#✅ - Issue with Reset Password After Creating User Profile Record

Hi everyone,

First, thank you for the service you provide. Amplify is a great and powerful tool.

To explain my issue, I followed the tutorial for creating a user profile record: https://docs.amplify.aws/react/build-a-backend/functions/examples/create-user-profile-record/.

Everything works fine, as the record is created successfully. However, when a user tries to reset their password, I encounter the following error: "PostConfirmation failed with error [object Object]" and nothing happens.

In the Lambda logs, I see the following:

2024-08-06T14:32:14.415Z    c9ec2afe-114b-44eb-83e6-73e9ec0e180f    ERROR    Invoke Error     
{
    "errorType": "Error",
    "errorMessage": "[object Object]",
    "stack": [
        "Error: [object Object]",
        "    at Object.intoError (file:///var/runtime/index.mjs:46:16)",
        "    at Object.textErrorLogger [as logError] (file:///var/runtime/index.mjs:684:56)",
        "    at postError (file:///var/runtime/index.mjs:801:27)",
        "    at done (file:///var/runtime/index.mjs:833:11)",
        "    at fail (file:///var/runtime/index.mjs:845:11)",
        "    at file:///var/runtime/index.mjs:872:20",
        "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
    ]
}

This error message is not very explicit, and I still don't get why I have this... Here is my code :

auth/post-confirmation/handler.ts (the only part different from tutorial)

export const handler: PostConfirmationTriggerHandler = async (event) => {
  await client.graphql({
    query: createUserProfile,
    variables: {
      input: {
        email: event.request.userAttributes.email,
        profileOwner: `${event.request.userAttributes.sub}::${event.userName}`,
        credits_available: 10, 
        credits_used: 0,
      },
    },
  });

  return event;
};

auth/post-confirmation/ressource.ts
same than tutorial

Do you now how I could fix this error, and also better debug ? Thanks !

data/ressource.ts

import { type ClientSchema, a, defineData } from "@aws-amplify/backend";
import { postConfirmation } from "../auth/post-confirmation/resource";

const schema = a.schema({
  UserProfile: a.model({
    email: a.string().required(), 
    profileOwner: a.string(),
    credits_available: a.integer().required(), 
    credits_used: a.integer().required(), 
    billing_cycle_start: a.timestamp(), 
  })
  .identifier(["email"])
  .authorization((allow) => [
    allow.ownerDefinedIn("profileOwner"),
  ]),

}).authorization((allow) => [
  allow.resource(postConfirmation),
  allow.authenticated("userPools"),
]);

export type Schema = ClientSchema<typeof schema>;

export const data = defineData({
  schema,
  authorizationModes: {
    defaultAuthorizationMode: "userPool",
  },
});

auth/ressource.ts
same than tutorial

👋 can you try wrapping the await client.graphql() call with try/catch and throw the response from it instead?

Hi, yep. It is weird that this lambda is triggered during password re-init.

[post-confirmation] 17:03:57 2024-08-06T15:03:57.521Z   95415f68-8a16-4407-ba11-0a7989be0263    INFO    Error is {
  data: { createUserProfile: null },
  errors: [
    {
      path: [Array],
      data: null,
      errorType: 'DynamoDB:ConditionalCheckFailedException',
      errorInfo: null,
      locations: [Array],
      message: 'The conditional request failed (Service: DynamoDb, Status Code: 400, Request ID: C1L606EQ63ND5LQJBBP3KMF5IJVV4KQNSO5AEMVJF66Q9ASUAAJG)'
    }
  ]
}

Should I just deal with this error in the catch ? Or did I miss something ?

a 400 is interesting, can you stringify this to see the path and locations?

[post-confirmation] 17:19:06 2024-08-06T15:19:06.121Z   54b0343b-dd14-4459-baec-d97678ea46a3    INFO    Error is {
  "data": {
    "createUserProfile": null
  },
  "errors": [
    {
      "path": [
        "createUserProfile"
      ],
      "data": null,
      "errorType": "DynamoDB:ConditionalCheckFailedException",
      "errorInfo": null,
      "locations": [
        {
          "line": 2,
          "column": 3,
          "sourceName": null
        }
      ],
      "message": "The conditional request failed (Service: DynamoDb, Status Code: 400, Request ID: S5NO3TMUC43L9UKR88ANECJPHBVV4KQNSO5AEMVJF66Q9ASUAAJG)"
    }
  ]
}

I also printed the event, i can see the triggerSource is 'PostConfirmation_ConfirmForgotPassword',. So ConfirmForgotPassword is also part of PostConf event.

hmm can we try two more things to narrow this down?

1. does it behave the same in the appsync console when attempting to run the same mutation with the same inputs?
2. if you remove the auth rule on the UserProfile model, does the issue go away when creating the record from your postConfirmation trigger?

1. Normaly it should, as I have an identifier(["email"]) on my userProfile, the user already exists. But I will test
2. I test it now

2. Doing it, I have no error during user creation, but still error during password reset.

So to sum up, when postConfirmation is triggered, it is for confirm sign up, but also for confirm forgot password.

As the user already exists, and a pk is defined on email, it will try to create a second same user and this will result in an error.

To avoid that, I think I will filter on event.triggerSource. If it value is
PostConfirmation_ConfirmForgotPassword, I just return event without doing insertion.

Is it a good approach ? Thank you for helping me @tacit sierra 😊

ahhhhh I see, yes that sounds like a good approach to just ignore the call when there's a forgot password event

Cool thank you

✅ - Issue with Reset Password After Creating User Profile Record