I'm trying to use respondToAuthChallenge with NEW_PASSWORD_REQUIRED to change the user's password. I keep getting "Invalid attributes given, given_name is missing" errors. I've tried adding the user's attributes to the call, but I can't seem to find any documentation on how that data should be formatted within the call.
Here is the original code...
$QUERY = $COG_CLIENT->respondToAuthChallenge([
'ChallengeName' => 'NEW_PASSWORD_REQUIRED',
'ClientId' => $COG_CLIENT_ID,
'ChallengeResponses' => [
'USERNAME' => $USER_EMAIL,
'NEW_PASSWORD' => $USER_NEW_PASS,
'SECRET_HASH' => $SEC_HASH,
],
'Session' => $COG_USER_SESSION,
]);
Then I tried adding the user attributes like so...
$QUERY = $COG_CLIENT->respondToAuthChallenge([
'ChallengeName' => 'NEW_PASSWORD_REQUIRED',
'ClientId' => $COG_CLIENT_ID,
'ChallengeResponses' => [
'USERNAME' => $USER_EMAIL,
'NEW_PASSWORD' => $USER_NEW_PASS,
'SECRET_HASH' => $SEC_HASH,
'UserAttributes' => '{"given_name":"Bob"}',
],
'Session' => $COG_USER_SESSION,
]);
But I'm still getting the same error. If I format the UserAttributes value as an array, I get an error saying that a string is expected.
Does anyone know how I should be passing the user attributes? I'm super lost on this one.
Ah, I think I figured it out after hours of trying many different variations... this is what finally ended up working.
$QUERY = $COG_CLIENT->respondToAuthChallenge([
'ChallengeName' => 'NEW_PASSWORD_REQUIRED',
'ClientId' => $COG_CLIENT_ID,
'ChallengeResponses' => [
'USERNAME' => $USER_EMAIL,
'NEW_PASSWORD' => $USER_NEW_PASS,
'SECRET_HASH' => $SEC_HASH,
'userAttributes.given_name' => 'Bob',
],
'Session' => $COG_USER_SESSION,
]);
I can't believe this isn't documented somewhere.
Related
in my app the user can update the info of stripe connected account, however I ONLY want to actullay update the value of the fields that appear in the request payload, I could do this with a simple if check but the way I update the stripe array method makes this issue more complicated .
Is there any syntax sugar or trick to make this easier.
How my update method looks;
public function editConnectedAccount(Request $request)
{
$account = Account::retrieve($request->connectedAccountId);
Account::update(
$request->connectedAccountId,
[
'type' => 'custom',
'country' => 'ES',
'email' => $request->userEmail,
'business_type' => 'individual',
'tos_acceptance' => [ 'date' => Carbon::now()->timestamp, 'ip' => '83.46.154.71' ],
'individual' =>
[
'dob' => [ 'day' => $request->userDOBday, 'month' => $request->userDOBmonth, 'year' => $request->userDOByear ],
'first_name' => $request->userName,
'email' => $request->userEmail,
'phone' => $request->userPhone,
'last_name' => $request->userSurname,
//'ssn_last_4' => 7871,
'address' => [ 'city' => $request->userBusinessCity, 'line1' => $request->userBusinessAddress, 'postal_code' => $request->userBusinessZipCode, 'state' => $request->userBusinessCity ]
],
'business_profile' =>
[
'mcc' => 5812, //got it
'description' => '',
//'url' => 'https://www.youtube.com/?hl=es&gl=ES', //got it
],
'capabilities' => [
'card_payments' => ['requested' => true],
'transfers' => ['requested' => true],
],
]
);
return response()->json([
'account' => $account,
], 200);
Consider using a Form Request where you preform validation. This will neaten up your controller for a start and also make validation (never trust user input!) reusable.
Assuming validation is successful, calling $request->validated() from inside your controller method will return only the fields present and validated. You can then use either fill($request->validated()) or update($request->validated()).
I would like to change the password of a user in AD since there are no attribute for password in AD.
Currently running laravel framework with Adldap2-laravel package in order to manage ADLDAP operations.
Here's my ldap_auth.php
<?php
return [
'connection' => env('LDAP_CONNECTION', 'default'),
'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,
'model' => App\User::class,
'rules' => [
Adldap\Laravel\Validation\Rules\DenyTrashed::class,
],
'scopes' => [
Adldap\Laravel\Scopes\UidScope::class
],
'identifiers' => [
'ldap' => [
'locate_users_by' => 'uid',
'bind_users_by' => 'dn',
],
'database' => [
'guid_column' => 'objectguid',
'username_column' => 'username',
],
'windows' => [
'locate_users_by' => 'samaccountname',
'server_key' => 'AUTH_USER',
],
],
'passwords' => [
'sync' => env('LDAP_PASSWORD_SYNC', false),
'column' => 'password',
],
'login_fallback' => env('LDAP_LOGIN_FALLBACK', false),
'sync_attributes' => [
'username' => 'uid',
'password' => 'userPassword',
'name' => 'cn',
'role' => 'l',
'category' => 'businessCategory',
'telephone_number' => 'telephoneNumber',
'email' => 'mail'
],
'logging' => [
'enabled' => env('LDAP_LOGGING', true),
'events' => [
\Adldap\Laravel\Events\Importing::class => \Adldap\Laravel\Listeners\LogImport::class,
\Adldap\Laravel\Events\Synchronized::class => \Adldap\Laravel\Listeners\LogSynchronized::class,
\Adldap\Laravel\Events\Synchronizing::class => \Adldap\Laravel\Listeners\LogSynchronizing::class,
\Adldap\Laravel\Events\Authenticated::class => \Adldap\Laravel\Listeners\LogAuthenticated::class,
\Adldap\Laravel\Events\Authenticating::class => \Adldap\Laravel\Listeners\LogAuthentication::class,
\Adldap\Laravel\Events\AuthenticationFailed::class => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
\Adldap\Laravel\Events\AuthenticationRejected::class => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
\Adldap\Laravel\Events\AuthenticationSuccessful::class => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
\Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
\Adldap\Laravel\Events\AuthenticatedWithWindows::class => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
\Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class,
],
],
];
Here is my LdapController.php where I include function to reset password
public function resetPassword(Request $req)
{
$req->validate([
'userid' => 'required',
'password' => 'required|min:6|confirmed'
]);
$userLdap = Adldap::search()->where('uid', $req->userid)->firstOrFail();
$newPassword = "{SHA}" . base64_encode(pack("H*", sha1($req->password)));
$res = $userLdap->update([
'userpassword' => $newPassword
]);
//Force change AD Password
// $adPassword = str_replace("\n", "", shell_exec("echo -n '\"" . $req->password . "\"' | recode latin1..utf-16le/base64"));
// $provider = Adldap\Models\User::connect('ad');
// $dn = $provider->search()->where('cn', $req->userid)->get();
// $res = $dn->setPassword($adPassword);
if ($res) {
return back()->withSuccess('<strong>Success!</strong> Your password has been changed');
} else {
return back()->withErrors('<strong>Failed!</strong> Your password was unable to changed');
}
}
Unfortunately $res = $dn->setPassword($adPassword); returns error 'Method Adldap\Query\Collection::setPassword does not exist.'
I found an example here when I searched Google for "Adldap2-laravel change password".
$user = Adldap::users()->find('jdoe');
if ($user instanceof Adldap\Models\User) {
$oldPassword = 'password123';
$newPassword = 'correcthorsebatterystaple';
$user->changePassword($oldPassword, $newPassword);
}
If you want to reset the password, then it seems like this should work:
$user->setPassword("correcthorsebatterystaple");
$user->save();
If you want to know what's going on underneath, or how it can be done without Adldap2-laravel:
The attribute is unicodePwd. You can either "change" the password, or "reset" it.
Changing the password requires knowing the old password. This is what a user would do themselves.
Resetting a password requires the "Reset password" permission on the account, which is usually given to administrative accounts.
The documentation for unicodePwd tells you how to do both. For a "change", you send a delete instruction with the old password and an add instruction with the new one, all in the same request.
For a reset, you send a single replace instruction.
In both cases, the passwords have to be sent in a specific format.
The PHP documentation for 'ldap_modify_batch` shows an example of how to change a password.
On the documentation page for ldap_mod_replace, there is a comment that shows you how to reset a password.
When I use the below code:
$result = $this->client->adminInitiateAuth([
'AuthFlow' => 'ADMIN_NO_SRP_AUTH',
'ClientId' => $this->client_id,
'UserPoolId' => $this->userpool_id,
'AuthParameters' => [
'USERNAME' => $username,
'PASSWORD' => $password,
],
]);
I am getting a response with session and challengeName :NEW_PASSWORD_REQUIRED. From this how to generate the AccessToken in AWS-cognito?
You can use the respondToAuthChallenge method to set the user's new password and log them in. It should also return the accessToken for you.
You could do something like this:
$result = $this->client->respondToAuthChallenge([
'ChallengeName' => 'NEW_PASSWORD_REQUIRED',
'ClientId' => $this->client_id,
'ChallengeResponses' => [
'USERNAME' => $username,
'NEW_PASSWORD' => $password,
],
'Session' => $session,
]);
You need to respond this challenge (respondToAuthChallenge) using the session returned by adminInitiateAuth method. This session is a key to respond because the user at this time not is logged yet and is valid for 3 minutes. After that, you will reveive (if the session is valid) the RefreshToken, AccessToken and IdToken.
I clone braintree project from https://github.com/braintree/braintree_php_example. Than I created account https://www.braintreepayments.com/sandbox. I must to return client_token. I debug this code
$result = Braintree\Transaction::sale([
'amount' => $amount,
'paymentMethodNonce' => $nonce,
'options' => [
'submitForSettlement' => true
]
]);
var_dump($result->transaction);
But token = null. Maybe my steps are incorrect?
////////////////////////////////
I did it!
I create user
$result = Braintree_Customer::create([
'firstName' => 'Mike',
'lastName' => 'Jones',
'company' => 'Jones Co.',
'email' => 'mike.jones#example.com',
'phone' => '281.330.8004',
'fax' => '419.555.1235',
'website' => 'http://example.com']);
Than I get customer_id
$result->customer->id;
Than I get token
$clientToken = Braintree_ClientToken::generate([
"customerId" => $result->customer->id
]);
Maybe problem with custom register in https://www.braintreepayments.com/sandbox.
Maybe I didn't put all information
I am currently developing a skill for Amazon's echo dot which requires the use of persistent data. I ran into an issue when developing a web interface for my skill where I was not able to easily update the mapAttr column of the DynamoDB table used by the skill.
I've been trying to work this out for the last 2 days, I've looked everywhere including the documentation but can't seem to find anything that'll help me.
This is the code I am using:
$result = $client->updateItem([
'TableName' => 'rememberThisDBNemo',
'Key' => [
'userId' => [ 'S' => $_SESSION['userDataAsk'] ]
],
'ExpressionAttributeNames' => [
'#attr' => 'mapAttr.ReminderJSON'
],
'ExpressionAttributeValues' => [
':val1' => json_encode($value)
],
'UpdateExpression' => 'SET #attr = :val1'
]);
I have tried many different things so this might be just absolutely wrong, but nothing that I have found has worked.
The table has 2 columns, userId and mapAttr, userId is a string and mapAttr is a map. Originally I thought it was simply a JSON string but it was not like that as when I tried to update it with a JSON string directly it would stop working when read by Alexa.
I am only trying to update 1 out of the 2 attributes of mapAttr. That is ReminderJSON which is a string.
Any help would be appreciated. Thanks.
Try calling updateItem like this
$result = $client->updateItem([
'TableName' => 'rememberThisDBNemo',
'Key' => [
'userId' => [ 'S' => $_SESSION['userDataAsk'] ]
],
'ExpressionAttributeNames' => [
'#mapAttr' => 'mapAttr',
'#attr' => 'ReminderJSON'
],
'ExpressionAttributeValues' => [
':val1' => ['S' => json_encode($value)]
],
'UpdateExpression' => 'SET #mapAttr.#attr = :val1'
]);
However, please be aware that in order for this to work, attribute mapAttr must already exist. If it doesn't, you'll get ValidationException saying The document path provided in the update expression is invalid for update...
As a workaround, you may want to add a ConditionExpression => 'attribute_exists(mapAttr)' to your params, catch possible exception, and then perform another update adding a new attribute mapAttr:
try {
$result = $client->updateItem([
'TableName' => 'rememberThisDBNemo',
'Key' => [
'userId' => [ 'S' => $_SESSION['userDataAsk'] ]
],
'ExpressionAttributeNames' => [
'#mapAttr' => 'mapAttr'
'#attr' => 'ReminderJSON'
],
'ExpressionAttributeValues' => [
':val1' => ['S' => json_encode($value)]
],
'UpdateExpression' => 'SET #mapAttr.#attr = :val1'
'ConditionExpression' => 'attribute_exists(#mapAttr)'
]);
} catch (\Aws\Exception\AwsException $e) {
if ($e->getAwsErrorCode() == "ConditionalCheckFailedException") {
$result = $client->updateItem([
'TableName' => 'rememberThisDBNemo',
'Key' => [
'userId' => [ 'S' => $_SESSION['userDataAsk'] ]
],
'ExpressionAttributeNames' => [
'#mapAttr' => 'mapAttr'
],
'ExpressionAttributeValues' => [
':mapValue' => ['M' => ['ReminderJSON' => ['S' => json_encode($value)]]]
],
'UpdateExpression' => 'SET #mapAttr = :mapValue'
'ConditionExpression' => 'attribute_not_exists(#mapAttr)'
]);
}
}