From faaf0003a907981a085af2fd3a61a1660ad8659d Mon Sep 17 00:00:00 2001
From: Ramesh Maddegoda <94033485+ramesh-maddegoda@users.noreply.github.com>
Date: Wed, 12 Feb 2025 11:47:38 -0800
Subject: [PATCH] UPDATE to add a message asking to check Cognito user groups
 when the login is failed.

---
 .../cognito-auth/lambda/package/pds_nucleus_alb_auth.py        | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/terraform/terraform-modules/cognito-auth/lambda/package/pds_nucleus_alb_auth.py b/terraform/terraform-modules/cognito-auth/lambda/package/pds_nucleus_alb_auth.py
index c3961c1..c9d967c 100644
--- a/terraform/terraform-modules/cognito-auth/lambda/package/pds_nucleus_alb_auth.py
+++ b/terraform/terraform-modules/cognito-auth/lambda/package/pds_nucleus_alb_auth.py
@@ -136,6 +136,9 @@ def login(headers, query_params=None, user_claims=None,iam_role_arn=None):
     except Exception as error:
         logger.error(str(error))
 
+    if not redirect:
+        redirect = close(headers, f"Login Failed. Please check your Cognito user groups", status_code=401)
+
     return redirect
 
 def get_mwaa_client(role_arn, user):