AWS Lambda UserMigration_ForgotPassword 触发器 |不迁移用户 [英] AWS Lambda UserMigration_ForgotPassword Trigger | Not Migrating Users

问题描述

所以我试图将存储在 dynamodb 中的用户迁移到认知用户池，但是 UserMigration_ForgotPassword 触发器根本不起作用.我到处搜索，没有找到解决我的问题的方法.我也按照文档写了这封信，仍然什么都没有.这是我的代码在 lambda 中的样子:

So I'm trying to migrate users stored in dynamodb to a cognito user pool, but the UserMigration_ForgotPassword trigger simply isn't working. I searched everywhere and found no solution to my problem. I also followed the documentation to the letter, still nothing. Here is what my code looks like in lambda:

else if (event.triggerSource === 'UserMigration_ForgotPassword') {
  console.log('forgot password trigger working')
  user = await findUser(event.userName) 
    if (user) {
     console.log('user found!')
     const { Item } = user 
     console.log(Item)

     event.response.userAttributes = {
       'email': Item.email,
       'email_verified': Item.emailVerified
     }
     event.response.messageAction = 'SUPPRESS'
     console.log(event)
     context.succeed(event);
   } else {
     console.log('User does not exists')
     callback(Error('Bad Password'))
 } 

这是我在 cloudwatch 上得到的:

Here is what I get on cloudwatch:

2020-09-04T12:13:12.895Z    786f09ce-91b7-4051-ade6-************    INFO    forgot password trigger working
2020-09-04T12:13:12.975Z    786f09ce-91b7-4051-ade6-************    INFO    user found!
2020-09-04T12:13:12.977Z    786f09ce-91b7-4051-ade6-************    INFO    {
  emailVerified: true,
  password: '************************',
  salt: '',
  phone_number: '+1111111111',
  internal_user_id: '*****',
  username: 'name@email.com',
  email: 'name@email.com',
  name: 'name'
}
2020-09-04T12:13:12.977Z    786f09ce-91b7-4051-ade6-************    INFO    {
  version: '1',
  triggerSource: 'UserMigration_ForgotPassword',
  region: 'us-****-*',
  userPoolId: 'us-****-*_********',
  userName: 'name@email.com',
  callerContext: {
    awsSdkVersion: 'aws-sdk-unknown-unknown',
    clientId: '**************'
  },
  request: { password: null, validationData: null, userAttributes: null },
  response: {
    userAttributes: {
      email: 'name@email.com',
      email_verified: true
    },
    forceAliasCreation: null,
    messageAction: 'SUPPRESS',
    desiredDeliveryMediums: null
  }
}

我可以安全地得出结论，触发器正在工作，它能够从 dynamodb 获取用户，并且能够构建正确的响应对象.但是，仍然出于某种原因，它无法导入用户.这是我得到的错误:

I can safely conclude that the trigger is working, it is able to get the user from dynamodb and it is able to build the proper response object. But, still for some reason, it cannot import the user. This is the error that I get:

{code: "UserNotFoundException", name: "UserNotFoundException", message: "Exception migrating user in app client *************************"}

另外，lambda 触发器可以访问 dynamodb，它可以调用函数，它可以登录 cloudwatch，当然，它连接到 cognito 中的触发器.如果您想知道，我正在使用无服务器框架.

Also, the lambda trigger has access to dynamodb, it can invoke the function, it can log in cloudwatch and of course, it is hooked up to the trigger in cognito. I am using the serverless framework in case you are wondering.

最后，我想指出 UserMigration_Authentication 工作正常，这让它变得更加奇怪(至少对我而言).

Finally, I want to point out that UserMigration_Authentication is working properly, which makes it even weirder (at least for me).

很高兴知道问题的根源.

Would be great to know the source of the problem.

非常感谢！

编辑 1

我不确定这是否与当前问题有关，但很可能是.我为防止 UserNotFoundException 所做的另一件事是启用"PreventUserExistenceErrors.这是文档的链接.仍然出现错误.

I'm not sure if this is related to the current problem, but most likely is. One more thing that I did to prevent UserNotFoundException, I "ENABLED" PreventUserExistenceErrors. Here is a link to the documentation. Still the error appears.

推荐答案

触发器不工作的原因是因为 ClientMetadata 键中没有传递任何内容.出于某种原因，我没有发现文档不够清楚.所以就我而言:

The problem as to why the trigger wasn't working is because nothing was passed in the ClientMetadata key. For some reason, I didn't find the documentation clear enough. So in my case:

$result = $client->forgotPassword([
    'AnalyticsMetadata' => [
        'AnalyticsEndpointId' => '<string>',
    ],
    'ClientId' => '<string>', 
    'ClientMetadata' => ['<string>', ...], // <- This needs to be filled
    'SecretHash' => '<string>',
    'UserContextData' => [
        'EncodedData' => '<string>',
    ],
    'Username' => '<string>', 
]);

当 ClientMetadata 键被填满时，会触发预注册、自定义消息和用户迁移 lambda 函数.

When the ClientMetadata key is filled, it will trigger the pre sign-up, custom message, and user migration lambda functions.

我把这个留在这里以防有人需要帮助！

I leave this here in case anyone needs help!

这篇关于AWS Lambda UserMigration_ForgotPassword 触发器 |不迁移用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！