Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(aws-android-sdk-auth-userpools): Check actual password requirements in drop-in UI #3588

Merged
merged 2 commits into from
Jun 12, 2024
Merged

fix(aws-android-sdk-auth-userpools): Check actual password requirements in drop-in UI #3588

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
57fbe96
Check actual password requirements in drop-in UI
mattcreaser Jun 6, 2024
adb71ba
Also read password length when changing password.
mattcreaser Jun 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 22 additions & 5 deletions ...ols/src/main/java/com/amazonaws/mobile/auth/userpools/CognitoUserPoolsSignInProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@
import com.amazonaws.mobile.auth.core.internal.util.ViewHelper;

import org.json.JSONException;
import org.json.JSONObject;

import java.util.HashSet;
import java.util.Set;
Expand All @@ -62,6 +63,9 @@
import static com.amazonaws.mobile.auth.userpools.CognitoUserPoolsSignInProvider.AttributeKeys.USERNAME;
import static com.amazonaws.mobile.auth.userpools.CognitoUserPoolsSignInProvider.AttributeKeys.VERIFICATION_CODE;

import androidx.annotation.NonNull;
import androidx.annotation.Nullable;

/**
* Manages sign-in using Cognito User Pools.
*/
Expand Down Expand Up @@ -408,10 +412,14 @@ public void handleActivityResult(final int requestCode,
password = data.getStringExtra(PASSWORD);
verificationCode = data.getStringExtra(VERIFICATION_CODE);

if (password.length() < PASSWORD_MIN_LENGTH) {
Integer minimumPasswordLength = getMinimumPasswordLength(awsConfiguration);
if (minimumPasswordLength != null && password.length() < minimumPasswordLength) {
ViewHelper.showDialog(activity, activity.getString(R.string.title_activity_forgot_password),
activity.getString(R.string.password_change_failed)
+ " " + activity.getString(R.string.password_length_validation_failed));
activity.getString(R.string.password_change_failed)
+ " " + activity.getString(
R.string.password_length_validation_failed_variable,
minimumPasswordLength
));
return;
}

Expand Down Expand Up @@ -444,7 +452,7 @@ public void handleActivityResult(final int requestCode,

if (verificationCode.length() < 1) {
ViewHelper.showDialog(activity, activity.getString(R.string.title_activity_mfa),
activity.getString(R.string.mfa_failed)
activity.getString(R.string.mfa_failed)
+ " " + activity.getString(R.string.mfa_code_empty));
return;
}
Expand All @@ -469,7 +477,7 @@ public void handleActivityResult(final int requestCode,

if (verificationCode.length() < 1) {
ViewHelper.showDialog(activity, activity.getString(R.string.title_activity_sign_up_confirm),
activity.getString(R.string.sign_up_confirm_title)
activity.getString(R.string.sign_up_confirm_title)
+ " " + activity.getString(R.string.sign_up_confirm_code_missing));
return;
}
Expand Down Expand Up @@ -697,4 +705,13 @@ static int getBackgroundColor() {
static String getFontFamily() {
return fontFamily;
}

@Nullable
static Integer getMinimumPasswordLength(@NonNull final AWSConfiguration configuration) {
JSONObject auth = configuration.optJsonObject("Auth");
if (auth == null) return null;
JSONObject passwordSettings = auth.optJSONObject("passwordProtectionSettings");
if (passwordSettings == null) return null;
return passwordSettings.optInt("passwordPolicyMinLength");
}
}
15 changes: 12 additions & 3 deletions ...-sdk-auth-userpools/src/main/java/com/amazonaws/mobile/auth/userpools/SignUpActivity.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@
import static com.amazonaws.mobile.auth.userpools.CognitoUserPoolsSignInProvider.AttributeKeys.*;
import static com.amazonaws.mobile.auth.userpools.CognitoUserPoolsSignInProvider.getErrorMessageFromException;

import androidx.annotation.Nullable;

import org.json.JSONObject;

/**
* Activity to prompt for account sign up information.
*/
Expand All @@ -47,6 +51,7 @@ public class SignUpActivity extends Activity {

private SignUpView signUpView;
private CognitoUserPool mUserPool;
private AWSConfiguration configuration;

/**
* Starts a {@link SignUpActivity}
Expand All @@ -67,7 +72,8 @@ protected void onCreate(final Bundle savedInstanceState) {
signUpView = (SignUpView) findViewById(R.id.signup_view);

Context appContext = getApplicationContext();
mUserPool = new CognitoUserPool(appContext, new AWSConfiguration(appContext));
configuration = new AWSConfiguration(appContext);
mUserPool = new CognitoUserPool(appContext, configuration);

InputMethodManager imm = (InputMethodManager) getSystemService(Context.INPUT_METHOD_SERVICE);
imm.toggleSoftInput(InputMethodManager.SHOW_FORCED, InputMethodManager.HIDE_IMPLICIT_ONLY);
Expand All @@ -94,13 +100,16 @@ public void signUp(final View view) {
Log.d(LOG_TAG, "email = " + email);
Log.d(LOG_TAG, "phone = " + phone);


final Integer minimumPasswordLength = CognitoUserPoolsSignInProvider.getMinimumPasswordLength(configuration);

if (username.isEmpty()) {
showError(getString(R.string.sign_up_username_missing));
return;
}

if (password.length() < 6) {
showError(getString(R.string.password_length_validation_failed));
if (minimumPasswordLength != null && password.length() < minimumPasswordLength) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when would minimum be null? Should we fall back to 6 as a safety? Is lower than 6 ever allowed?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the password requirements are not specified in awsconfiguration this can be null.

6 is the minimum in Cognito, but if we don't know what the customer has set as their minimum then we just don't want to validate client-side, since any value we choose is likely to be wrong. The original customer report complains that validating with the wrong length leads to a confusing end user experience.

So if we don't know what the minimum is we'll just let the server side validate the password and display whatever error message they return if it's too short (this part is existing functionality).

showError(getString(R.string.password_length_validation_failed_variable, minimumPasswordLength));
return;
}

Expand Down
1 change: 1 addition & 0 deletions aws-android-sdk-auth-userpools/src/main/res/values/strings.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
<string name="mfa_code_empty">MFA Code is empty.</string>
<string name="mfa_failed">MFA Failed.</string>
<string name="password_length_validation_failed">Password should have 6 or more characters.</string>
<string name="password_length_validation_failed_variable">Password should have %d or more characters.</string>
<string name="sign_up_username_missing">Missing username.</string>
<string name="sign_up_confirm_code_missing">Sign Up Confirmation code is missing.</string>
<string name="sign_up_in_progress">Sign up in progress</string>
Expand Down