def post(request, cognitoUsername): try: account_utils.get_user_pool_client().admin_reset_user_password(UserPoolId=account_utils.get_user_pool_id(), Username=cognitoUsername) except botocore.exceptions.ClientError as e: message = e.response.get('Error', {}).get('Message') raise errors.ClientError(message) return {}
def default_search(): listUsersResponse = account_utils.get_user_pool_client().list_users( UserPoolId=account_utils.get_user_pool_id(), Limit=50) usersByName = { user.get('Username', ''): user for user in listUsersResponse.get('Users', []) } accounts = [] scanResponse = account_utils.get_account_table().scan(Limit=50) for accountItem in scanResponse.get('Items', []): account = account_utils.convert_account_from_dynamo_to_admin_model( accountItem) username = account.get('CognitoUsername') if username: user = usersByName.get(username) if user: account['IdentityProviders'] = { account_utils.IDP_COGNITO: account_utils.convert_user_from_cognito_to_model(user) } del usersByName[username] else: populate_identity_provider(account) accounts.append(account) for username, user in usersByName.iteritems(): account = populate_account_for_user(user) accounts.append(account) accounts.sort(cmp=account_utils.compare_accounts) return {'Accounts': accounts}
def get(request, IdentityProviderId): if IdentityProviderId != account_utils.IDP_COGNITO: raise errors.ClientError( 'Only the {} identity provider is supported.'.format( account_utils.IDP_COGNITO)) pool = account_utils.get_user_pool_client().describe_user_pool( UserPoolId=account_utils.get_user_pool_id()) numberOfUsers = pool.get('UserPool', {}).get('EstimatedNumberOfUsers', 0) return {'EstimatedNumberOfUsers': numberOfUsers}
def load_user(account): if 'CognitoUsername' in account: try: user = account_utils.get_user_pool_client().admin_get_user( UserPoolId=account_utils.get_user_pool_id(), Username=account['CognitoUsername'] ) account['IdentityProviders'] = {} account['IdentityProviders'][account_utils.IDP_COGNITO] = account_utils.convert_user_from_cognito_to_model(user) except botocore.exceptions.ClientError as e: code = e.response.get('Error', {}).get('Code', None) if code == 'UserNotFoundException': print 'User {} not found for account {}.'.format(account['CognitoUsername'], account.get('AccountId')) return raise
def populate_identity_provider(account): if 'CognitoUsername' in account: try: user = account_utils.get_user_pool_client().admin_get_user( UserPoolId=account_utils.get_user_pool_id(), Username=account['CognitoUsername']) if 'IdentityProviders' not in account: account['IdentityProviders'] = {} account['IdentityProviders'][ account_utils. IDP_COGNITO] = account_utils.convert_user_from_cognito_to_model( user) except: print 'Failed to lookup username {} for account {}:'.format( account['CognitoUsername'], account['AccountId']) traceback.print_exc()
def post(request, cognitoUsername): try: account_utils.get_user_pool_client().admin_confirm_sign_up( UserPoolId=account_utils.get_user_pool_id(), Username=cognitoUsername) except botocore.exceptions.ClientError as e: code = e.response.get('Error', {}).get('Code') message = e.response.get('Error', {}).get('Message') if code == 'NotAuthorizedException' and 'CONFIRMED' in message: print 'The user is already confirmed: {}'.format(message) return {} raise return {}
def search_by_email(Email): response = account_utils.get_user_pool_client().list_users( UserPoolId=account_utils.get_user_pool_id(), Filter='email ^= "{}"'.format(Email.replace('"', '')), Limit=20) users = response.get('Users', []) if not users: print 'No users found for the requested email prefix.' return {'Accounts': []} accounts = [] for user in users: accounts.append(populate_account_for_user(user)) accounts.sort(cmp=account_utils.compare_accounts) return {'Accounts': accounts}
def search_by_username(Username): response = account_utils.get_user_pool_client().list_users( UserPoolId=account_utils.get_user_pool_id(), Filter='username ^= "{}"'.format(Username.replace('"', '')), Limit=20) users = response.get('Users', []) if not users: print('No users found for the requested username prefix.') return {'Accounts': []} accounts = [] for user in users: accounts.append(populate_account_for_user(user)) accounts.sort(key=functools.cmp_to_key(account_utils.compare_accounts)) return {'Accounts': accounts}
def put(request, cognitoUsername, UpdateCognitoUser=None): updates = [] if UpdateCognitoUser: for key, value in iteritems(UpdateCognitoUser): if key in account_utils.COGNITO_ATTRIBUTES: updates.append({'Name': key, 'Value': value}) else: raise errors.ClientError('Invalid field {}.'.format(key)) if updates: response = account_utils.get_user_pool_client( ).admin_update_user_attributes( UserPoolId=account_utils.get_user_pool_id(), Username=cognitoUsername, UserAttributes=updates) print('Updated: {}'.format(account_utils.logging_filter(updates))) else: print('No updates provided in the request') user = account_utils.get_user(cognitoUsername) return account_utils.convert_user_from_cognito_to_model(user)
def put_account(AccountId, AccountRequest, create_account): account_utils.validate_account_update_request(AccountRequest) # Collect the attribute changes for the Cognito user. cognito_request = AccountRequest.get('IdentityProviders', {}).get(account_utils.IDP_COGNITO, {}) cognito_updates = get_cognito_updates(cognito_request) # Get the existing account if needed and determine the Cognito username. create_user = False existing_account = {} username = None if create_account: username = AccountRequest.get('CognitoUsername') create_user = '******' in AccountRequest else: existing_account = account_utils.get_account_table().get_item(Key = { 'AccountId': AccountId }, ConsistentRead = False).get('Item', {}) username = existing_account.get('CognitoUsername') if 'CognitoUsername' in AccountRequest and 'CognitoUsername' in existing_account and username != AccountRequest.get('CognitoUsername'): raise errors.ClientError('Changing the account username is not supported.') create_user = '******' in AccountRequest and 'CognitoUsername' not in existing_account if cognito_updates and not username: raise errors.ClientError('Unable to update Cognito: There is no Cognito user associated with this account.') # Collect the attribute changes for the account row. account_updates, delete_keys, added_to_blacklist = get_account_updates(AccountRequest, existing_account) # Create or update the account. updated_account = None account = account_updates.copy() account['AccountId'] = AccountId if create_account: account_utils.create_account(account) updated_account = account print 'Created account: ', account elif account_updates or delete_keys: updated_account = account_utils.update_account(account, delete_keys, existing_account) print 'Updated account: ', account # Create or update the Cognito user, and roll back the account changes if that fails. try: if create_user: account_utils.get_user_pool_client().admin_create_user( UserPoolId=account_utils.get_user_pool_id(), Username=username, UserAttributes=cognito_updates, DesiredDeliveryMediums=['EMAIL'] ) print 'Created: ', account_utils.logging_filter(cognito_updates) elif cognito_updates: account_utils.get_user_pool_client().admin_update_user_attributes( UserPoolId=account_utils.get_user_pool_id(), Username=username, UserAttributes=cognito_updates ) print 'Updated: ', account_utils.logging_filter(cognito_updates) except botocore.exceptions.ClientError as e: if updated_account: undo_account_changes(AccountId, create_account, existing_account, account_updates) code = e.response.get('Error', {}).get('Code', None) if code == 'UserNotFoundException': raise errors.ClientError('User does not exist in Cognito.') if code == 'UsernameExistsException': raise errors.ClientError('The username already exists in Cognito.') raise except: if updated_account: undo_account_changes(AccountId, create_account, existing_account, account_updates) raise if added_to_blacklist and username: # Invalidate existing tokens for the user after adding to the blacklist. account_utils.get_user_pool_client().admin_user_global_sign_out(UserPoolId=account_utils.get_user_pool_id(), Username=username) account = account_utils.convert_account_from_dynamo_to_admin_model(updated_account or existing_account) load_user(account) return account