def create(self, name, phone_number, custom_paths, is_la, group_name):
"""
Create a new user in Cognito user pool
Validate the inputs.
A user is only valid if their MFA and group settings
are correct.
Return True only if all steps are processed successfully.
"""
error = None
steps = {}
# Validate email
if not self.email_address_is_valid():
steps["email_valid"] = False
error = "Email address is invalid."
# Validate phone number
phone_number = self.sanitise_phone(phone_number)
if phone_number == "":
steps["phone_valid"] = False
error = "Phone number is empty."
# Validate user custom settings
if not self.user_paths_are_valid(is_la, custom_paths, group_name):
steps["paths_valid"] = False
error = "The granted access permissions are not valid."
# Only attempt create if all previous steps passed
if all(steps.values()):
steps["created"] = cognito.create_user(name, self.email_address,
phone_number, is_la,
custom_paths)
if steps.get("created"):
steps["set_mfa"] = self.set_mfa_preferences()
steps["set_settings"] = self.set_user_settings()
steps["added_to_group"] = self.add_to_group(group_name)
else:
error = "Failed to create user."
if steps.get("created") and not all(steps.values()):
# If the user was created successfully
# but the group or SMS 2FA operations fail
# the user should be disabled.
if steps.get("created"):
cognito.disable_user(self.email_address)
if error:
config.set_session_var("error_message", error)
LOG.error({
"message": "User operation failed",
"action": "user.create",
"status": steps,
})
# Return True only if all settings were successfully set
return all(steps.values())
def test_create_user(admin_user, create_user_arguments):
stubber = stubs.mock_cognito_admin_create_user(admin_user,
create_user_arguments)
with stubber:
created = cognito.create_user(
admin_user["name"],
admin_user["email"],
admin_user["phone_number"],
admin_user["custom:is_la"],
admin_user["custom:paths"],
)
assert created
stubber.deactivate()
def lambda_handler(event, _context):
print("Received event: " + json.dumps(event, indent=2))
email, name = event["email"], event["name"]
user = User(email=email, name=name)
response = cognito.create_user(client, profile, user)
cognito.show_error_response(response)
response = cognito.add_to_group(client, profile, user, "attendees")
cognito.show_error_response(response)
return "OK"
# Enable user
for user in data["users"]:
response = cognito.enable_user(data["client"], data["profile"],
user)
cognito.show_error_response(response, args.debug)
elif args.remove_from_group:
# Remove users from group
for user in data["users"]:
response = cognito.remove_from_group(data["client"],
data["profile"], user,
args.remove_from_group)
cognito.show_error_response(response, args.debug)
elif args.verified:
# Enable user
for user in data["users"]:
response = cognito.update_user_attributes(data["client"],
data["profile"], user,
"email_verified", "true")
cognito.show_error_response(response, args.debug)
else:
# Create user
for user in data["users"]:
response = cognito.create_user(data["client"], data["profile"],
user)
cognito.show_error_response(response, args.debug)
if args.group:
response = cognito.add_to_group(data["client"],
data["profile"], user,
args.group)
cognito.show_error_response(response, args.debug)