AWS Cognito节点lambda迁移用户:未定义authenticateUser

时间:2019-10-15 14:25:20

标签: amazon-web-services aws-lambda migration amazon-cognito amazon-cognito-triggers

我想使用AWS Console功能中的迁移用户lambda将用户从userPool 1迁移到userPool 2。为了做到这一点,我使用了AWS提供的脚本,但是找不到如何使用authenticateUser的实例。执行时未定义。

执行迁移lambda。 未定义authenticateUser

我还尝试创建一个图层,成功导入该图层并将该图层设置在我的lambda函数中,但无法使其正常工作。

exports.handler = (event, context, callback) => {

    var user;

    if ( event.triggerSource == "UserMigration_Authentication" ) {

        // authenticate the user with your existing user directory service
        user = authenticateUser(event.userName, event.request.password);
        if ( user ) {
            event.response.userAttributes = {
                "email": user.emailAddress,
                "email_verified": "true"
            };
            event.response.finalUserStatus = "CONFIRMED";
            event.response.messageAction = "SUPPRESS";
            context.succeed(event);
        }
        else {
            // Return error to Amazon Cognito
            callback("Bad password");
        }
    }
    else if ( event.triggerSource == "UserMigration_ForgotPassword" ) {

        // Lookup the user in your existing user directory service
        user = lookupUser(event.userName);
        if ( user ) {
            event.response.userAttributes = {
                "email": user.emailAddress,
                // required to enable password-reset code to be sent to user
                "email_verified": "true"  
            };
            event.response.messageAction = "SUPPRESS";
            context.succeed(event);
        }
        else {
            // Return error to Amazon Cognito
            callback("Bad password");
        }
    }
    else { 
        // Return error to Amazon Cognito
        callback("Bad triggerSource " + event.triggerSource);
    }
};

authenticateUser未定义

我的问题是:我们如何导入此功能?

非常感谢。

1 个答案:

答案 0 :(得分:0)

该示例代码用于从旧数据库迁移用户,而authenticateUser,lookupUser函数只是业务逻辑的抽象(AWS无法为您编写)。例如,如果您必须从旧版数据库(而不是用户池)进行迁移,那么您将在表中查找他们的用户,抓住他们的盐,使用与旧版数据库相同的逻辑对传递给迁移触发器的密码进行哈希处理身份验证方法,将其与旧数据库中存储的哈希密码进行比较,等等。(如果您以明文形式存储密码,则会更简单一些,但请不要考虑这一点。)

以下是应该为您完成大部分迁移的代码段。有人在Github上问了类似的问题,并引用了这个StackOverflow问题。

const AWS = require('aws-sdk');
const cognitoIdentity = new AWS.CognitoIdentityServiceProvider({ region: '<your-region-here>' });

const UserPoolId = process.env.deprecatedUserPoolId;

exports.handler = async (event) => {
    const { userName } = event;

    const getUserParams = {
        Username: userName,
        UserPoolId
    };

    try {
        const user = await cognitoIdentity.adminGetUser(getUserParams).promise();
        //TODO: if you have custom attributes, grab them from the user variable and store them in the response below
        event.response = { finalUserStatus: "CONFIRMED" }
        return event;
    } catch (e) {
        throw e; //no user to migrate, give them an error in the client 
    }
};
相关问题
最新问题