List of usage examples for com.amazonaws.services.cognitoidp.model ChallengeNameType NEW_PASSWORD_REQUIRED
ChallengeNameType NEW_PASSWORD_REQUIRED
To view the source code for com.amazonaws.services.cognitoidp.model ChallengeNameType NEW_PASSWORD_REQUIRED.
Click Source Link
From source file:com.kdgregory.example.cognito.servlets.ConfirmSignUp.java
License:Apache License
@Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String emailAddress = request.getParameter(Constants.RequestParameters.EMAIL); String tempPassword = request.getParameter(Constants.RequestParameters.TEMPORARY_PASSWORD); String finalPassword = request.getParameter(Constants.RequestParameters.PASSWORD); if (StringUtil.isBlank(emailAddress) || StringUtil.isBlank(tempPassword) || StringUtil.isBlank(finalPassword)) { reportResult(response, Constants.ResponseMessages.INVALID_REQUEST); return;/* w w w . ja v a 2 s . c o m*/ } logger.debug("confirming signup of user {}", emailAddress); try { // must attempt signin with temporary password in order to establish session for password change // (even though it's documented as not required) Map<String, String> initialParams = new HashMap<String, String>(); initialParams.put("USERNAME", emailAddress); initialParams.put("PASSWORD", tempPassword); AdminInitiateAuthRequest initialRequest = new AdminInitiateAuthRequest() .withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).withAuthParameters(initialParams) .withClientId(cognitoClientId()).withUserPoolId(cognitoPoolId()); AdminInitiateAuthResult initialResponse = cognitoClient.adminInitiateAuth(initialRequest); if (!ChallengeNameType.NEW_PASSWORD_REQUIRED.name().equals(initialResponse.getChallengeName())) { throw new RuntimeException("unexpected challenge: " + initialResponse.getChallengeName()); } Map<String, String> challengeResponses = new HashMap<String, String>(); challengeResponses.put("USERNAME", emailAddress); challengeResponses.put("PASSWORD", tempPassword); challengeResponses.put("NEW_PASSWORD", finalPassword); AdminRespondToAuthChallengeRequest finalRequest = new AdminRespondToAuthChallengeRequest() .withChallengeName(ChallengeNameType.NEW_PASSWORD_REQUIRED) .withChallengeResponses(challengeResponses).withClientId(cognitoClientId()) .withUserPoolId(cognitoPoolId()).withSession(initialResponse.getSession()); AdminRespondToAuthChallengeResult challengeResponse = cognitoClient .adminRespondToAuthChallenge(finalRequest); if (StringUtil.isBlank(challengeResponse.getChallengeName())) { updateCredentialCookies(response, challengeResponse.getAuthenticationResult()); reportResult(response, Constants.ResponseMessages.LOGGED_IN); } else { throw new RuntimeException("unexpected challenge: " + challengeResponse.getChallengeName()); } } catch (InvalidPasswordException ex) { logger.debug("{} submitted invalid password", emailAddress); reportResult(response, Constants.ResponseMessages.INVALID_PASSWORD); } catch (UserNotFoundException ex) { logger.debug("not found: {}", emailAddress); reportResult(response, Constants.ResponseMessages.NO_SUCH_USER); } catch (NotAuthorizedException ex) { logger.debug("invalid credentials: {}", emailAddress); reportResult(response, Constants.ResponseMessages.NO_SUCH_USER); } catch (TooManyRequestsException ex) { logger.warn("caught TooManyRequestsException, delaying then retrying"); ThreadUtil.sleepQuietly(250); doPost(request, response); } }
From source file:com.kdgregory.example.cognito.servlets.SignIn.java
License:Apache License
@Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String emailAddress = request.getParameter(Constants.RequestParameters.EMAIL); String password = request.getParameter(Constants.RequestParameters.PASSWORD); if (StringUtil.isBlank(emailAddress) || StringUtil.isBlank(password)) { reportResult(response, Constants.ResponseMessages.INVALID_REQUEST); return;// w ww . j a va 2 s.c om } logger.debug("authenticating {}", emailAddress); try { Map<String, String> authParams = new HashMap<String, String>(); authParams.put("USERNAME", emailAddress); authParams.put("PASSWORD", password); AdminInitiateAuthRequest authRequest = new AdminInitiateAuthRequest() .withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).withAuthParameters(authParams) .withClientId(cognitoClientId()).withUserPoolId(cognitoPoolId()); AdminInitiateAuthResult authResponse = cognitoClient.adminInitiateAuth(authRequest); if (StringUtil.isBlank(authResponse.getChallengeName())) { updateCredentialCookies(response, authResponse.getAuthenticationResult()); reportResult(response, Constants.ResponseMessages.LOGGED_IN); return; } else if (ChallengeNameType.NEW_PASSWORD_REQUIRED.name().equals(authResponse.getChallengeName())) { logger.debug("{} attempted to sign in with temporary password", emailAddress); reportResult(response, Constants.ResponseMessages.FORCE_PASSWORD_CHANGE); } else { throw new RuntimeException("unexpected challenge on signin: " + authResponse.getChallengeName()); } } catch (UserNotFoundException ex) { logger.debug("not found: {}", emailAddress); reportResult(response, Constants.ResponseMessages.NO_SUCH_USER); } catch (NotAuthorizedException ex) { logger.debug("invalid credentials: {}", emailAddress); reportResult(response, Constants.ResponseMessages.NO_SUCH_USER); } catch (TooManyRequestsException ex) { logger.warn("caught TooManyRequestsException, delaying then retrying"); ThreadUtil.sleepQuietly(250); doPost(request, response); } }