Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AdminDeleteUser 500 error #99

Closed
natflow opened this issue Jan 10, 2022 · 5 comments
Closed

AdminDeleteUser 500 error #99

natflow opened this issue Jan 10, 2022 · 5 comments
Labels
released

Comments

@natflow
Copy link

natflow commented Jan 10, 2022
edited
Loading

I'm getting a 500 error when I use the admin-delete-user command.

Here's the relevant portion of the logs from the admin-delete-user call:

[1641851096375] DEBUG: f2c89585 AdminDeleteUser start {"reqId":"f2c89585","target":"AdminDeleteUser"}
[1641851096375] DEBUG: f2c89585 AdminDeleteUser CognitoServiceImpl.getUserPool {"reqId":"f2c89585","target":"AdminDeleteUser","userPoolId":"local_0KNMJFrL"}
[1641851096375] DEBUG: f2c89585 AdminDeleteUser UserPoolServiceImpl.create {"reqId":"f2c89585","target":"AdminDeleteUser","id":"local_0KNMJFrL"}
[1641851096375] DEBUG: f2c89585 AdminDeleteUser createDataStore {"reqId":"f2c89585","target":"AdminDeleteUser","id":"local_0KNMJFrL"}
[1641851096375] DEBUG: f2c89585 AdminDeleteUser Using cached data store {"reqId":"f2c89585","target":"AdminDeleteUser","id":"local_0KNMJFrL"}
[1641851096376] DEBUG: f2c89585 AdminDeleteUser DataStore.get {"reqId":"f2c89585","target":"AdminDeleteUser","key":"Options"}
[1641851096377] DEBUG: f2c89585 AdminDeleteUser UserPoolServiceImpl.getUserByUsername {"reqId":"f2c89585","target":"AdminDeleteUser","username":"[email protected]"}
[1641851096377] DEBUG: f2c89585 AdminDeleteUser DataStore.get {"reqId":"f2c89585","target":"AdminDeleteUser","key":["Users","[email protected]"]}
[1641851096377] DEBUG: f2c89585 AdminDeleteUser UserPoolServiceImpl.deleteUser {"reqId":"f2c89585","target":"AdminDeleteUser","username":"[email protected]"}
[1641851096377] DEBUG: f2c89585 AdminDeleteUser DataStore.delete {"reqId":"f2c89585","target":"AdminDeleteUser","key":["Users","[email protected]"]}
[1641851096377] ERROR: f2c89585 NONE Error handling target: AdminDeleteUser {"reqId":"f2c89585"}
    error: {}
[1641851096378] DEBUG: f2c89585 NONE request errored {"reqId":"f2c89585","req":{"id":"f2c89585","method":"POST","url":"/","query":{},"params":{},"headers":{"host":"localhost:9229","accept-encoding":"identity","x-amz-target":"AWSCognitoIdentityProviderService.AdminDeleteUser","content-type":"application/x-amz-json-1.1","user-agent":"aws-cli/2.4.2 Python/3.9.9 Darwin/21.2.0 source/arm64 prompt/off command/cognito-idp.admin-delete-user","x-amz-date":"20220110T214456Z","authorization":"AWS4-HMAC-SHA256 Credential=fake/20220110/us-east-1/cognito-idp/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=d28b5aa69f7ab8c9692a88f858ab12020a909631d8396aaa502c6c6fb4f69d47","content-length":"64"},"remoteAddress":"127.0.0.1","remotePort":53416},"res":{"statusCode":500,"headers":{"x-powered-by":"Express","access-control-allow-origin":"*","content-type":"application/json; charset=utf-8","content-length":"2","etag":"W/\"2-vyGp6PvFo4RvsFtPoIWeCReyIC8\""}},"responseTime":4}
    err: {
      "type": "Error",
      "message": "failed with status code 500",
      "stack":
          Error: failed with status code 500
              at ServerResponse.onResFinished (/Users/natflowers/devel/cognito-local-admin-delete-user/node_modules/pino-http/logger.js:98:40)
              at ServerResponse.emit (node:events:402:35)
              at ServerResponse.emit (node:domain:475:12)
              at onFinish (node:_http_outgoing:830:10)
              at callback (node:internal/streams/writable:552:21)
              at afterWrite (node:internal/streams/writable:497:5)
              at afterWriteTick (node:internal/streams/writable:484:10)
              at processTicksAndRejections (node:internal/process/task_queues:82:21)
    }

An error occurred (500) when calling the AdminDeleteUser operation (reached max retries: 2):

My versions:

  • MacOs 12.1
  • Node version 16.13.1
  • Yarn version 1.22.17
  • cognito-local version 3.13.0 -- I have not tried with the latest commit on master

See my repo for a complete minimal example: https://github.com/natflow/cognito-local-admin-delete-user

Any ideas what might be happening?
@jagregory
Copy link
Owner

Thanks for raising this issue and providing an example. I'll test it locally and see what I can discover.

@jagregory
Copy link
Owner

Hey @natflow, I don't have happy news yet but I'm getting there. There's a few issues this has highlighted:

  1. The error logging isn't actually logging errors 😐
  2. The actual error you're getting is because the underlying storage engine is treating the .'s in your username as JSONPath segments, so it's trying to delete an object at ["Users", "user@example", "com"] which is obviously incorrect.
  3. The above is happening because the admin-create-user functionality isn't correctly handling email addresses as usernames. I've ran some tests against the real Cognito and when you create a user with an email address as a Username in a pool with email as a UsernameAttribute, Cognito puts the user supplied Username into the email attribute and sets the Username to the generated Sub UUID. Cognito Local does not do this currently.

I'll work through these issues ASAP.

Possible workarounds in the meantime:

  1. Delete the user manually in the JSON and restart your Cognito Local server
  2. Edit the JSON, replace the key in the Users object with the Sub attribute (instead of email address)

@jagregory
Copy link
Owner

Actually I found a quick fix for your issue @natflow. This doesn't resolve the underlying issue of why emails are being stored as usernames, but it should address your immediate issue. I'll split the other items out into separate issues and close this.

A release is going through the pipeline now, I think the release bot will post here when it's complete.

@natflow
Copy link
Author

natflow commented Jan 11, 2022

@jagregory Thanks! I switched to use moto for my tests so I'm not blocked or anything, but I'll switch back so I could use one thing for both tests and local development.

github-actions bot pushed a commit that referenced this issue Jan 11, 2022
@semantic-release-bot
chore(release): 3.13.1 [skip ci]
d5b8cd5 
## [3.13.1](v3.13.0...v3.13.1) (2022-01-11)

### Bug Fixes

* **api:** adminDeleteUser handles email usernames ([8faa78f](8faa78f)), closes [#99](#99)
* **log:** errors not being logged correctly ([1ca2b99](1ca2b99))
@github-actions
Copy link

🎉 This issue has been resolved in version 3.13.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

github-actions bot pushed a commit to michaelruocco/cognito-local that referenced this issue May 13, 2024
@semantic-release-bot
chore(release): 1.0.0 [skip ci]
51360ce 
# 1.0.0 (2024-05-13)

### Bug Fixes

* add openid-configuration endpoint ([14a6507](14a6507))
* adminCreateUser correct response ([26aa5a7](26aa5a7)), closes [jagregory#38](https://github.com/michaelruocco/cognito-local/issues/38)
* **api:** adminCreateUser defaults status to FORCE_CHANGE_PASSWORD ([4996aa4](4996aa4))
* **api:** adminCreateUser handles duplicate users ([7529971](7529971))
* **api:** adminDeleteUser handles email usernames ([8faa78f](8faa78f)), closes [jagregory#99](https://github.com/michaelruocco/cognito-local/issues/99)
* **api:** confirm user apis return errors for invalid states ([e2975f0](e2975f0))
* **api:** createUserPool saves SchemaAttributes ([3301878](3301878)), closes [jagregory#93](https://github.com/michaelruocco/cognito-local/issues/93)
* **api:** finish implementation of changePassword ([f649bfa](f649bfa))
* **api:** initiateAuth throws when missing AuthParameters ([d1eb240](d1eb240))
* **api:** respondToAuthChallenge throws if missing ChallengeResponses ([5e5aa36](5e5aa36))
* **api:** save attribute code separately from confirmation code ([b18af6a](b18af6a))
* **api:** users can be queried by their sub ([ae555b8](ae555b8))
* **api:** verifyUserAttributes throws CodeMismatchError ([b3b116c](b3b116c))
* auth_time resolution in generated tokens ([f300df4](f300df4))
* **build:** publish npm packages ([faaf12b](faaf12b))
* cache data stores to fix potential race condition ([406599a](406599a))
* change UserPoolId to Id in user pool storage ([71f5e52](71f5e52))
* **config:** arrays in config couldn't be overwritten ([7526a0a](7526a0a))
* confirmation ode from 4-digit to 6-digit ([jagregory#194](https://github.com/michaelruocco/cognito-local/issues/194)) ([e2053fe](e2053fe))
* conflation of a user's Sub and their Username ([ece63b6](ece63b6))
* **deps:** fix breaking change in stormdb ([dbed898](dbed898))
* **errorFormat:** make exception format more consistent with real Cognito exceptions ([e67576b](e67576b))
* hide debug logging by default ([48de4e5](48de4e5))
* imported json files weren't being published to npm ([5f76d86](5f76d86))
* include groups in tokens ([46e9445](46e9445)), closes [jagregory#176](https://github.com/michaelruocco/cognito-local/issues/176)
* include groups in tokens ([996dcde](996dcde)), closes [jagregory#176](https://github.com/michaelruocco/cognito-local/issues/176)
* incorrect case in import ([dd2538b](dd2538b))
* **InitiateAuth:** handle UNCONFIRMED user login attempt ([93a452b](93a452b))
* **initiateAuth:** invoke post auth lambda before generating tokens ([8330a9f](8330a9f)), closes [jagregory#281](https://github.com/michaelruocco/cognito-local/issues/281)
* **initiateAuth:** invoke post auth lambda before generating tokens [281] ([8c06e2a](8c06e2a))
* **initiateAuth:** invoke post auth lambda before generating tokens [281] ([1b16f04](1b16f04))
* **jwt:** sign tokens with real rsa key ([949d3fc](949d3fc))
* key setting in the datastore to work with arrays ([d0a2557](d0a2557))
* lambda tests to use imported aws-sdk version ([d4a5c82](d4a5c82))
* **lambda:** customMessage uses code and username parameters ([084c253](084c253))
* **lambda:** forgotPassword invokes CustomMessage lambda ([79f43ef](79f43ef))
* **lambda:** invoke lambda with actual AWS SDK version ([bed1b7c](bed1b7c))
* **lambda:** lambda triggers called with clientMetadata/validationData ([2399c3e](2399c3e))
* **lambda:** preTokenGenerator can't change reserved claims ([407122f](407122f))
* **lambda:** save attributes from user migration lambda on user record ([dc7a1c6](dc7a1c6))
* **lambda:** unhandled errors in lambda return correct error message ([c9821d1](c9821d1))
* **log:** errors not being logged correctly ([1ca2b99](1ca2b99))
* propagate Session parameter through initiateAuth ([688fd4a](688fd4a))
* regression for usernames with full stops in ([73cb644](73cb644)), closes [jagregory#35](https://github.com/michaelruocco/cognito-local/issues/35)
* **release:** reorder semantic-release plugins to commit last ([3a94c03](3a94c03))
* **release:** trigger a release for 1.0.0 ([5d8ba83](5d8ba83))
* runnable via npx ([4313ebf](4313ebf)), closes [jagregory#34](https://github.com/michaelruocco/cognito-local/issues/34)
* **server:** better default handling for HOST and PORT ([69b4648](69b4648))
* **server:** ensure configured port and hostname are used for issuer and jwks urls ([95ec2cf](95ec2cf))
* **tests:** newer node versions were starting express in ipv6 ([efc08a7](efc08a7))
* **tokens:** add jti to id and refresh tokens ([4f475ad](4f475ad))
* **tokens:** adminInitateAuth uses token IssuerDomain ([37ba1c5](37ba1c5))
* **tokens:** id token not using issuer config ([c488810](c488810))
* updating a user pool updates cached options ([dc2b10e](dc2b10e))
* use username from user migration response ([0bb8d95](0bb8d95))
* use username from user migration response ([afe2372](afe2372))
* **userpool:** force save sub as attribute, fix sub check logic ([e5ed247](e5ed247))
* year out of range ([bc1fb6f](bc1fb6f)), closes [jagregory#40](https://github.com/michaelruocco/cognito-local/issues/40)

### Features

* add more admin features and change password ([6339917](6339917))
* add support for admin commands ([b65a5bf](b65a5bf))
* **api:** adds endpoint for generating auth tokens ([31f46ca](31f46ca))
* **api:** adminConfirmSignUp full support ([e16a211](e16a211))
* **api:** adminCreateUser can generate a temporary password ([c0eea4f](c0eea4f))
* **api:** adminCreateUser delivers welcome message ([d49aa80](d49aa80))
* **api:** adminDeleteUser full support ([58f33e2](58f33e2))
* **api:** adminDeleteUserAttributes full support ([1a47086](1a47086))
* **api:** adminGetUser full support ([a6fc4c8](a6fc4c8))
* **api:** adminSetUserPassword support ([1707257](1707257))
* **api:** adminUpdateUserAttributes full support ([d3c5ebe](d3c5ebe))
* **api:** basic listUsers support ([6e0c18f](6e0c18f))
* **api:** createGroup support ([c3dc092](c3dc092))
* **api:** createUserPool full support ([e5c08dc](e5c08dc))
* **api:** deleteUser full support ([0a753b2](0a753b2))
* **api:** deleteUserAttributes full support ([3d0e9a0](3d0e9a0))
* **api:** describeUserPoolClient support ([26cf370](26cf370))
* **api:** full support for groups ([1fc025c](1fc025c))
* **api:** getUserAttributeVerificationCode full support ([90726a4](90726a4))
* **api:** initiateAuth handles FORCE_CHANGE_PASSWORD ([6703ea9](6703ea9))
* **api:** listGroups support ([252ee96](252ee96))
* **api:** listUserPools full support ([d2e5324](d2e5324))
* **api:** listUsers support for Filter ([5ebcf24](5ebcf24)), closes [jagregory#313](https://github.com/michaelruocco/cognito-local/issues/313)
* **api:** respondToAuthChallenge support ([842633e](842633e))
* **api:** respondToAuthChallenge supports NEW_PASSWORD_REQUIRED ([6a75fea](6a75fea))
* **api:** signUp delivers message using auto verified attributes ([64280e8](64280e8))
* **api:** sms_mfa support for initiateAuth ([f16afe6](f16afe6))
* **api:** support for addCustomAttribute ([7932176](7932176))
* **api:** support for CustomEmailSender ([5da5c7c](5da5c7c))
* **api:** support for CustomEmailSender ([8dcaf10](8dcaf10))
* **api:** support for DeleteUserPool ([9dd6f2d](9dd6f2d))
* **api:** support for DeleteUserPoolClient ([f5bca87](f5bca87))
* **api:** support for ListUserPoolClients ([6e546ce](6e546ce))
* **api:** support for UpdateUserPoolClient ([4fa9de5](4fa9de5))
* **api:** updateUserAttributes full support ([308c9c2](308c9c2))
* **api:** updateUserPool and describeUserPool support ([fc62e8f](fc62e8f))
* **api:** verifyUserAttribute full support ([320dd17](320dd17))
* config file support ([ad0f247](ad0f247))
* confirm forgot password flow ([51df572](51df572))
* **confirmationCodes:** add CODE environment variable to pre-define the confirmation codes ([2c823f0](2c823f0))
* **confirmationCodes:** update README file ([9143469](9143469))
* createUserPoolClient support ([df421d7](df421d7))
* **docker:** publish arm64 images ([df0033b](df0033b))
* **docker:** publish arm64 images (again) ([c1361b8](c1361b8))
* forgot password flow ([6bd0b42](6bd0b42))
* include user attributes in user migration lambda call ([dabed92](dabed92))
* **jwt:** expose jwk endpoint to support verifying tokens ([bc27b86](bc27b86))
* **lambda:** initial user migration trigger support ([2f9ecfc](2f9ecfc))
* **lambda:** limited CustomMessage lambda support ([6880a90](6880a90))
* **lambda:** post authentication lambda support ([b75ca6b](b75ca6b))
* **lambda:** post confirmation lambda trigger ([f30573b](f30573b))
* **lambda:** postConfirmation called in signUp ([ddb2b77](ddb2b77))
* **lambda:** preSignUp trigger support in signUp ([af955a1](af955a1))
* **lambda:** preTokenGeneration trigger called when tokens generated ([d04506e](d04506e))
* **lambda:** support for CustomMessage_Authentication ([dfb6fdf](dfb6fdf))
* **lambda:** support for CustomMessage_SignUp ([ce69ea7](ce69ea7))
* **server:** add hostname option ([0365f3a](0365f3a))
* store clients for user pools ([eaad662](eaad662))
* support configurable expiration for tokens ([bae6da5](bae6da5)), closes [jagregory#220](https://github.com/michaelruocco/cognito-local/issues/220)
* support configurable expiration for tokens ([675fab5](675fab5)), closes [jagregory#220](https://github.com/michaelruocco/cognito-local/issues/220)
* support for adminEnable/DisableUser ([3b20f82](3b20f82))
* support for adminEnable/DisableUser ([462af6e](462af6e))
* support for GetUser api ([cc8048b](cc8048b))
* support getUserPoolMfaConfig ([416ea1d](416ea1d))
* suppress send welcome message ([12e7af8](12e7af8))
* **token:** add refresh token, revoke token and initiate auth ([0d46ed7](0d46ed7))
* **token:** initiateAuth basic refresh token support ([2d6b0e3](2d6b0e3))

### BREAKING CHANGES

* potential -- the autogenerated Sub and user-supplied
Username were treated interchangeably before, but now are independent.
Previously lookups by the Sub attribute were possible, but it now
doesn't appear necessary so has been removed. Databases should be
unaffected.
* client ids are now validated and associated with
specific user pools.
* Nit pick of a breaking change, make the user pool
database representation match what AWS reponds with from the API;
keeping consistent with their response format should make it easier for
us to implement APIs later. Sorry for the breakage.

Migration steps:

1. Open any database json files and rename the UserPoolId key to Id
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jagregory @natflow