def sign_out_user(email):
client = get_boto_client('cognito-idp')
client.admin_user_global_sign_out(
UserPoolId=settings.COGNITO_USER_POOL_ID,
Username=email
)
def delete_user(sub):
client = get_boto_client('cognito-idp')
client.admin_delete_user(
UserPoolId=settings.COGNITO_USER_POOL_ID,
Username=sub
)
def sign_in_user(email, password):
client = get_boto_client('cognito-idp')
try:
response = client.admin_initiate_auth(
UserPoolId=settings.COGNITO_USER_POOL_ID,
ClientId=settings.COGNITO_APP_ID,
AuthFlow='ADMIN_NO_SRP_AUTH', # must configure app client
AuthParameters={
'USERNAME': email,
'PASSWORD': password
}
)
except client.exceptions.NotAuthorizedException:
raise exceptions.NotAuthorizedException
except client.exceptions.UserNotConfirmedException:
raise exceptions.UserNotConfirmedException
except client.exceptions.UserNotFoundException:
raise exceptions.UserNotFoundException
# check if password change required
if response.get('ChallengeName') == 'NEW_PASSWORD_REQUIRED':
raise exceptions.NewPasswordRequiredError
return {
'access_token': response['AuthenticationResult']['AccessToken'],
'refresh_token': response['AuthenticationResult']['RefreshToken'],
}
def confirm_account(email):
client = get_boto_client('cognito-idp')
client.admin_confirm_sign_up(
UserPoolId=settings.COGNITO_USER_POOL_ID,
Username=email
)
def update_account(email, attrs):
client = get_boto_client('cognito-idp')
try:
client.admin_update_user_attributes(
UserPoolId=settings.COGNITO_USER_POOL_ID,
Username=email,
UserAttributes=attrs
)
except client.exceptions.AliasExistsException:
raise exceptions.AliasExistsException
def verify_user_attribute(attribute, code, access_token):
client = get_boto_client('cognito-idp')
try:
client.verify_user_attribute(
AccessToken=access_token,
AttributeName=attribute,
Code=code
)
except client.exceptions.CodeMismatchException:
raise exceptions.CodeMismatchException
def verify_email(email):
client = get_boto_client('cognito-idp')
client.admin_update_user_attributes(
UserPoolId=settings.COGNITO_USER_POOL_ID,
Username=email,
UserAttributes=[
{
'Name': 'email_verified',
'Value': 'true'
},
]
)
def send_email(sender: str,
recipients: list,
subject: str,
text: str = None,
html: str = None,
attachments: list = None):
message = _create_multipart_message(sender, recipients, subject, text,
html, attachments)
ses_client = get_boto_client('ses')
return ses_client.send_raw_email(Source=sender,
Destinations=recipients,
RawMessage={'Data': message.as_string()})
def get_is_email_verified(email):
client = get_boto_client('cognito-idp')
cognito_response = client.admin_get_user(
UserPoolId=settings.COGNITO_USER_POOL_ID,
Username=email
)
is_email_verified = False
# TODO: better way to loop through dictionary to compare a value?
for attr in cognito_response['UserAttributes']:
if attr['Name'] == 'email_verified':
is_email_verified = attr['Value'] == 'true'
break
return is_email_verified
def change_password(old_password, new_password, access_token):
client = get_boto_client('cognito-idp')
try:
client.change_password(
PreviousPassword=old_password,
ProposedPassword=new_password,
AccessToken=access_token
)
except client.exceptions.NotAuthorizedException:
raise exceptions.NotAuthorizedException
except client.exceptions.LimitExceededException:
raise exceptions.LimitExceededException
except ParamValidationError:
raise exceptions.ParamValidationError
def refresh_access_token(refresh_token):
client = get_boto_client('cognito-idp')
try:
response = client.initiate_auth(
ClientId=settings.COGNITO_APP_ID,
AuthFlow='REFRESH_TOKEN_AUTH',
AuthParameters={
'REFRESH_TOKEN': refresh_token,
}
)
except client.exceptions.NotAuthorizedException:
raise exceptions.NotAuthorizedException
return response['AuthenticationResult']['AccessToken'] # fixme: is this safe?
def delete_all_users():
assert settings.STAGE != 'production'
client = get_boto_client('cognito-idp')
response = client.list_users(
UserPoolId=settings.COGNITO_USER_POOL_ID,
AttributesToGet=[
'email',
],
)
users = response['Users']
print(f'...removing {len(users)} Cognito users')
for user in users:
client.admin_delete_user(
UserPoolId=settings.COGNITO_USER_POOL_ID,
Username=user['Username']
)
def reset_password_start(email):
client = get_boto_client('cognito-idp')
try:
client.forgot_password(
ClientId=settings.COGNITO_APP_ID,
Username=email
)
except client.exceptions.NotAuthorizedException:
raise exceptions.NotAuthorizedException
except client.exceptions.InvalidParameterException:
raise exceptions.InvalidParameterException
except client.exceptions.LimitExceededException:
raise exceptions.LimitExceededException
except client.exceptions.UserNotFoundException:
raise exceptions.UserNotFoundException
def reset_password_confirm(email, code, password):
client = get_boto_client('cognito-idp')
try:
client.confirm_forgot_password(
ClientId=settings.COGNITO_APP_ID,
Username=email,
ConfirmationCode=code,
Password=password
)
except client.exceptions.CodeMismatchException:
raise exceptions.CodeMismatchException
except client.exceptions.ExpiredCodeException:
raise exceptions.ExpiredCodeException
except client.exceptions.UserNotFoundException:
raise exceptions.UserNotFoundException
except ParamValidationError:
raise exceptions.ParamValidationError
def create_user(email, name, password):
client = get_boto_client('cognito-idp')
try:
response = client.sign_up(
ClientId=settings.COGNITO_APP_ID,
Username=email,
Password=password,
UserAttributes=[
{
'Name': 'email',
'Value': email
}
]
)
except ParamValidationError:
raise exceptions.ParamValidationError
except client.exceptions.InvalidParameterException:
raise exceptions.InvalidParameterException
except client.exceptions.UsernameExistsException:
raise exceptions.UsernameExistsException
else:
return response['UserSub']