Is there a way to get user details (profile attributes etc) if I have IdentityPool or UserPool ID (sub) of a user with AWS SDK?
The use case is that I'm saving some information submitted by a user in a DB with a key equal to user ID (sub). So, when I'm reading it from the DB, I want to restore back some user info from my pool for my app UI.
I found a similar question (Getting cognito user pool username from cognito identity pool identityId), but it seems, the answer given is focused around serverless deployment, and still has some gaps.
Thanks in advance
Since you have the user's sub, you can use AdminGetUser. It returns the UserAttributes in the pool.
I think I found a solution, it was on the surface actually.
Having user pool id one can use ListUsers call with filter sub = \"${userId}\". The client to be used is CognitoIdentityProviderClient, if JS is used.
const client = new CognitoIdentityProviderClient({
region: REGION,
credentials: fromCognitoIdentityPool({
client: new CognitoIdentityClient({ region: REGION }),
logins: {
[PROVIDER_ID]: token
},
identityPoolId: ID_POOL_ID
})
});
const filter = `sub = \"${userPoolId}\"`;
const resp = await client.send(new ListUsersCommand({
UserPoolId: USER_POOL_ID,
Filter: filter,
Limit: 1
}));
Of course AdminGetUser can be used as well, as Ulas Keles mentioned above, if it's applicable
Related
I am calling google admin directory api to get user through email and then storing the organizations return in org.
var user = AdminDirectory.Users.get(bmail);
org = user.organizations;
Output
[ { customType: '',
title: 'PM',
department: 'BIT',
primary: true,
description: 'Permanent' } ]
How can i get only department in org? I've tried to use get.child(element) to get the department however not successful.
How can i get only manager's email? I've read the Rest Resource Users but there is no information related to manager's email.
Any reference or help will be much appreciated.
Thank you
You already have the User object, so if you want to read the department property you only have to navigate its tree. See the example below:
function myFunction() {
var user = AdminDirectory.Users.get(bmail);
org = user['organizations'][0]['department'];
}
Now to answer your second question you could use the relations field to keep track of the user's managers. Feel free to drop a comment if you need further clarifications.
I'm looking for a way to save database entities changes for some entities. I mean I need to save in a database table all changes that are done on some tables (add, modify / delete) with ability to track user which did the change.
I'm working on NextJS with a custom ExpressJS server and MYSQL database were I use Prisma as ORM. I think it's maybe possible to write an ExpressJS middleware but I have yet no idea how to do it and asking myself if any library already exist.
Usually I work on PHP Symfony and used to manage this StofDoctrineExtensionsBundle which is great and works as expected. But my current project is a Typescript project only with Express/NextJS/React/Prisma/MYSQL.
Any feedback from your knowledge will be very appreciate.
Thank's in advance.
Regards,
Gulivert
EDIT: My current API which has to be moved to Express/NextJS is still running on Symfony and the table where all changes is logged looks like this :
{
"id": 59807,
"user": "ccba6ad2-0ae8-11ec-813f-0242c0a84005",
"patient": "84c3ef66-548a-11ea-8425-0242ac140002",
"action": "update",
"logged_at": "2021-11-02 17:55:09",
"object_id": "84c3ef66-548a-11ea-8425-0242ac140002",
"object_class": "App\\Entity\\Patient",
"version": 5,
"data": "a:2:{s:10:\"birth_name\";s:2:\"--\";s:10:\"profession\";s:2:\"--\";}",
"username": "johndoe",
"object_name": "patient",
"description": null
}
Explanation about database columns:
user => relation to user table
patient => relation to patient table
action => can be "create"/"update"/delete"
logged_at => date time where the change was done
object_id => entity row ID where an entity get a change
object_class => the entity updated
version => how many time the object was change
data => all data changed during the modification
username => the username of logged user did the change
object_name => a string to identify the object modified without
using the namespace of object_class
description => a value that can be update on some specific change * during usually the action delete to keep a trace what was deleted for instance
You might find prisma middleware useful for this.
Check out the example with session data middleware which is somewhat similar to what you're doing.
For your use-case the middleware might look like something like this:
const prisma = new PrismaClient()
const contextLanguage = 'en-us' // Session state
prisma.$use(async (params, next) => {
// you can find all possible params.action values in the `PrismaAction` type in `.prisma/client/index.d.ts`.
if (params.model == '_modelWhereChangeIsTracked_' && (params.action == 'create' || params.action == "update")) {
// business logic to create an entry into the change logging table using session data of the user.
}
return next(params)
})
// this will trigger the middleware
const create = await prisma._modelWhereChangeIsTracked_.create({
data: {
foo: "bar"
},
})
However, do note that there are some performance considerations when using Prisma middleware.
You can also create express middleware for the routes where you anticipate changes that need to be logged in the change table. Personally, I would prefer this approach in most cases, especially if the number of API routes where changes need to be logged is known in advance and limited in number.
We are trying to create backend - RESTFUL api based on mysql DB - in express Nodejs. My boss (self acclaimed mysql guru) insist that we should use more connection pools than 1 - based on the different roles that users are grouped in.
So I need to define/create different connection pools in file B.js - > and make them as global variables so that I could access them later.
In file A.js I have a this route - in which looged in users will be able to call stored procedures with arguments. However, I would like to be able to define from which connection pool the connection will be called - in route itself (based on the session (req.user.role) variable).
So that:
pool1.getConnection(function(err,connection){
if (err) {
connection.release();
res.json({"code" : 100, "status" : "Error in connection database"});
return;
}
console.log('connected as id ' + connection.threadId);
connection.query(query1, val, function (err, rows, fields) {
connection.release();
if(!err) {
var results = JSON.stringify(rows[0]);
console.log(results);
console.log(typeof(results));
console.log(rows[0][0]);
console.log(typeof(rows[0]));
res.send(JSON.stringify(results));
}
});
connection.on('error', function(err) {
connection.release();
res.json({"code" : 100, "status" : "Error in connection database"});
return;
});
});
});
};
refers to pool1, but in case with other user -> pool1 should connect to other pool - defined in other files.
I hope I am clear with my issue.
You don't need to use global variables, you can export an object that holds each pool:
// B.js
module.exports = {
regular : mysql.createPool({ ... }),
admin : mysql.createPool({ ... }),
};
// A.js
const pools = require('./B');
...
let pool = pools[req.user.role];
if (! pool) {
throw Error('there is no pool for user role ' + req.user.role);
}
pool.getConnection(...);
So this declares two pools, one for "regular" users and one for "admin" users. It uses the value of req.user.role (which is assumed to contain one of two values: "regular" or "admin", but that's just for the purpose of this example) to pick the pool that should be used.
I'm not sure what the upside is of having more than one pool, unless they connect to two different databases or use different database credentials.
I don't know why you're doing this or your boss want to do this, more connection pools won't make the application more efficient, it just confuse people. Since the MySQL server has its limit of clients. And by the way, if you want to know a user's role, you have to connect the database and fetch the user data in the first place. Why don't you just use the same connection to do other things and that will be fine.
We have more than one UI developer, each develops one role so we don't want that all UI developers can see all store procedures... (That boss)
Problem:
I am working on an Android app which interacts with nodejs REST server using node orm for mysql backend. On my server, I have a functionality of authenticating users based on email verification. Once verification is successful, node orm fetches the user object, changes the verified column value and saves it back.
But, the change is not reflecting in the db after execution. Only if we run the same code another time, it is reflecting in the database
Code
exports.activateEmail = function(email, callback) {
log.info('In verifyEmailDao.js, activateEmail module');
var db = connectionObj.getConnection();
var Candidate = db.models.jobseeker_id;
Candidate.find({email : email}, function(err,candidate){
if(err){
log.info('cannot find account with email to activate', email);
callback(false, null);
}
else {
candidate[0].verified = true;
log.info('candidate email now activated.! status is', candidate[0].verified);
candidate[0].save(function(error){
log.info('Email verified any errors?', error);
callback(true, candidate[0].id);
});
}
});
}
Edit 1:
jobseeker_id.js (node-orm model)
var orm = require('orm');
module.exports = function(db){
console.log('coming inside candidateId.js');
var JobSeekerId = db.define('jobseeker_id', {
id : {type:'serial' , key:true},
first_name : String,
last_name : String,
email : String,
password : String,
verified : Boolean
},{
validations : {
email : orm.enforce.unique("Already registered")
}
});
}
Server log:
{"name":"test-app" "msg":"In verifyEmailDao.js, activateEmail module"}
{"name":"test-app","msg":"candidate email now activated.! status is true"}
{"name":"test-app","msg":"Email verified any errors? null"}
{"name":"test-app","msg":"Email sucessfully activated. Now deleting the entry from verify email link table for candidate id 30}
{"name":"test-app","msg":"In verifyEmailDao.js, deleteRandomLink module"}
{"name":"test-app","msg":"error is---> null"}
{"name":"test-app","msg":"Entry deleted from verify email table as email is activated"}
There will no be no changes in the log when I execute the code for second time, but the change in the db will be reflected!
After 2 days of hell I finally fixed the issue by adding a statement db.settings.set('instance.cache', false) to the db config file. Though I did'nt clearly understand how db update issue was resolved by setting the cache to false, this did the trick!
I am trying to update some user data via the admin SDK. I thought this would work
function directoryUpdate(userId, userDept, userLocation, userPhone, userTitle) {
var update = {
organizations:
{
name: "Next Step Living",
title: userTitle,
primary: true,
type: "work",
department: userDept,
location: userLocation
},
phones:
{
value: userPhone,
type: "work",
primary: true,
}
};
update = AdminDirectory.Users.update(update, userId);
Logger.log('User %s updated with result %s.', userId, update)
return true;
}
but it is not updating the organization or phone data on the record. It also does not throw any kind of error.
three questions, what is the proper syntax to do this update, I assume this works like the API update and behaves like an upsert, is that true, and what is the best practice for capturing any errors during the update. I would like to return a false when the update fails and capture that info. Thanks in advance for your help.
Thanks for your question!
This "inspired" me to work out how the update API worked, as I had got as far as retrieving a User object, updating the properties but had not worked out how to persist the data back to Google.
So, here's my prototype code, which appears to work (the objective being to reset the user's password based on entries in a spreadsheet).
It doesn't seem the most elegant code to me, being that there are two round-trips to the Admin API, and we have to post the email address twice, but I guess that is a side-effect of the JSON API.
var emailAddress = userListSheet.getRange(row, 1).getValue();
var password = userListSheet.getRange(row, 2).getValue();
Logger.log('Email: %s, Password: %s', emailAddress, password);
// Reset user's password
var user = AdminDirectory.Users.get(emailAddress);
user.password = password;
if (changePasswordAtNextLogin == 'Yes') {
user.changePasswordAtNextLogin = true;
}
AdminDirectory.Users.update(user, emailAddress);
Figured out the syntax issue. You do need a set of [] around the name value pairs under organization and phones. organizations:[{....}], phones:[{...}]}; and no, at the end of primary: true under phones. Also changed it from an update to a patch but not sure if that was really required;
update = AdminDirectory.Users.patch(update, userId);
And Yes, it did behave like an upsert and modified existing data and added new data just like the API.
Still need to figure out the best way to capture any errors though so if you have any suggestions please post them.
Looks like supplying an invalid email address is a fatal error that can not be caught and dealt with in code. What I did was get all the primary emails out of Google, store them in an array, and validate that the email I was using was in that list prior to running the update. Since everything else is just a string or logical replacement it should not throw any errors so I am confident that the script will not fail. Now all I have to worry about is the time limit.