Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Supporting external logic for restoring / generating custom password #1

Merged
merged 2 commits into from
Sep 14, 2018
Merged

Supporting external logic for restoring / generating custom password #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9a678ed
Prototype of supporting custom password restore logic
juno-visualsquares Aug 20, 2018
f16781d
Remove comment
juno-visualsquares Aug 20, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/cli/args.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ export const argv = yargs
alias: ['pwd'],
describe: dimmed`TemporaryPassword of the users imported`,
string: true
},
passwordModulePath: {
alias: ["pwdModule"],
describe: dimmed`A module that exports an interface getPwdForUsername(username: String) method, fall back to password parameter if throw`,
string: true
}
});
})
Expand Down
4 changes: 2 additions & 2 deletions src/cli/cli.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ const orange = chalk.keyword('orange');
(async () => {
let spinner = ora({ spinner: 'dots4', hideCursor: true });
try {
const { mode, profile, region, key, secret, userpool, directory, file, password } = await options;
const { mode, profile, region, key, secret, userpool, directory, file, password, passwordModulePath } = await options;

// update the config of aws-sdk based on profile/credentials passed
AWS.config.update({ region });
Expand All @@ -35,7 +35,7 @@ const orange = chalk.keyword('orange');
spinner.succeed(green(`JSON Exported successfully to ${directory}/\n`));
} else if (mode === 'restore') {
spinner = spinner.start(orange`Restoring userpool`);
await restoreUsers(cognitoISP, userpool, file, password);
await restoreUsers(cognitoISP, userpool, file, password, passwordModulePath);
spinner.succeed(green(`Users imported successfully to ${userpool}\n`));
} else {
spinner.fail(red`Mode passed is invalid, please make sure a valid command is passed here.\n`);
Expand Down
14 changes: 12 additions & 2 deletions src/cli/options.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ const searchCognitoRegion = async (_: never, input: string) => {
};

const verifyOptions = async () => {
let { mode, profile, region, key, secret, userpool, directory, file, password } = argv;
let { mode, profile, region, key, secret, userpool, directory, file, password, passwordModulePath } = argv;

// choose the mode if not passed through CLI or invalid is passed
if (!mode || !['restore', 'backup'].includes(mode)) {
Expand Down Expand Up @@ -149,7 +149,17 @@ const verifyOptions = async () => {
file = fileLocation.selected;
}

return { mode, profile, region, key, secret, userpool, directory, file, password }
if (mode === 'restore' && passwordModulePath) {
try {
const pwdModule = require(passwordModulePath);
if (typeof pwdModule.getPwdForUsername !== 'function') {
throw Error(`Cannot find getPwdForUsername(username: String) in password module "${passwordModulePath}".`);
};
} catch(e) {
throw Error(`Cannot load password module path "${passwordModulePath}".`);
}
}
return { mode, profile, region, key, secret, userpool, directory, file, password, passwordModulePath }
};


Expand Down
20 changes: 17 additions & 3 deletions src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,12 @@ export const backupUsers = async (cognito: CognitoISP, UserPoolId: string, direc
};


export const restoreUsers = async (cognito: CognitoISP, UserPoolId: string, file: string, password?: string) => {
export const restoreUsers = async (cognito: CognitoISP, UserPoolId: string, file: string, password?: string, passwordModulePath?: String) => {
if (UserPoolId == 'all') throw Error(`'all' is not a acceptable value for UserPoolId`);
let pwdModule: any = null;
if (typeof passwordModulePath === 'string') {
pwdModule = require(passwordModulePath);
}

const { UserPool } = await cognito.describeUserPool({ UserPoolId }).promise();
const UsernameAttributes = UserPool && UserPool.UsernameAttributes || [];
Expand Down Expand Up @@ -91,13 +95,23 @@ export const restoreUsers = async (cognito: CognitoISP, UserPoolId: string, file
params.DesiredDeliveryMediums = ['EMAIL', 'SMS']
}

// If password module is specified, use it silently
// if not provided or it throws, we fallback to password if provided
// if password is provided, use it silently
// else set a cognito generated one and send email (default)
if (password) {
let specificPwdExistsForUser = false;
if (pwdModule !== null){
try {
params.MessageAction = 'SUPPRESS';
params.TemporaryPassword = pwdModule.getPwdForUsername(user.Username);
specificPwdExistsForUser = true;
} catch (e) {
}
}
if (!specificPwdExistsForUser && password) {
params.MessageAction = 'SUPPRESS';
params.TemporaryPassword = password;
}

const wrapped = limiter.wrap(async () => cognito.adminCreateUser(params).promise());
await wrapped();
};
Expand Down