Chapter 10. Adding more features to the authentication service

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (9.79 MB, 388 trang )

Note

This example uses both client-side (running in the browser) and server-side (running in Lambda

functions) code. Because the code running in the browser is JavaScript, the Lambda function

examples are also provided in JavaScript. The implementation of those functions in Python is

left as an exercise for you to do on your own, because it doesn’t change the architecture or the

logic of the application.

10.1. REPORTING LOST PASSWORDS

With a flow similar to that of the create and validate user pages, you can implement a reset

password process using an email with a random token to validate the user.

Note

For the sake of simplicity, we’ll call this functionality “lost password,” even though it can cover

different use cases. For example, if the user suspects their credentials have been compromised,

asking for a password reset is a good option.

First, the user reports the lost password in the lostPassword.html page (figure 10.2).

Figure 10.2. To reset a password, the user first has to report that he has lost the password. The lostPassword Lambda function

sends an email with a random token to validate the request.

The code for the lostPassword.html page is shown in listing 10.1.

Listing 10.1. lostPassword.html (Lost Password page)

The lostPassword.js JavaScript code (see the following listing), running in the browser, calls

the lostPassword Lambda function to initiate the reset password process.

Listing 10.2. lostPassword.js (JavaScript in the browser)

https://avxhm.se/blogs/hill0

The lostPassword Lambda function (listing 10.3) generates a random reset token that’s stored

in the database and sent as a query parameter in the link embedded in the reset email message.

The IAM role used by the function is shown in listing 10.4. For example, the reset email message

will look similar to the following:

Subject: Password Lost for Sample Authentication

Please click here to reset your password or copy & paste the following link in a browser:

https://sampleauth.eventdrivenapps.com/

resetPassword.html?email=you@example.com&lost=7d66118778f1c222f51ca68802652e6

d569216a5e4b5ad93756bed9cb680755b3ef45be06714c17a62368d4853db408658223821aa02

08d9ef50e59460d7617995ac291b1973dd5dfae5bb15ebfd6eb3e1ae5f13c5339af0d8e4680af

42f96766c4b33933008e5c66e8fce32c05be2d089502779ca2112cfd09aba7890896155

Listing 10.3. lostPassword Lambda function (Node.js)

Listing 10.4. Policy_Lambda_lostPassword

A screenshot of the lostPassword.html page is shown in figure 10.3. The user has to provide the

email address to start the reset password procedure and receive a reset email message.

Figure 10.3. The output of the Lost Password page. When submitted, the reset email message is sent to the user.

10.2. RESETTING PASSWORDS

After a password has been reported lost, the user receives a reset email message. Clicking the

link in the reset email message opens the resetPassword.html page (listing 10.5), passing

the lost token in the URL (figure 10.4).

Figure 10.4. The second part of the lost password process: the link in the reset email message opens

the resetPassword.html page that asks for a new password and calls the resetPassword Lambda function passing the

lost password token. If the lost password token is correct, checking on the database, the Lambda function changes the password to

the new one.

The reset password token is read by the JavaScript code in the resetPassword.js file (listing

10.6), executed in the browser, and passed to the resetPassword Lambda function (listing 10.7),

together with the new password. The IAM role used by the function is shown in listing 10.8.

Listing 10.5. resetPassword.html (Reset Password page)

Listing 10.6. resetPassword.js (JavaScript in the browser)

Xem Thêm

Chapter 10. Adding more features to the authentication service

Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về