Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

confirmResetPassword returns generic error message if incorrect verificationCode is provided. #2866

Open
1 task done
ashwani-trivediat opened this issue Jul 2, 2024 · 8 comments
Assignees
Labels
auth Related to the Auth category/plugins bug Something isn't working

Comments

@ashwani-trivediat
Copy link

ashwani-trivediat commented Jul 2, 2024

Before opening, please confirm:

Language and Async Model

Kotlin

Amplify Categories

Authentication

Gradle script dependencies

// Put output below this line

implementation 'com.amplifyframework:aws-api:2.19.1'

Environment information

# Put output below this line

------------------------------------------------------------
Gradle 8.0
------------------------------------------------------------

Build time:   2023-02-13 13:15:21 UTC
Revision:     62ab9b7c7f884426cf79fbedcf07658b2dbe9e97

Kotlin:       1.8.10
Groovy:       3.0.13
Ant:          Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM:          17.0.9 (JetBrains s.r.o. 17.0.9+8-b1166.2)
OS:           Mac OS X 14.4.1 x86_64

Please include any relevant guides or documentation you're referencing

https://docs.amplify.aws/gen1/android/build-a-backend/auth/manage-passwords/#reset-password

Describe the bug

Amplify SDK authentication version 2.19.1 seems to throw and generic error message if user types incorrect verificationCode while trying to reset password. Here are the steps:

  1. User request a verification code by calling:
Amplify.Auth.resetPassword(
   "username",
   result -> Log.i("AuthQuickstart", result.toString()),
   error -> Log.e("AuthQuickstart", error.toString())
);
  1. User types incorrect verificationCode and new password and re-enters new password, and call amplify SDK confirmResetPassword method:
Amplify.Auth.confirmResetPassword(
   "Username",
   "NewPassword123",
   "confirmation code you received",
   () -> Log.i("AuthQuickstart", "New password confirmed"),
   error -> Log.e("AuthQuickstart", error.toString())
);
  1. Following error message is displayed to the user:
    Screenshot_20240627_145355_Plumsense_Dev-20240627-095915

On investigating the root cause it appears that inside RealAWSCognitoAuthPlugin whenever any type of error is encountered a generic error message is returned, here is the message:
"There is a possibility that there is a bug if this error persists. Please take a look at \n" +
"https://github.com/aws-amplify/amplify-android/issues to see if there are any existing issues that \n" +
"match your scenario, and file an issue with the details of the bug if there isn't.";

Following appears to be problematic code:
Screenshot 2024-06-30 at 11 39 29 PM

Reproduction steps (if applicable)

No response

Code Snippet

// Put your code below this line.

Log output

// Put your logs below this line


amplifyconfiguration.json

No response

GraphQL Schema

// Put your schema below this line

Additional information and screenshots

No response

@github-actions github-actions bot added the pending-triage Issue is pending triage label Jul 2, 2024
@mattcreaser mattcreaser added auth Related to the Auth category/plugins question General question labels Jul 2, 2024
@github-actions github-actions bot removed the pending-triage Issue is pending triage label Jul 2, 2024
@mattcreaser mattcreaser added bug Something isn't working and removed question General question labels Jul 2, 2024
@mattcreaser
Copy link
Member

The described steps are supposed to result in a CodeMismatchException from Kotlin SDK. We will have to check if it is returning an incorrect exception type.

@mattcreaser mattcreaser self-assigned this Jul 2, 2024
@ashwani-trivediat
Copy link
Author

I looked into the error a bit more, looks like there is CodeMismatchException in the headers.
Screenshot 2024-07-03 at 9 25 21 PM

Here is the stack trace:
Screenshot 2024-07-03 at 9 23 08 PM

Error message is as follows:
{AttributeKey(aws.smithy.kotlin#ProtocolResponse)=DefaultHttpResponse(status=400: Bad Request, headers=aws.smithy.kotlin.runtime.http.engine.okhttp.OkHttpHeadersAdapter@f2c480f, body=aws.smithy.kotlin.runtime.http.content.ByteArrayContent@e69709c)}

aws.sdk.kotlin.services.cognitoidentityprovider.model.CognitoIdentityProviderException: Failed to parse response as 'awsJson1_1' error

Hope it helps.

@mattcreaser
Copy link
Member

mattcreaser commented Jul 8, 2024

Thanks for the additional info @ashwani-trivediat, that is very helpful. There's definitely something odd going on here - the stack trace indicates that the Kotlin SDK actually couldn't parse the response. That explains why the generic error message was returned instead of the correct code mismatch exception.

To double check, I used the Authenticator Sample App and the returned exception has the correct type and message:

Screenshot 2024-07-08 at 10 55 34 AM

The difference appears to be that my backend returned a body in the response, while yours did not:

Screenshot 2024-07-08 at 11 19 10 AM

You can see in your headers that the content-length is specified as 100 bytes, but the body has an actual contentLength of 0. This explains the error, but I'm not sure why the body would be missing.

Can you double check what values you are sending for the confirmation code? Does your backend have any custom lambda triggers involved in the reset password process?

@vincetran vincetran added the pending-community-response Issue is pending response from the issue requestor label Jul 8, 2024
@ashwani-trivediat
Copy link
Author

Hi @vincetran, we don't have any custom trigger for password reset. We have following two lembda triggers, will reset password trigger them?
image

@github-actions github-actions bot removed the pending-community-response Issue is pending response from the issue requestor label Jul 10, 2024
@ashwani-trivediat
Copy link
Author

@mattcreaser @vincetran do you need more information on this, I need to identify why my AWS instance is returning null body after migrating to V2 API, it was working fine with V1 API.

@mattcreaser
Copy link
Member

Sorry for the slow reply @ashwani-trivediat.

There may or may not be any actual change in what your backend is returning between V1 and V2, instead it could just be that the AWS Android SDK (what V1 was built on) is tolerant of the missing response body, while AWS Kotlin SDK (What V2 is built on) is not.

According to the Cognito docs, the pre sign-up trigger will be invoked during a password reset, so it's possible that is the source of the error. Can you temporarily delete that trigger and see if the issue persists?

@ashwani-trivediat
Copy link
Author

@mattcreaser I tried with deleting pre sign-up flow, but the issue still remains the same.

@tylerjroach tylerjroach added the pending-maintainer-response Issue is pending response from an Amplify team member label Aug 13, 2024
@mattcreaser
Copy link
Member

We may need to engage someone from the Kotlin SDK or Cognito teams here to determine why the response is empty.

@github-actions github-actions bot removed the pending-maintainer-response Issue is pending response from an Amplify team member label Aug 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auth Related to the Auth category/plugins bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants