- Details
- Written by Jason Ross
- Category: Uncategorised
When you create a user in an AWS user pool using the AdminCreateUser API action, the email address you provide is not automatically flagged as verified. None of the lambdas that are called by other user creation or sign-up methods get called either.
Without a verified email address, users cannot change their passwords again after changing from their temporary passwords which are assigned when the account is created. What do you do?
This isn't really too much of a problem, and the answer is even mentioned in the AWS documentation - either set the email_verified attribute to True in the call to AdminCreateUser, or use AdminUpdateUserAttributes to do the same thing.
When you do this, you may see some strange behaviour, something like the following:
Say you're working on a system with three accounts: Victoria, Edward and George. None of them have verified email addresses, so you decide to set them.
First you set Victoria's account email_verified attribute to True. You display the contents of the user pool and see that everything looks as it should, with Victoria's email_verified attribute definitely set to True.
Next you set Edward's account email_verified attribute to True. You refresh the display of the contents of the user pool and see that Edward's email_verified attribute is set to True, but strangely Victoria's is now False.
For some reason, it looks like your call to AdminUpdateUserAttributes or admin-update-user-attributes changed a value on the wrong user; trying to set the email_verified attribute to True on one user has set the email_verified attribute to False on another user.
Just to make sure, you set George's account email_verified attribute to True. Refreshing the display of the contents of the user pool you see that George's email_verified attribute is set to True, but Victoria's AND Edward's email_verified attributes are now False. Once again it looks like AdminUpdateUserAttributes or admin-update-user-attributes changed the wrong user's attribute to the wrong value.
The reason I've found for this happening is that the user pool containing your users is configured to allow multiple users to be registered with the same email address. This can be useful for development and testing, but can cause problems. If multiple user accounts all share the same email, then you'll get the problem described here - only one account with any given email address can have its email_verified attribute set to True, and trying to set more than one will set all of the others to False.
To avoid these problems, ensure that each user in your Cognito user pool has a unique email address.
- Details
- Written by Jason Ross
- Category: Uncategorised
Sometimes you go away on vacation, then return to work and realize you've forgotten your password. Typically if you're working for a big company, you contact the IT department and they can help you. They'll usually reset your password and, if you're stuck at the login screen and can't reach your email, they'll tell you what the temporary password is while you're on the phone. That's usually enough to let you log on to your computer once, and immediately change the password to one that only you know.
But what happens if you're using an authentication system that doesn't let administrators reset passwords to a known value, something like, say, Cognito? If you need to reset a password to a known value for a user in a user pool, you've got a problem.
Read more: Amazon Cognito Peculiarities 1 - Reset A User Password To A Known Value
- Details
- Written by Jason Ross
- Category: Uncategorised
User Rating: 5 / 5
Applications and Systems
One of the worst things you can do with a system is let everyone have access to every part of it. If you do, people tend to mess around and “investigate” parts of the system they shouldn’t. They may accidentally delete something they shouldn’t. They may be tempted to access data they have no business going near, and by doing any of this they may make the company liable for any number of data-related legal problems.
Faced with this problem, you might decide to implement a system of permissions on your system, where each user is granted access to the parts of the system they need to access for their job.
Read more: What’s The Best Way To Control Access To Applications and Databases?
- Details
- Written by Jason Ross
- Category: Uncategorised
So, you need a web publishing system and you've decided that WordPress is just too mainstream, so you've gone with the extra functionality of Joomla. Welcome to the club!
Of course the extra flexibility brings some extra complexity, but it's nothing that can't be overcome and it will result in your having a great site. In the rest of this article I'll assume that you know about as much about Joomla as I did when I started this site, which is pretty much nothing.
- Details
- Written by Jason Ross
- Category: Uncategorised
User Rating: 5 / 5
When you start out as a software developer it's easy to get fixated on one particular language. It might be the first language you learned, or the first you used professionally, but you'll probably form a serious attachment to it. You might view this language as perfect, or at least much better than any other, and you'll tend to use it for pretty much everything you need to do.
After a while though, you'll start looking around at other languages and seeing why other people think they're good. Initially you may think they're nowhere near as good as your favourite language, and stick purely with your own. This is really the wrong approach.
Read more: Programming Languages - They're Just A Bunch Of Tools!
Page 1 of 6
