Error user with such email already exists

Importing user from LDAP to RH-SSO fails with error «email already exists» Environment Red Hat Single Sign-On (RH-SSO) 7 Lightweight Directory Access Protocol (LDAP) or Active Directory Lightweight Directory Service (AD) Issue Could not able to import users Exception thrown in the logs: Resolution This error occurs when single e-mail id is mapped with […]

Содержание

  1. Importing user from LDAP to RH-SSO fails with error «email already exists»
  2. Environment
  3. Issue
  4. Resolution
  5. Root Cause
  6. Bitrix24Care
  7. «Incorrect login or password» error
  8. «We cannot find this user» error
  9. «Failed to find user with this email» error
  10. «User may have been dismissed» error
  11. I cannot log in using social networks
  12. I’ve logged in using a social network account. How can I make a regular login and password to log in to Bitrix24?
  13. «A user with this email already exists» error message when trying to change your login in Bitrix24 Network profile
  14. «Invalid checkword» error
  15. «A user with email address already exists» error message when inviting a new user
  16. I made a mistake in the email address when registering a new user and now this user cannot log in
  17. Invitations/password recovery emails are not delivered
  18. I was invited to the account, but I can’t log in. What should I do?
  19. I’ve lost my phone and cannot log in as I don’t have a one time password
  20. Change the user email address for the dismissed user’s email address
  21. Delete Bitrix24 account
  22. Issues
  23. Context Navigation
  24. #19404 closed Bug (worksforme)
  25. Updating User’s email in Admin fails if email already exists
  26. Description
  27. Change History (5)
  28. comment:1 Changed 10 years ago by Russell Keith-Magee
  29. comment:2 follow-up: 3 Changed 10 years ago by Claude Paroz
  30. comment:3 in reply to: 2 Changed 10 years ago by Val Neekman
  31. More info
  32. «A user with this name already exists. Use a different name.» error in the Microsoft 365 portal
  33. Problem
  34. Cause
  35. Solution
  36. Error user with this email already exists

Importing user from LDAP to RH-SSO fails with error «email already exists»

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7
  • Lightweight Directory Access Protocol (LDAP) or Active Directory Lightweight Directory Service (AD)

Issue

    Could not able to import users

Exception thrown in the logs:

Resolution

This error occurs when single e-mail id is mapped with multiple users.

You can make sure no 2 uses have the same email address, or use one of 2 workarounds:

  1. Delete e-mail mapper
    1. Login into RH-SSO console
    2. Select the appropriate realm
    3. Click on User Federation and Click on appropriate provider
    4. Go to Mappers tab, click on email attribute mapper and click on the delete symbol
  2. Turning on «Duplicate emails» in the Login tab
    1. Login into RH-SSO console
    2. Select the appropriate realm
    3. Go to Login tab and turn off Login with email settings. Then, Duplicate emails appears.
    4. Turn on Duplicate emails and save it.

Root Cause

RH-SSO does not allow multiple user to have same email-id when Login with email is enabled, which is the default.

  • Product(s)
  • Red Hat Single Sign-On
  • Component
  • jbossas
  • Category
  • Troubleshoot
  • Tags
  • active_directory
  • email
  • jboss_security
  • ldap
  • security

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Источник

Bitrix24Care

Here are some problems that you may face when logging in and instructions on solving these problems. First you need to log in to your Bitrix24 account.

«Incorrect login or password» error

If it doesn’t work, make sure that there are no typos in your login.

«We cannot find this user» error

This error may occur if you’ve already logged in to your Bitrix24 Network profile that is not connected with the selected Bitrix24 account.

Make sure that you are using the correct login information — it can be another email, mobile phone, or social network. If necessary, you can add this user to the account by sending an invitation.

«Failed to find user with this email» error

The error occurs if this email is not registered in Bitrix24. Check the specified login. It is possible that it is another email, mobile phone or social network.

«User may have been dismissed» error

The error occurs when this user was dismissed and he/she is trying to log in to. After an employee is fired, access to Bitrix24 is denied to him/her. Check whether the user is logging in to the correct account.

When registering using social services, you authorize in Bitrix24 using the data from these social networks. You can connect your email to your account and log in using your username and password.

«A user with this email already exists» error message when trying to change your login in Bitrix24 Network profile

This error occurs if you are trying to connect an email account that is already registered in Bitrix24. In this case you can use another email or unlink the desired email from the account. To do this, go to the Bitrix24 Network profile by email you want to unlink and click Change in the email field. Specify a new email address and confirm it. You will be able to connect it to the account.

«Invalid checkword» error

If this error occurs when you change your password, it may be due to several reasons:

  • You have sent several password recovery requests and followed an outdated checkbox. To successfully change your password, follow the link from the last email and set a new password for your account.
  • The recovery link is valid for 60 minutes. Make sure it has not expired.
  • There is already an active authorization in your browser for Bitrix24 Network profile, for which you do not need to restore the password. Use «Incognito» mode in your browser.

«A user with email address already exists» error message when inviting a new user

This error message means that there is a user with this email address specified as a Bitrix24 Network profile login or as a contact email address in his Bitrix24 profile or both. In this case, there is no way to invite a new user with this email. You need to either change email addresses of the existing user or invite a new user using the other email address.

I made a mistake in the email address when registering a new user and now this user cannot log in

You can dismiss the user with a mistake in the email address and invite or register this user again.

Invitations/password recovery emails are not delivered

If you use your own mail domain, whitelist no-reply@bitrix24.net email address.

I was invited to the account, but I can’t log in. What should I do?

Before logging in to the account, you need to register a login and set a password.

I’ve lost my phone and cannot log in as I don’t have a one time password

If you don’t, contact your administrator to disable two-step authentication.

Change the user email address for the dismissed user’s email address

Then the dismissed employee needs to log in to his/her Bitrix24 Network profile and change the login. You can read how to do that in the article: Change my Bitrix24 login or password.

If the administrator has access to this account or email, he/she can do that himself/herself.

After that, you can invite/register a new user with this email address.

Delete Bitrix24 account

You cannot delete Bitrix24 account as long as there is a Bitrix24 connection. As soon as your account is not linked to any Bitrix24, the deletion option will appear in the account menu.

Cookies: This website uses cookies for analytical and technical reasons. ‘Analytical Cookies’ are inserted by Google Analytics to help us understand which countries our visitors come from, which pages they visit and what actions they take on this site. ‘Strictly Necessary Cookies’, as the name implies, are a type of cookies that are required for proper functioning of certain features of this website, such as the ability to use live chat. Disabling these cookies will disable access to those features and degrade your website experience.

Cookies of both types can be enabled or disabled within this plugin.

Источник

Issues

Context Navigation

#19404 closed Bug (worksforme)

Updating User’s email in Admin fails if email already exists

Reported by: Val Neekman Owned by: nobody
Component: contrib.admin Version: 1.5-beta-1
Severity: Normal Keywords: duplicate email UserChangeForm Admin
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

If you had two users with different email addresses, then changed email address of User #1 via the admin page by setting it to that of User #2, then you would get this error:

django/contrib/auth/hashers.py», line 135, in identify_hasher

if len(encoded) == 32 and ‘$’ not in encoded:

TypeError: object of type ‘NoneType’ has no len()

The above is a simple scenario just to create the error. In real life, with thousands of emails, one wouldn’t know if an email is duplicate or not.

An error message could be raised here instead of the above error message that is not that intuitive for the above case.

Change History (5)

Resolution: → worksforme
Status: new → closed

I can’t reproduce this problem.

What’s especially weird is that the code you’re describing is about password hashing, which has nothing to do with the email address. This suggests that you’re doing something different out of the box that you’re not telling us about.

If you can provide more specific instructions about *exactly* what you’re doing (e.g., if you’re using a custom User model, if you’re using the admin interface, what python calls you’re making), feel free to reopen.

This appears to be a duplicate of #19349

What’s especially weird is that the code you’re describing is about password hashing, which has nothing to do with the email address. This suggests that you’re doing something different out of the box that you’re not telling us about.

If you can provide more specific instructions about *exactly* what you’re doing (e.g., if you’re using a custom User model, if you’re using the admin interface, what python calls you’re making), feel free to reopen.

More info

No custom user.
UserAdmin has been modified (reregistered) with the following to check for duplicate email address during creation and change.
UserCreateForm works as expected. However, UserChangeForm results in this issue. (Both forms inherit from Django and update the required fields.

Источник

«A user with this name already exists. Use a different name.» error in the Microsoft 365 portal

Problem

In Microsoft 365, you receive an error message that’s like the following in the Microsoft 365 portal:

A user with this name already exists. Use a different name.

Cause

This issue may occur if the user name is already used or if an existing email address that’s based on the user name already exists.

The licensing attempt will fail if the provisioning process determines that another object already has a user name or an email address that matches the user name that’s being created.

By default, when users are added or assigned an Exchange Online license, the users are provided with a primary SMTP address that’s based on their user name. And, users are provided with an email address that’s based on the Microsoft Online Direct Routing Domain (MODRD) such as, for example, contoso.onmicrosoft.com. Additionally, when a user name is changed, the primary SMTP address may also be changed. However, alternate addresses aren’t updated or removed.

Here are some example scenarios.

Scenario 1

A user is added who has a user name of john@contoso.com, the MODRD for the organization is contoso.onmicrosoft.com, and the user is assigned an Exchange Online License. In this scenario, the following email addresses are provided:

  • The user is provided with a primary SMTP address that’s john@contoso.com.
  • The user is provided with an alternate email address that’s john@contoso.onmicrosoft.com.

Scenario 2

A user is added who has a user name of john@contoso.onmicrosoft.com, the MODRD for the organization is contoso.onmicrosoft.com, and the user is assigned an Exchange Online License. In this scenario, the following email address is provided:

  • The user is provided with a primary SMTP address that’s john@contoso.onmicrosoft.com.

Scenario 3

A user name is changed from john@contoso.com to johnsmith@contoso.com. In this scenario, the following events occur:

  • The primary SMTP address, john@contoso.com, may be changed to johnsmith@contoso.com.
  • The alternate email address, john@contoso.com, isn’t changed. Therefore, problems occur if you try to add john@contoso.com later.
  • No alternate email address for johnsmith@contoso.onmicrosoft.com is created.

Solution

To fix this issue, do one or more of the following:

  • When you add a user, use a different user name.
  • When you add a user, find and change the existing user name so that you can use the user name with which you are experiencing the issue.
  • When you add or assign a user to an Exchange Online license, find and change the existing email addresses that are based on the user name that you are trying to use.

To check whether an email address already exists, follow these steps:

Connect to Exchange Online by using remote PowerShell. For more info about how to do this, go to the following Microsoft website:

Run the following cmdlet:

«user name» is the user name with which you are experiencing the issue.

Based on the results that you receive after you run the cmdlet, update or delete the existing email address.

Источник

Error user with this email already exists

Delivery has failed to these recipients or distribution lists:

jbloggs
The recipient’s e-mail system can’t process this message at this time. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message later, or provide the following diagnostic text to your system administrator.

Diagnostic information for administrators:

Generating server: mail01.theirdomain.com

However right now sending an email internallt to jbloggs@theirdomain.com appears to be working now. Previously I was getting an error saying a message bounce between two servers was happening.

I have three domains in one forest. I noticed that there was a complaint that the infrastructure master was on a gc for the root domain i have moved this now to an non gc server (windows 2003 sp2) but apart from this replication looks ok. in the domain i am having the account probelm there are 3 dcs.

Still if I open the account jbloggs and try to add jbloggs@theirdomain.com it says email address already exists.

I have spent the whole day at this now trying to figure it out 🙁

Источник

Источник

Here are some problems that you may face when logging in and instructions on solving these problems. First you need to log in to your Bitrix24 account.

«Incorrect login or password» error

Usually, this error occurs when you enter a wrong password. Check your keyboard layout and make sure the CapsLock key is not enabled. Try to enter a password again or try to recover your password.

If it doesn’t work, make sure that there are no typos in your login.

«We cannot find this user» error

This error may occur if you’ve already logged in to your Bitrix24 Network profile that is not connected with the selected Bitrix24 account.

Make sure that you are using the correct login information — it can be another email, mobile phone, or social network. If necessary, you can add this user to the account by sending an invitation.

Read this article to learn how to solve this problem: Invite new users to Bitrix24.

«Failed to find user with this email» error

The error occurs if this email is not registered in Bitrix24. Check the specified login. It is possible that it is another email, mobile phone or social network.

«User may have been dismissed» error

The error occurs when this user was dismissed and he/she is trying to log in to. After an employee is fired, access to Bitrix24 is denied to him/her. Check whether the user is logging in to the correct account.

I cannot log in using social networks

You’ve always logged in using a social network account but now you can’t? Probably you have connected one social network account to several Bitrix24 Network profile accounts.

Read more information in the article: Cannot log in using social networks.

I’ve logged in using a social network account. How can I make a regular login and password to log in to Bitrix24?

When registering using social services, you authorize in Bitrix24 using the data from these social networks. You can connect your email to your account and log in using your username and password.

«A user with this email already exists» error message when trying to change your login in Bitrix24 Network profile

This error occurs if you are trying to connect an email account that is already registered in Bitrix24. In this case you can use another email or unlink the desired email from the account. To do this, go to the Bitrix24 Network profile by email you want to unlink and click Change in the email field. Specify a new email address and confirm it. You will be able to connect it to the account.

«Invalid checkword» error

If this error occurs when you change your password, it may be due to several reasons:

  • You have sent several password recovery requests and followed an outdated checkbox. To successfully change your password, follow the link from the last email and set a new password for your account.

  • The recovery link is valid for 60 minutes. Make sure it has not expired.

  • There is already an active authorization in your browser for Bitrix24 Network profile, for which you do not need to restore the password. Use «Incognito» mode in your browser.

«A user with email address already exists» error message when inviting a new user

This error message means that there is a user with this email address specified as a Bitrix24 Network profile login or as a contact email address in his Bitrix24 profile or both. In this case, there is no way to invite a new user with this email. You need to either change email addresses of the existing user or invite a new user using the other email address.

I made a mistake in the email address when registering a new user and now this user cannot log in

You can dismiss the user with a mistake in the email address and invite or register this user again.

Read more in the article: Dismiss users.

Invitations/password recovery emails are not delivered

First of all, check the spam folder. Also, try to send the invitation again.

If you use your own mail domain, whitelist no-reply@bitrix24.net email address.

I was invited to the account, but I can’t log in. What should I do?

Before logging in to the account, you need to register a login and set a password.

I’ve lost my phone and cannot log in as I don’t have a one time password

If you have recovery codes, you can use one of them instead of the one time password.

If you don’t, contact your administrator to disable two-step authentication.

Change the user email address for the dismissed user’s email address

First of all, you need to change the contact email address of the dismissed user.

Contact email

Then the dismissed employee needs to log in to his/her Bitrix24 Network profile and change the login. You can read how to do that in the article: Change my Bitrix24 login or password.

If the administrator has access to this account or email, he/she can do that himself/herself.

After that, you can invite/register a new user with this email address.

Delete Bitrix24 account

You cannot delete Bitrix24 account as long as there is a Bitrix24 connection. As soon as your account is not linked to any Bitrix24, the deletion option will appear in the account menu.

Was this information helpful?

Could you please tell us why:

Источник

@haverchuck

@wzup

There is not function that does this and only this; however, I think if you use the confirmSignUp function and are using email as an alias you will get back an AliasExistsException error.

In any case I am marking this as a feature request, as it seems useful.

Thanks for your feedback.

@michelmob

I did:

 userExist(userName: string) {
      return Auth.signIn(userName, '123');
    }
and

userExist(email: string) {
    return this.cognitoService.userExist(email.toLowerCase()).then(res => {
        return false;
    }).catch(error => {
        const code = error.code;
        console.log(error);
        switch (code) {
            case 'UserNotFoundException':
                return !this.redirectToRegister(email);
            case 'NotAuthorizedException':
                return true;
            case 'PasswordResetRequiredException':
              return !this.forgotPassword(email);
            case 'UserNotConfirmedException':
                return !this.redirectToCompleteRegister(email);
            default:
                return false;
        }
    });
    }
stevelizcano, Rendellhb, ZavenArra, ijba0913, manmaybarot, ipavlyk-startupsoft, ginagigo123, and Vector12911 reacted with thumbs up emoji
harishkthedeveloper, Rory-Powell, ajgoldenwings, abdelhammied-elsayed, MariuszHTD, segtio, shikhataman, and maximeantoine1997 reacted with thumbs down emoji
manmaybarot reacted with hooray emoji

@wzup

// one
userExist( userName: string ) {
    return Auth.signIn( userName, '123' );
}

// two
userExist( email: string ) {
    return this.cognitoService.userExist( email.toLowerCase() )
        .then( res => {
            return false;
        } )
        .catch( error => {
            const code = error.code;
            console.log( error );
            switch ( code ) {
                case 'UserNotFoundException':
                    return !this.redirectToRegister( email );
                case 'NotAuthorizedException':
                    return true;
                case 'PasswordResetRequiredException':
                    return !this.forgotPassword( email );
                case 'UserNotConfirmedException':
                    return !this.redirectToCompleteRegister( email );
                default:
                    return false;
            }
        } );
}

@wzup

@michelmob , thank you.

One question though.
What is this in your example? Where does .cognito live?

return this.cognitoService.userExist( email.toLowerCase() )

@michelmob

This is an abstraction of cognito using aws amplify.

Sent from my iPhone

On 21 Jun 2018, at 03:13, wzup ***@***.***> wrote:

@michelmob , thank you.

One question though.
What is this in your example? Where does .cognito live?

return this.cognitoService.userExist( email.toLowerCase() )

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

@wzup

@michelmob
@haverchuck

But what if credentials are correct?

Auth.signIn(userName, '123');

Then a user that wants to sign up will be suddenly signed in instead.

This is definitely bad experience from aws-amplify.

@wzup

@haverchuck

Here is why requested method I ask for is important.

With current authflow we have to signin and then signout a user just to check if an email (username) already exists:

// 1. In order to check if an email already exists in Cognito we have to call .signIn.
// Because there is no special method for that, like Auth.doesUsernameExists(username)
Auth.signIn( email, password )
    .then( user => {
        // 2. I a user found, they get signin
        // You have to log out a user if found
        // Security vulnerability
        return Auth.signOut();
    } )
    .then( res => {
        // 3. Here we show a user that email is taken
        // After logging them in and logging them out. LOL
        this.setState((state, props) => {
            return {
                emailError: 'This email is already taken'
            };
        });
        return;     
    } )
    .catch( err => {
        switch ( err.code ) {
            case 'UserNotFoundException':
                // Only here, in .catch error block we actually send a user to sign up
                return this.signUp();
            case 'NotAuthorizedException':
                return true;
            case 'PasswordResetRequiredException':
                return false;
            case 'UserNotConfirmedException':
                return this.props.navigation.navigate('ConfirmRegistrationScreen', {
                    username: email,
                });
            default:
                return false;
        }
    } )

@wzup
wzup

mentioned this issue

Jun 27, 2018

@tcchau

@wzup The sign-in workaround might work just because User Pools require passwords that are 6-characters are longer so in practice, there will never be a user account whose password is ‘123’.

@haverchuck However, even if this workaround works, it’s really bad that the API doesn’t support checking the existence of a user name directly. I’ve been working with Cognito for two years and this feature already exists as a request, but hasn’t been implemented yet, along with the ability for an administrator to reset an account’s password. The combination of these two problems makes it quite difficult to build enterprise applications.

wzup, dabit3, armedoctopus, colkito, icodealone, raynor85, OctavioBR, alecluna, stopitdan, andrentaz, and 10 more reacted with thumbs up emoji

@nabarunchakma

If you can change your User Pool, you can achieve email uniqueness following the step at Forcing Email Uniqueness in Cognito User Pools section in Authentication

It is just below the Sing Up section.

@cor

Are there any updates on this issue?

@heri16

@wzup

There is not function that does this and only this; however, I think if you use the confirmSignUp function and are using email as an alias you will get back an AliasExistsException error.

In any case I am marking this as a feature request, as it seems useful.

Thanks for your feedback.

I looked at the amplify source code.

Auth.confirmSignup() calls cognitoUser.confirmRegistration(code, forceAliasCreation) which then calls this API: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html

The right way to do this (without signIn & signOut) according to the project contributors seems to be this:

const code = '000000'
Auth.confirmSignUp(username, code, {
    // If set to False, the API will throw an AliasExistsException error if the phone number/email used already exists as an alias with a different user
    forceAliasCreation: false
}).then(data => console.log(data))
  .catch( err => {
        switch ( err.code ) {
            case 'UserNotFoundException':
                return true;
            case 'NotAuthorizedException':
                return false;
            case 'AliasExistsException':
                // Email alias already exists
                return false;
            case 'CodeMismatchException':
                return false;
            case 'ExpiredCodeException':
                return false;
            default:
                return false;
        }
    } )
Palisand, DWboutin, brucekaufman, nickchauhan, ravishwetha, lazy-var, andreas-soroko, DSenanayake, chrisyeshi, durfu, and 28 more reacted with thumbs up emoji
lazy-var, durfu, ptrkstr, kavyasoni, mafiusu, mxmzb, and danielfx90 reacted with hooray emoji
Tiagocf2 reacted with heart emoji

@stale

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@saikishored

It’s been a long time since this thread is closed, but I could find a right solution in Cognito SDK.
You may use listUsers function to get user details:
let params = {
UserPoolId: «eu-central-1_xxxxxxx»,
Filter: «email=»abc@xyz.com»»
};
cognito.listUsers(params,function(err,data){
// data object contains all the attributes of the user
}

Note: Filter can be of any other attributes in user pool and «=» can be replaced by few other operators. Please refer «Cognitoidentityserviceprovider SDK

Cognitoidentityserviceprovider SDK
» for more details

@logi-dc

With the above solution when you try to add the credentials to the CISP it doesn’t work

@prog585

Amplify’s default way to handle this scenario is at signUp call. If user exists it will throw UsernameExistsException exception. I have tested it with Usernames
.

@logi-dc

I want to check if a userExists in the pool at a different time to signup is there a method that allows that

@prog585

The default way I mentioned above (as per my research which was a thorough exercise), if otherwise you want to check before final signUp then that can be achieved by using some admin functions (please see the list of admin functions on cognito sdk docs). In calling admin functions you need to think about security perspectives though.

@logi-dc

@akeditzz

Hi, i there any update on this issue?

@anees17861

@akeditzz confirm signup test works perfectly as mentioned previously in this thread. just pass an obvious wrong otp and it will give error. one error is user not exist or something like that. if you got that error then email doesn’t exist in pool. this only works if you use email as an alias for logging in and was verified though

@akeditzz

@anees17861

@akeditzz it’ll work, i use mobile number personally but have tested both. but same rules apply as for email. if signed up it needs to be verified or it won’t work properly. Personally in my case if something goes wrong and user wasn’t able to confirm, i just make him signup again with another username (random uuid in my case). So there will be two accounts created in cognito pool but only one will be confirmed and thus used for future login.

@anees17861

@akeditzz if you are using mobile number remember to use e164 format only. Country specific phone strings will give you issues

@akeditzz

@PavolHlavaty

When I try to use solution proposed by @heri16. I always get error code ExpiredCodeException with message Invalid code provided, please request a code again.

@anees17861

@PavolHlavaty are you sending the code as empty string or a non numerical value? Cognito may be doing format check before proceeding. I send only ’00’ and it works perfectly.

@PavolHlavaty

@anees17861

@PavolHlavaty have you checked for both signed up and non signed up user? And what is the type of username you’ve selected. When I had set up, i was provided with 2 options. one is a username with email and phone as alias and other is using no separate username but rather directly phone number/email as username. I had chosen the first one. Maybe that makes a difference

@lfur

I always get error code ExpiredCodeException with message Invalid code provided, please request a code again.

@PavolHlavaty I was experiencing the same issue as you until reading these docs: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html

Basically the PreventUserExistenceErrors option has to be disabled (ie. enable user existence errors) for your app client, where it was enabled by default in my config.

It can be changed in Cognito console with:
User pools > Selecting your user pool > General settings > App clients > Show Details > Security configuration > Legacy > Save app client changes

With my default setup of amplify I have two app clients (native and web), and ended up changing it for both of them, although don’t know if it that was necessary.

Mohib834, Pat-Berard-MCK, tangrianand, chathura88, Velm14, jonicong, siddiqss, and natuan62 reacted with thumbs up emoji
Pat-Berard-MCK reacted with hooray emoji
Pat-Berard-MCK reacted with heart emoji
Pat-Berard-MCK, tangrianand, humbertou, diegoheleno, and mariegautron reacted with rocket emoji

@fkunecke

Came across this issue and @heri16’s solution worked perfect. If you’re looking for something to just paste in and go, here’s a snippet:

const usernameAvailable = async (username) => {
  // adapted from @herri16's solution: https://github.com/aws-amplify/amplify-js/issues/1067#issuecomment-436492775
  try {
    const res = await Auth.confirmSignUp(username, '000000', {
      // If set to False, the API will throw an AliasExistsException error if the phone number/email used already exists as an alias with a different user
      forceAliasCreation: false
    });
    // this should always throw an error of some kind, but if for some reason this succeeds then the user probably exists.
    return false;
  } catch (err) {
    switch ( err.code ) {
      case 'UserNotFoundException':
          return true;
      case 'NotAuthorizedException':
          return false;
      case 'AliasExistsException':
          // Email alias already exists
          return false;
      case 'CodeMismatchException':
          return false;
      case 'ExpiredCodeException':
          return false;
      default:
          return false;
    }
  }
}

To use:

const available = await usernameAvailable(emailAddress);
console.log(`user ${available ? 'available' : 'not available'}`);

@avi-l

@fkunecke

I tried your example today, but I get ‘ExpiredCodeException’ even when the user doesn’t exist in the user pool

@fkunecke

@avi-leeker You need to follow what @lfur mentioned in your cognito settings (disable PreventUserExistenceErrors).
Also I am no longer using this method and have since migrated my email checking code into a lambda. Here’s what I use now:

const fetch = require('node-fetch');
const aws = require('aws-sdk');
const APP_CLIENT_ID = process.env.APP_CLIENT_ID;

const checkEmailAvailability = async (email) => {
  let available = false;
  let code = '';
  let message = "An error occurred, please try again.";
  let response;

  try {
    var requestOptions = {
      method: 'GET',
      redirect: 'follow'
    };

    const zerobounceApiKey = 'API_KEY';

    if (process.env.ENV === 'master') {
      response = await fetch(`https://api.zerobounce.net/v2/validate?api_key=${zerobounceApiKey}&email=${encodeURIComponent(email)}n&ip_address=`, requestOptions).then(res => res.json());
      console.log('got response from zerobounce');
      console.log(response);
      const deliverable = response.status === 'valid' || response.status === 'catch-all';
      if (!deliverable) {
        console.log('this email address is not deliverable according to zerobounce');
        available = false;
        message = "We can't deliver emails to this address. Please try a different address.";
        code = 'EmailNotDeliverableException';
        return;
      }
    }

    // check with the cognito pool to see if the username is already registered
    var payload = {
      ClientId: APP_CLIENT_ID,
      ConfirmationCode: '0000',
      Username: email, /* required */
    };

    console.log('payload for cognito check');
    console.log(payload);

    response = await (new aws.CognitoIdentityServiceProvider()).confirmSignUp(payload).promise();

    console.log('got response from cognito check');
    console.log(response);
  } catch (e) {
    console.log('caught error in checkEmailAvailability');
    console.log(e);

    code = e.code;
    switch (e.code) {
      case 'UserNotFoundException':
        available = true;
        message = 'Email is available';
        break;
      case 'NotAuthorizedException':
        available = false;
        message = 'Email already registered.';
        break;
      case 'AliasExistsException':
        // Email alias already exists
        available = false;
        message = 'Email already registered.';
        break;
      case 'CodeMismatchException':
        available = false;
        message = 'Email already registered.';
        break;
      case 'ExpiredCodeException':
        available = false;
        message = 'Email already registered.';
        break;
      default:
        available = false;
        message = 'An error occurred, please try again.';
        break;
    }
  } finally {
    return { available, message, code };
  }
};
exports.checkEmailAvailability = checkEmailAvailability;

You will need to put this in a lambda and modify your CF template so it gets the cognito app client ID parameter.

I am also using ZeroBounce to check if the email is deliverable (but I only run it on production). I have had about 10% of my users misspell their emails (my favorite was @33gmail.com). I’ve had pretty good results with their api. You can remove that part if you want.

@avi-l

@fkunecke Thanks! I actually realized sometime after my reply I needed to disable PreventUserExistenceErrors. After doing that I was able to use the below example with success:

export const signIn = async (username, password) => {
    const user = await Auth.signIn(username, password);
    return user;
}

export const cognitoEmailUsed = async (email) => {
    return signIn(email, '123')
        .then(res => {
            console.log(JSON.stringify(res))
            return false;
        })
        .catch(error => {
            const code = error.code;
            console.error(error);
            switch (code) {
                case 'UserNotFoundException':
                    return false;
                case 'NotAuthorizedException':
                    return true;
                case 'PasswordResetRequiredException':
                    return true;
                case 'UserNotConfirmedException':
                    return true;
                default:
                    return false;
            }
        });
}

await cognitoEmailUsed(email)
                .then((res) => {
                    console.log(res)
                    return res;
                })
                .catch(() => {
                    return false;
                })

@paulsjohnson91

So it would appear Amazon have changed something in either cognito or amplify that has broken the sign up process in my production app which meant I had to create an emergency update to allow sign ups.
Previously using

export const cognitoEmailUsed = async (email) => {
    return signIn(email, '123')
        .then(res => {
            console.log(JSON.stringify(res))
            return false;
        })
        .catch(error => {
            const code = error.code;
            console.error(error);
            switch (code) {
                case 'UserNotFoundException':
                    return false;
                case 'NotAuthorizedException':
                    return true;
                case 'PasswordResetRequiredException':
                    return true;
                case 'UserNotConfirmedException':
                    return true;
                default:
                    return false;
            }
        });
}

Would allow you to work out if a user exists or not, however I’m now getting the same NotAuthoriedException for both use cases so this workaround no longer works.

It’s been 3 years since this issue was raised and Amazon have shown no interest in fixing it. I think the only way to safely do this at this point is to write a pre signup lambda to verify instead.

@ashika01

I think during the time the issue was raised there lambda trigger through amplify might not be introduced. But my suggestion would be to write a pre-signup lambda, is there something that would stop you from not wanting to use the lambda?

@ajgoldenwings

I found that none of these answers are acceptable. If you hit these endpoints several times, you will encounter LimitExceededException. Is there a lambda example that exists as @ashika01 commented? Use a separate User Entity? Use a standard User Group and check if member? Become a contributor to this git repository ;)

@aayoushee

@NoxinDVictus

Is there an update on this issue? Tried all the solutions above and nothing worked. This issue has been open for too long. Will Amazon ever consider implementing this feature?

@tcchau

Is there an update on this issue? Tried all the solutions above and nothing worked. This issue has been open for too long. Will Amazon ever consider implementing this feature?

The only way I’ve found to do this consistently in a way that’s not too much of a hack is the following:

  • allow email addresses to be used as an alias for username and use some custom method to create the actual username, e.g. UUID
  • Use the listUser API call with the candidate new user account’s email address
  • If no results are returned then the email address does not exist for any user

The consequence of this is email addresses must be unique per account.

The reason this will work and not getUser is that getUser only returns accounts with verified email address. To be complete you need to check to see if the user has tried to register for an account in the past but never confirmed their email address.

Hope this helps a bit.

Clinton

@oemer-sellwerk

This is really frustrating.
It’s a really bad user experience if the user can only see his username is already taken, when he clicks the «register» button. It should already be checked on blur or focusout event.

For me also the above solutions didn’t work and are outdated. Also they are very hacky and not future-proof.

@tcchau

This is really frustrating. It’s a really bad user experience if the user can only see his username is already taken, when he clicks the «register» button. It should already be checked on blur or focusout event.

For me also the above solutions didn’t work and are outdated. Also they are very hacky and not future-proof.

I can confirm that the approach, as long as you are in a similar environment, i.e. email addresses need to be unique, in #1067 (comment) will work.

Since the ListUsers API can use any alias of the username, i.e. actually username, email address, phone number, it should be future-proof, and just short of a dedicated API for this functionality.

Unfortunately, maybe threads like these where users have discovered workarounds actually discourage the AWS team from implementing a full solution themselves.

@MudabbarHussain

How to send TOPT code via email and phone number when the user signup. aws-cognito.

Источник

Environment

  • Red Hat Single Sign-On (RH-SSO)
    • 7
  • Lightweight Directory Access Protocol (LDAP) or Active Directory Lightweight Directory Service (AD)

Issue

  • Could not able to import users

  • Exception thrown in the logs:

    2017-04-24 09:04:28,016 ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-2) Failed during import user from LDAP: org.keycloak.models.ModelDuplicateException: Can't import user 'user1' from LDAP because email 'abc@example.com' already exists in Keycloak. Existing user with this email is 'user0'
2017-04-24 09:04:28,028 ERROR [org.keycloak.storage.ldap.LDAPStorageProviderFactory] (default task-2) Failed during import user from LDAP: org.keycloak.models.ModelDuplicateException: Can't import user 'user2' from LDAP because email 'abc@example.com' already exists in Keycloak. Existing user with this email is 'user0'

Resolution

This error occurs when single e-mail id is mapped with multiple users.

You can make sure no 2 uses have the same email address, or use one of 2 workarounds:

  1. Delete e-mail mapper
    1. Login into RH-SSO console
    2. Select the appropriate realm
    3. Click on User Federation and Click on appropriate provider
    4. Go to Mappers tab, click on email attribute mapper and click on the delete symbol
      Email Mapper Deletion
  2. Turning on «Duplicate emails» in the Login tab
    1. Login into RH-SSO console
    2. Select the appropriate realm
    3. Go to Login tab and turn off Login with email settings. Then, Duplicate emails appears.
    4. Turn on Duplicate emails and save it.
      duplicate email

Root Cause

RH-SSO does not allow multiple user to have same email-id when Login with email is enabled, which is the default.



  • Product(s)
  • Red Hat Single Sign-On


  • Component
  • jbossas


  • Category
  • Troubleshoot


  • Tags
  • active_directory
  • email
  • jboss_security
  • ldap
  • security

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Источник

Понравилась статья? Поделить с друзьями:
  • Error user exists перевод
  • Error user count
  • Error user asked for termination
  • Error user admin exists
  • Error useosallocators option could not be applied because скайрим