fix(auth): Catch password reset Cognito API error response #11274
Conversation
cwomack
added
bug
erinleigh90
dismissed
their stale review
Dismissing my review as I need to replicate and test first - then will add again.
|
@oschwartz10612 Can you update your branch to reflect the changes in main? Code looks good and checks out locally, so we will merge once the branch is caught up and checks are passing. Thank you! |
|
Hi @erinleigh90, thanks for reviewing! I just updated the branch! |
Codecov Report
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. @@ Coverage Diff @@
## main #11274 +/- ##
==========================================
+ Coverage 83.23% 83.37% +0.13%
==========================================
Files 274 294 +20
Lines 20523 20867 +344
Branches 4436 4492 +56
==========================================
+ Hits 17083 17398 +315
- Misses 3152 3182 +30
+ Partials 288 287 -1 see 56 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
There was a problem hiding this comment.
Hey @oschwartz10612 . Thanks for putting this together.
LGTM!
Description of changes
This is a pretty simple fix I think.
Auth.currentAuthenticatedUserdoes not currently catch if the password is reset in Cognito. It currently will just return the current user even though the Cognito API call returns 400 with the following message.{"__type":"PasswordResetRequiredException","message":"Password reset required for the user"}We need to catch this message I believe in the same way that the token revoke is handled.
Description of how you validated changes
Tested in a personal demo application.
Checklist
yarn testpassesBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.