ClaytonWWilson/Listify
1
0
Fork 0
mirror of https://github.com/ClaytonWWilson/Listify.git synced 2026-03-10 18:55:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Stricter access checking

Browse Source 
Properly restrict access to list actions to only authorized users.
This commit is contained in:
NMerz
2020-11-14 14:29:48 -05:00
parent 82272a9a29
commit 954b52dc0a
11 changed files with 132 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
Lambdas/Lists/User/src/UserGetter.java
View File

@@ -28,11 +28,22 @@ public class UserGetter implements CallHandler {
System.out.println(userPoolId);
ListUsersRequest checkRequest = new ListUsersRequest().withUserPoolId(userPoolId);
Object emailObject = bodyMap.get("emailToCheck");
String attributeToGet = "sub";
if (emailObject != null) {
checkRequest.setFilter("email=\"" + emailObject.toString() +"\"");
} else {
// checkRequest.setFilter("sub=\"" + cognitoID + "\"");
return cognitoID;
try {
String id = queryMap.get("id");
if ((id != null) && (!id.equals(""))) {
attributeToGet = "email";
checkRequest.setFilter("sub=\"" + cognitoID + "\"");
} else {
return cognitoID;
}
} catch (Exception e) {
System.out.println(e);
return cognitoID;
}
}
System.out.println(checkRequest);
AWSCognitoIdentityProvider awsCognitoIdentityProvider = AWSCognitoIdentityProviderClientBuilder.defaultClient();
@@ -47,14 +58,14 @@ public class UserGetter implements CallHandler {
}
UserType foundUser = foundUsers.get(0);
System.out.println(foundUser.getAttributes());
String sub = "";
String attributeToReturn = "";
for (AttributeType attribute : foundUser.getAttributes()) {
if (attribute.getName().equals("sub")) {
sub = attribute.getValue();
if (attribute.getName().equals(attributeToGet)) {
attributeToReturn = attribute.getValue();
break;
}
System.out.println(attribute.getName() + ": " + attribute.getValue());
}
return sub;
return attributeToReturn;
}
}