def put(request, cognitoUsername, UpdateCognitoUser=None): updates = [] if UpdateCognitoUser: for key, value in iteritems(UpdateCognitoUser): if key in account_utils.COGNITO_ATTRIBUTES: updates.append({'Name': key, 'Value': value}) else: raise errors.ClientError('Invalid field {}.'.format(key)) if updates: response = account_utils.get_user_pool_client( ).admin_update_user_attributes( UserPoolId=account_utils.get_user_pool_id(), Username=cognitoUsername, UserAttributes=updates) print('Updated: {}'.format(account_utils.logging_filter(updates))) else: print('No updates provided in the request') user = account_utils.get_user(cognitoUsername) return account_utils.convert_user_from_cognito_to_model(user)
def put_account(AccountId, AccountRequest, create_account): account_utils.validate_account_update_request(AccountRequest) # Collect the attribute changes for the Cognito user. cognito_request = AccountRequest.get('IdentityProviders', {}).get(account_utils.IDP_COGNITO, {}) cognito_updates = get_cognito_updates(cognito_request) # Get the existing account if needed and determine the Cognito username. create_user = False existing_account = {} username = None if create_account: username = AccountRequest.get('CognitoUsername') create_user = '******' in AccountRequest else: existing_account = account_utils.get_account_table().get_item(Key = { 'AccountId': AccountId }, ConsistentRead = False).get('Item', {}) username = existing_account.get('CognitoUsername') if 'CognitoUsername' in AccountRequest and 'CognitoUsername' in existing_account and username != AccountRequest.get('CognitoUsername'): raise errors.ClientError('Changing the account username is not supported.') create_user = '******' in AccountRequest and 'CognitoUsername' not in existing_account if cognito_updates and not username: raise errors.ClientError('Unable to update Cognito: There is no Cognito user associated with this account.') # Collect the attribute changes for the account row. account_updates, delete_keys, added_to_blacklist = get_account_updates(AccountRequest, existing_account) # Create or update the account. updated_account = None account = account_updates.copy() account['AccountId'] = AccountId if create_account: account_utils.create_account(account) updated_account = account print 'Created account: ', account elif account_updates or delete_keys: updated_account = account_utils.update_account(account, delete_keys, existing_account) print 'Updated account: ', account # Create or update the Cognito user, and roll back the account changes if that fails. try: if create_user: account_utils.get_user_pool_client().admin_create_user( UserPoolId=account_utils.get_user_pool_id(), Username=username, UserAttributes=cognito_updates, DesiredDeliveryMediums=['EMAIL'] ) print 'Created: ', account_utils.logging_filter(cognito_updates) elif cognito_updates: account_utils.get_user_pool_client().admin_update_user_attributes( UserPoolId=account_utils.get_user_pool_id(), Username=username, UserAttributes=cognito_updates ) print 'Updated: ', account_utils.logging_filter(cognito_updates) except botocore.exceptions.ClientError as e: if updated_account: undo_account_changes(AccountId, create_account, existing_account, account_updates) code = e.response.get('Error', {}).get('Code', None) if code == 'UserNotFoundException': raise errors.ClientError('User does not exist in Cognito.') if code == 'UsernameExistsException': raise errors.ClientError('The username already exists in Cognito.') raise except: if updated_account: undo_account_changes(AccountId, create_account, existing_account, account_updates) raise if added_to_blacklist and username: # Invalidate existing tokens for the user after adding to the blacklist. account_utils.get_user_pool_client().admin_user_global_sign_out(UserPoolId=account_utils.get_user_pool_id(), Username=username) account = account_utils.convert_account_from_dynamo_to_admin_model(updated_account or existing_account) load_user(account) return account
def dispatch(event, context): '''Main entry point for the service AWS Lambda Function. It dispatches requests to the correct code for processing. Arguments: event: An object containing the request data as constructed by the service's AWS API Gateway. This object is expected to include the following properties: * module - the name of the module that implements the handler function. This name is prefixed with "api." so that only modules defined in the api directory will be loaded. * function - the name of the handler function. The function must be decorated using @dispatch.handler or the dispatcher will not execute it. The function will be passed a dispatch.Reqeust object followed by the value of the parameters dict passed as **kwargs. * parameters - an dict containing parameter values. context: The AWS Lambda defined context object for the request. See https://docs.aws.amazon.com/lambda/latest/dg/python-context-object.html. ''' print 'dispatching event', account_utils.logging_filter(event) module_name = event.get('module', None) if not module_name: raise ValueError( 'No "module" property was provided n the event object.') function_name = event.get('function', None) if not function_name: raise ValueError( 'No "function" property was provided in the event object.') module = importlib.import_module('api.' + module_name) function = getattr(module, function_name, None) if not function: raise ValueError( 'The module "{}" does not have an "{}" attribute.'.format( module_name, function_name)) if not callable(function): raise ValueError( 'The module "{}" attribute "{}" is not a function.'.format( module_name, function_name)) if not hasattr(function, 'is_dispatch_handler'): raise ValueError( 'The module "{}" function "{}" is not a service dispatch handler.'. format(module_name, function_name)) parameters = event.get('parameters', {}) request = Request(event, context) result = function(request, **parameters) print 'returning result', account_utils.logging_filter(result) return result