Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (9.79 MB, 388 trang )
Note
This example uses both client-side (running in the browser) and server-side (running in Lambda
functions) code. Because the code running in the browser is JavaScript, the Lambda function
examples are also provided in JavaScript. The implementation of those functions in Python is
left as an exercise for you to do on your own, because it doesn’t change the architecture or the
logic of the application.
10.1. REPORTING LOST PASSWORDS
With a flow similar to that of the create and validate user pages, you can implement a reset
password process using an email with a random token to validate the user.
Note
For the sake of simplicity, we’ll call this functionality “lost password,” even though it can cover
different use cases. For example, if the user suspects their credentials have been compromised,
asking for a password reset is a good option.
First, the user reports the lost password in the lostPassword.html page (figure 10.2).
Figure 10.2. To reset a password, the user first has to report that he has lost the password. The lostPassword Lambda function
sends an email with a random token to validate the request.
The code for the lostPassword.html page is shown in listing 10.1.
Listing 10.1. lostPassword.html (Lost Password page)
The lostPassword.js JavaScript code (see the following listing), running in the browser, calls
the lostPassword Lambda function to initiate the reset password process.
Listing 10.2. lostPassword.js (JavaScript in the browser)
https://avxhm.se/blogs/hill0
The lostPassword Lambda function (listing 10.3) generates a random reset token that’s stored
in the database and sent as a query parameter in the link embedded in the reset email message.
The IAM role used by the function is shown in listing 10.4. For example, the reset email message
will look similar to the following:
Subject: Password Lost for Sample Authentication
Please click here to reset your password or copy & paste the following link in a browser:
https://sampleauth.eventdrivenapps.com/
resetPassword.html?email=you@example.com&lost=7d66118778f1c222f51ca68802652e6
d569216a5e4b5ad93756bed9cb680755b3ef45be06714c17a62368d4853db408658223821aa02
08d9ef50e59460d7617995ac291b1973dd5dfae5bb15ebfd6eb3e1ae5f13c5339af0d8e4680af
42f96766c4b33933008e5c66e8fce32c05be2d089502779ca2112cfd09aba7890896155
Listing 10.3. lostPassword Lambda function (Node.js)
Listing 10.4. Policy_Lambda_lostPassword
A screenshot of the lostPassword.html page is shown in figure 10.3. The user has to provide the
email address to start the reset password procedure and receive a reset email message.
Figure 10.3. The output of the Lost Password page. When submitted, the reset email message is sent to the user.
10.2. RESETTING PASSWORDS
After a password has been reported lost, the user receives a reset email message. Clicking the
link in the reset email message opens the resetPassword.html page (listing 10.5), passing
the lost token in the URL (figure 10.4).
Figure 10.4. The second part of the lost password process: the link in the reset email message opens
the resetPassword.html page that asks for a new password and calls the resetPassword Lambda function passing the
lost password token. If the lost password token is correct, checking on the database, the Lambda function changes the password to
the new one.
The reset password token is read by the JavaScript code in the resetPassword.js file (listing
10.6), executed in the browser, and passed to the resetPassword Lambda function (listing 10.7),
together with the new password. The IAM role used by the function is shown in listing 10.8.
Listing 10.5. resetPassword.html (Reset Password page)
Listing 10.6. resetPassword.js (JavaScript in the browser)