Merge 52eadf9 into 3ccf749

Miserlou · Jun 21, 2019 · 3bec818 · 3bec818
2 parents 3ccf749 + 52eadf9
commit 3bec818
Show file tree

Hide file tree

Showing 4 changed files with 47 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -617,6 +617,42 @@ def your_recurring_function(event, context):
 
 You can find more [example event sources here](http://docs.aws.amazon.com/lambda/latest/dg/eventsources.html).
 
+### Cognito triggers
+
+AWS Cognito can handle all user management (authentication, password reset, 2 factor authentication,
+login with Facebook/Twitter/Google) for you - saving you from having to manage a user database yourself
+in your serverless application.
+
+Once you have configured a Cognito User Pool you can set up triggers to customise behaviour.   A common
+example is to automatically authenticate any sign up requests from a known domain.
+
+To configure this add the following section to your zappa_settings file - shown here in YML format
+
+```
+  cognito:
+    user_pool:           user-pool-id-from-aws
+    triggers:
+      - source:          PreSignUp_SignUp
+        function:        myapp.tasks.pre_signup
+```
+
+This will configure the user_pool with the specified ID to use the zappa lambda function for the PreSignUp trigger
+Zappa will route any trigger for the PreSignUp_SignUp source to go to the function `myapp.tasks.pre_signup`
+
+A typical trivial implementation of this would be:
+
+```python
+def pre_signup(event, context):
+    # basic validation - allow any signups from @alloweddomain.com to be immediately confirmed
+    if event['request']['userAttributes']['email'].split('@')[1] == 'alloweddomain.com':
+        event['response']['autoConfirmUser'] = True
+        event['response']['autoVerifyEmail'] = True
+    return event
+```
+
+You can find out what triggers you can configure here [Cognito triggers documentation](http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html)
+
+
 ## Asynchronous Task Execution
 
 Zappa also now offers the ability to seamlessly execute functions asynchronously in a completely separate AWS Lambda instance!

diff --git a/requirements.txt b/requirements.txt
@@ -8,9 +8,9 @@ futures==3.2.0; python_version < '3'
 hjson==3.0.1
 jmespath==0.9.3
 kappa==0.6.0
-lambda-packages==0.20.0
+git+https://github.com/Miserlou/lambda-packages@d436c0b6c7582e0ca9ede7b05204d8f913eb3942
 pip>=9.0.1
-python-dateutil>=2.6.1, <2.7.0
+python-dateutil>=2.6.1, <2.8.1
 python-slugify==1.2.4
 PyYAML>=3.13
 # previous version don't work with urllib3 1.24

diff --git a/src/django-contrib-comments b/src/django-contrib-comments
diff --git a/zappa/core.py b/zappa/core.py
@@ -2058,6 +2058,14 @@ def update_cognito(self, lambda_name, user_pool, lambda_configs, lambda_arn):
                 description_kwargs[key] = value
         if 'LambdaConfig' not in description_kwargs:
             description_kwargs['LambdaConfig'] = LambdaConfig
+        # Note
+        # If you set a value for TemporaryPasswordValidityDays in PasswordPolicy ,
+        # that value will be used and UnusedAccountValidityDays will be deprecated for that user pool.
+        # https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/cognito-idp.html#CognitoIdentityProvider.Client.update_user_pool
+        # Related: https://github.com/Miserlou/Zappa/issues/1879
+        if 'TemporaryPasswordValidityDays' in description_kwargs['Policies']['PasswordPolicy']:
+            description_kwargs['AdminCreateUserConfig'].pop(
+                'UnusedAccountValidityDays', None)
         result = self.cognito_client.update_user_pool(UserPoolId=user_pool, **description_kwargs)
         if result['ResponseMetadata']['HTTPStatusCode'] != 200:
             print("Cognito:  Failed to update user pool", result)