def put(request, cognitoUsername, UpdateCognitoUser=None):
updates = []
if UpdateCognitoUser:
for key, value in iteritems(UpdateCognitoUser):
if key in account_utils.COGNITO_ATTRIBUTES:
updates.append({'Name': key, 'Value': value})
else:
raise errors.ClientError('Invalid field {}.'.format(key))
if updates:
response = account_utils.get_user_pool_client(
).admin_update_user_attributes(
UserPoolId=account_utils.get_user_pool_id(),
Username=cognitoUsername,
UserAttributes=updates)
print('Updated: {}'.format(account_utils.logging_filter(updates)))
else:
print('No updates provided in the request')
user = account_utils.get_user(cognitoUsername)
return account_utils.convert_user_from_cognito_to_model(user)
def put_account(AccountId, AccountRequest, create_account):
account_utils.validate_account_update_request(AccountRequest)
# Collect the attribute changes for the Cognito user.
cognito_request = AccountRequest.get('IdentityProviders', {}).get(account_utils.IDP_COGNITO, {})
cognito_updates = get_cognito_updates(cognito_request)
# Get the existing account if needed and determine the Cognito username.
create_user = False
existing_account = {}
username = None
if create_account:
username = AccountRequest.get('CognitoUsername')
create_user = '******' in AccountRequest
else:
existing_account = account_utils.get_account_table().get_item(Key = { 'AccountId': AccountId }, ConsistentRead = False).get('Item', {})
username = existing_account.get('CognitoUsername')
if 'CognitoUsername' in AccountRequest and 'CognitoUsername' in existing_account and username != AccountRequest.get('CognitoUsername'):
raise errors.ClientError('Changing the account username is not supported.')
create_user = '******' in AccountRequest and 'CognitoUsername' not in existing_account
if cognito_updates and not username:
raise errors.ClientError('Unable to update Cognito: There is no Cognito user associated with this account.')
# Collect the attribute changes for the account row.
account_updates, delete_keys, added_to_blacklist = get_account_updates(AccountRequest, existing_account)
# Create or update the account.
updated_account = None
account = account_updates.copy()
account['AccountId'] = AccountId
if create_account:
account_utils.create_account(account)
updated_account = account
print 'Created account: ', account
elif account_updates or delete_keys:
updated_account = account_utils.update_account(account, delete_keys, existing_account)
print 'Updated account: ', account
# Create or update the Cognito user, and roll back the account changes if that fails.
try:
if create_user:
account_utils.get_user_pool_client().admin_create_user(
UserPoolId=account_utils.get_user_pool_id(),
Username=username,
UserAttributes=cognito_updates,
DesiredDeliveryMediums=['EMAIL']
)
print 'Created: ', account_utils.logging_filter(cognito_updates)
elif cognito_updates:
account_utils.get_user_pool_client().admin_update_user_attributes(
UserPoolId=account_utils.get_user_pool_id(),
Username=username,
UserAttributes=cognito_updates
)
print 'Updated: ', account_utils.logging_filter(cognito_updates)
except botocore.exceptions.ClientError as e:
if updated_account:
undo_account_changes(AccountId, create_account, existing_account, account_updates)
code = e.response.get('Error', {}).get('Code', None)
if code == 'UserNotFoundException':
raise errors.ClientError('User does not exist in Cognito.')
if code == 'UsernameExistsException':
raise errors.ClientError('The username already exists in Cognito.')
raise
except:
if updated_account:
undo_account_changes(AccountId, create_account, existing_account, account_updates)
raise
if added_to_blacklist and username:
# Invalidate existing tokens for the user after adding to the blacklist.
account_utils.get_user_pool_client().admin_user_global_sign_out(UserPoolId=account_utils.get_user_pool_id(), Username=username)
account = account_utils.convert_account_from_dynamo_to_admin_model(updated_account or existing_account)
load_user(account)
return account
def dispatch(event, context):
'''Main entry point for the service AWS Lambda Function. It dispatches requests
to the correct code for processing.
Arguments:
event: An object containing the request data as constructed by the service's
AWS API Gateway. This object is expected to include the following properties:
* module - the name of the module that implements the handler function.
This name is prefixed with "api." so that only modules defined in the
api directory will be loaded.
* function - the name of the handler function. The function must be
decorated using @dispatch.handler or the dispatcher will not execute it.
The function will be passed a dispatch.Reqeust object followed by the
value of the parameters dict passed as **kwargs.
* parameters - an dict containing parameter values.
context: The AWS Lambda defined context object for the request. See
https://docs.aws.amazon.com/lambda/latest/dg/python-context-object.html.
'''
print 'dispatching event', account_utils.logging_filter(event)
module_name = event.get('module', None)
if not module_name:
raise ValueError(
'No "module" property was provided n the event object.')
function_name = event.get('function', None)
if not function_name:
raise ValueError(
'No "function" property was provided in the event object.')
module = importlib.import_module('api.' + module_name)
function = getattr(module, function_name, None)
if not function:
raise ValueError(
'The module "{}" does not have an "{}" attribute.'.format(
module_name, function_name))
if not callable(function):
raise ValueError(
'The module "{}" attribute "{}" is not a function.'.format(
module_name, function_name))
if not hasattr(function, 'is_dispatch_handler'):
raise ValueError(
'The module "{}" function "{}" is not a service dispatch handler.'.
format(module_name, function_name))
parameters = event.get('parameters', {})
request = Request(event, context)
result = function(request, **parameters)
print 'returning result', account_utils.logging_filter(result)
return result
