode;
var password = req.body.password;
var userPool = new AmazonCognitoIdentity.CognitoUserPool(poolData);

var userData = {
    Username: req.body.email,
    Pool: userPool
};
var cognitoUser = new AmazonCognitoIdentity.CognitoUser(userData);
cognitoUser.confirmPassword(confirmationCode, password, {
    onFailure(err) {
        console.log(err);
    },
    onSuccess() {
        console.log("Success");
    },
});

如果你像我一样,发现如何处理这种情况

import { Auth } from 'aws-amplify';
// Send confirmation code to user's email
Auth.forgotPassword(username)
    .then(data => console.log(data))
    .catch(err => console.log(err));
// Collect confirmation code and new password, then
Auth.forgotPasswordSubmit(username, code, new_password)
    .then(data => console.log(data))
    .catch(err => console.log(err));

看到https://docs.amplify.aws/lib/auth/manageusers/q/platform/js忘记密码

所以即使我遇到了同样的问题,即使在AWS认知文档中也不清楚,基本上这个过程包括两个步骤。

  1. 调用cognituser . forgotpassword()这将启动忘记密码处理流程,用户将收到一个验证码。
  2. 然后调用cognituser . confirmpassword(),它将重置密码验证发送到用户的电子邮件的代码。

下面我给出了一个cognitoUserClass(Typescript),它有静态方法forgotPassword()和confirmPassword()方法来实现这两个步骤。

import * as AmazonCognitoIdentity from 'amazon-cognito-identity-js'
class cognitoUserClass {
    static cognitouser: AmazonCognitoIdentity.CognitoUser
    static userPool = new AmazonCognitoIdentity.CognitoUserPool({
        UserPoolId: 'your pool id',
        ClientId: 'your client id',
    })
    static forgotPassword(userName: string): void {
        const userData = {
            Username: userName,
            Pool: cognitoUserClass.userPool,
        }
        cognitoUserClass.cognitouser = new AmazonCognitoIdentity.CognitoUser(
            userData
        )
        cognitoUserClass.cognitouser.forgotPassword({
            onSuccess: (data) => {
                console.log(data)
            },
            onFailure: (err) => {
                console.log('ERR:', err)
            },
        })
    }
    static confirmPassword(
        verificationCode: string,
        newPassword: string
    ): void {
        cognitoUserClass.cognitouser.confirmPassword(
            verificationCode,
            newPassword,
            {
                onFailure(err) {
                    console.log(err)
                },
                onSuccess(data) {
                    console.log(data)
                },
            }
        )
    }
}
export { cognitoUserClass }

获得验证码后,使用aws-amplify操作如下

import { Auth } from "aws-amplify";
Auth.forgotPasswordSubmit(email, verificationCode, newPassword)
    .then(() => {
        //redirect to sign-in page
    })
    .catch(error => {
        //error logic
    })
相关文章: