fix(api-security-cognito): skip validation if email is not updated

Pavel910 · Pavel910 · commit a84a4d84564b · 2026-01-15T14:35:30.000+01:00
diff --git a/packages/api-security-cognito/__tests__/users.test.ts b/packages/api-security-cognito/__tests__/users.test.ts
@@ -257,6 +257,53 @@ describe("Security User CRUD Test", () => {
         });
     });
 
+    test("should not allow to update user with an existing email", async () => {
+        // Let's create a user.
+        const [createUserAResponse] = await adminUsers.create({
+            data: {
+                ...mocks.userA,
+                password: "12345678",
+                groups: []
+            }
+        });
+
+        const userA = createUserAResponse.data.adminUsers.createUser.data;
+
+        const [createUserBResponse] = await adminUsers.create({
+            data: {
+                ...mocks.userB,
+                password: "12345678",
+                groups: []
+            }
+        });
+
+        const userB = createUserBResponse.data.adminUsers.createUser.data;
+
+        // Let's update the "userB" name
+        const [updateUserResponse] = await adminUsers.update({
+            id: userB.id,
+            data: {
+                // Use an existing email of another user.
+                email: userA.email
+            }
+        });
+
+        expect(updateUserResponse).toEqual({
+            data: {
+                adminUsers: {
+                    updateUser: {
+                        data: null,
+                        error: {
+                            code: "UPDATE_USER_ERROR",
+                            message: "Email is already taken!",
+                            data: null
+                        }
+                    }
+                }
+            }
+        });
+    });
+
     test("should return current user based on identity", async () => {
         const [groupResponseA] = await securityGroups.get({ slug: "full-access" });
         const fullAccessGroup = groupResponseA.data.security.getGroup.data;
diff --git a/packages/api-security-cognito/src/createAdminUsersHooks.ts b/packages/api-security-cognito/src/createAdminUsersHooks.ts
@@ -76,7 +76,7 @@ export const createAdminUsersHooks = () => {
         adminUsers.onUserBeforeUpdate.subscribe(async ({ user, updateData }) => {
             const tenant = getTenant();
 
-            if (!tenant) {
+            if (!tenant || !updateData.email) {
                 return;
             }
 
diff --git a/packages/api-security-cognito/src/graphql/user.gql.ts b/packages/api-security-cognito/src/graphql/user.gql.ts
@@ -100,7 +100,10 @@ export default (params: CreateUserGraphQlPluginsParams) => {
 
                             return new Response(user);
                         } catch (e) {
-                            return new ErrorResponse(e);
+                            return new ErrorResponse({
+                                message: e.message,
+                                code: e.code
+                            });
                         }
                     },
                     deleteUser: async (_, { id }: any, context) => {

Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,7 @@ export const createAdminUsersHooks = () => {`
`76`	`76`	`adminUsers.onUserBeforeUpdate.subscribe(async ({ user, updateData }) => {`
`77`	`77`	`const tenant = getTenant();`
`78`	`78`
`79`		`- if (!tenant) {`
	`79`	`+ if (!tenant \|\| !updateData.email) {`
`80`	`80`	`return;`
`81`	`81`	`}`
`82`	`82`