diff --git a/Chapter09/SampleAuth/fn/sampleAuthChangePassword/index.js b/Chapter09/SampleAuth/fn/sampleAuthChangePassword/index.js index 4a18329..237d19a 100644 --- a/Chapter09/SampleAuth/fn/sampleAuthChangePassword/index.js +++ b/Chapter09/SampleAuth/fn/sampleAuthChangePassword/index.js @@ -9,103 +9,96 @@ var config = require('./config'); var dynamodb = new AWS.DynamoDB(); function getUser(email, fn) { - dynamodb.getItem({ - TableName: config.DDB_TABLE, - Key: { - email: { - S: email - } - } - }, function(err, data) { - if (err) return fn(err); - else { - if ('Item' in data) { - var hash = data.Item.passwordHash.S; - var salt = data.Item.passwordSalt.S; - fn(null, hash, salt); - } else { - fn(null, null); // User not found - } - } - }); + dynamodb.getItem({ + TableName: config.DDB_TABLE, + Key: { + email: { + S: email + } + } + }, function(err, data) { + if (err) return fn(err); + else { + if ('Item' in data) { + var hash = data.Item.passwordHash.S; + var salt = data.Item.passwordSalt.S; + fn(null, hash, salt); + } else { + fn(null, null); // User not found + } + } + }); } function updateUser(email, password, salt, fn) { - dynamodb.updateItem({ - TableName: config.DDB_TABLE, - Key: { - email: { - S: email - } - }, - AttributeUpdates: { - passwordHash: { - Action: 'PUT', - Value: { - S: password - } - }, - passwordSalt: { - Action: 'PUT', - Value: { - S: salt - } - } - } - }, - fn); + dynamodb.updateItem({ + TableName: config.DDB_TABLE, + Key: { + email: { + S: email + } + }, + AttributeUpdates: { + passwordHash: { + Action: 'PUT', + Value: { + S: password + } + }, + passwordSalt: { + Action: 'PUT', + Value: { + S: salt + } + } + } + }, + fn); } -exports.handler = function(event, context) { +exports.handler = (event, context, callback) => { + var email = event.email; + var oldPassword = event.oldPassword; + var newPassword = event.newPassword; - var email = event.email; - var oldPassword = event.oldPassword; - var newPassword = event.newPassword; - - getUser(email, function(err, correctHash, salt) { - if (err) { - context.fail('Error in getUser: ' + err); - } else { - if (correctHash == null) { - // User not found - console.log('User not found: ' + email); - context.succeed({ - changed: false - }); - } else { - computeHash(oldPassword, salt, function(err, salt, hash) { - if (err) { - context.fail('Error in hash: ' + err); - } else { - if (hash == correctHash) { - // Login ok - console.log('User logged in: ' + email); - computeHash(newPassword, function(err, newSalt, newHash) { - if (err) { - context.fail('Error in computeHash: ' + err); - } else { - updateUser(email, newHash, newSalt, function(err, data) { - if (err) { - context.fail('Error in updateUser: ' + err); - } else { - console.log('User password changed: ' + email); - context.succeed({ - changed: true - }); - } - }); - } - }); - } else { - // Login failed - console.log('User login failed: ' + email); - context.succeed({ - changed: false - }); - } - } - }); - } - } - }); + getUser(email, function(err, correctHash, salt) { + if (err) { + callback('Error in getUser: ' + err); + } else { + if (correctHash == null) { + // User not found + console.log('User not found: ' + email); + callback(null, { changed: false }); + } else { + cryptoUtils.computeHash(oldPassword, salt, function(err, salt, hash) { + if (err) { + callback('Error in hash: ' + err); + } else { + if (hash == correctHash) { + // Login ok + console.log('User logged in: ' + email); + cryptoUtils.computeHash(newPassword, function(err, newSalt, newHash) { + if (err) { + callback('Error in cryptoUtils.computeHash: ' + err); + } else { + updateUser(email, newHash, newSalt, function(err, data) { + if (err) { + callback('Error in updateUser: ' + err); + } else { + console.log('User password changed: ' + email); + callback(null, { changed: true }); + } + }); + } + }); + } else { + // Login failed + console.log('User login failed: ' + email); + callback(null, { changed: false }); + } + } + }); + } + } + }); } diff --git a/Chapter09/SampleAuth/www/js/changePassword.js b/Chapter09/SampleAuth/www/js/changePassword.js index 936bb2e..a8c58b5 100644 --- a/Chapter09/SampleAuth/www/js/changePassword.js +++ b/Chapter09/SampleAuth/www/js/changePassword.js @@ -1,8 +1,8 @@ -AWS.config.region = ''; +// Initialize the Amazon Cognito credentials provider +AWS.config.region = 'us-east-1'; // Region AWS.config.credentials = new AWS.CognitoIdentityCredentials({ - IdentityPoolId: '' + IdentityPoolId: 'us-east-1:51d8f08c-a0d8-4607-9895-f2849ecec37a', }); - var lambda = new AWS.Lambda(); function changePassword() { @@ -23,60 +23,31 @@ function changePassword() { result.innerHTML = 'Please specify a new password.'; } else if (newPassword.value != verifyNewPassword.value) { result.innerHTML = 'The new passwords are different, please check.'; - } else { - - var input = { - email: email.value, - password: oldPassword.value - }; - - lambda.invoke({ - FunctionName: 'sampleAuthLogin', - Payload: JSON.stringify(input) - }, function(err, data) { - if (err) console.log(err, err.stack); - else { - var output = JSON.parse(data.Payload); - console.log('identityId: ' + output.identityId); - console.log('token: ' + output.token); - if (!output.login) { - result.innerHTML = 'Not logged in'; - } else { - result.innerHTML = 'Logged in with identityId: ' + output.identityId + '
'; - - var creds = AWS.config.credentials; - creds.params.IdentityId = output.identityId; - creds.params.Logins = { - 'cognito-identity.amazonaws.com': output.token - }; - creds.expired = true; - - var input = { - email: email.value, - oldPassword: oldPassword.value, - newPassword: newPassword.value - }; - - lambda.invoke({ - FunctionName: 'sampleAuthChangePassword', - Payload: JSON.stringify(input) - }, function(err, data) { - if (err) console.log(err, err.stack); - else { - var output = JSON.parse(data.Payload); - if (!output.changed) { - result.innerHTML = 'Password not changed.'; - } else { - result.innerHTML = 'Password changed.'; - } - } - }); + } else + + var input = { + email: email.value, + oldPassword: oldPassword.value, + newPassword: newPassword.value + }; + + + lambda.invoke({ + FunctionName: 'sampleAuthChangePassword', + Payload: JSON.stringify(input) + }, function(err, data) { + if (err) console.log(err, err.stack); + else { + var output = JSON.parse(data.Payload); + if (!output.changed) { + result.innerHTML = 'Password not changed.'; + } else { + result.innerHTML = 'Password changed.'; + } + } + }); - } - } - }); - } } var form = document.getElementById('change-password-form');