Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Philip Hayton 98 posts 435 karma points
    Mar 17, 2022 @ 20:56
    Philip Hayton
    0

    Member Forgot Password Feature

    Using Umbraco And Getting Started
    Umbraco 9

    Hi guys,

    I'm having trouble implementing a password reset feature for members who have forgotton their password.

    The flow is fairly standard:

    1. User submits their email
    2. If the user exists, we generate a token for them using IMemberManager GeneratePasswordResetTokenAsync(member)
    3. The token is sent to the member via email
    4. The member clicks the link, opening a form with the token sent above
    5. Member submits the form with new password
    6. We try to reset the password using IMemberManager ResetPasswordAsync OR ChangePasswordWithResetAsync

    Neither of these methods works though, I keep getting TokenInvalid error, no matter what I try.

    Am I missing something? Or am I barking up the wrong tree?

    Any help is greatly appreciated!

    Copy Link
  • Ambert van Unen 175 posts 817 karma points c-trib
    Mar 18, 2022 @ 07:37
    Ambert van Unen
    100

    Oh my, you do not know how long I've been struggling with this aswell a few weeks ago, haha, token was always invalid for some reason.

    In the end I chose a different route.

    I generated my own guid (key) and stored it with the member properties, and send it with the email.

    When the user clicks the link in the email, the guid is attached to the URL, so you can verify it on the backend.

    Then instead of using the ChangePasswordWithResetAsync method, I did something like this:

    //Injected 
 private readonly IPasswordChanger<MemberIdentityUser> _passwordChanger;

//Code
//Check if supplied Guid matches the member being reset
//If so, reset password:

 var changePasswordModel = new ChangingPasswordModel()
        {
            Id = Convert.ToInt32(member.Id),
            NewPassword = model.ConfirmPassword,
            OldPassword = null
        };
  await _passwordChanger.ChangePasswordWithIdentityAsync(changePasswordModel , _memberManager);

    And it works!

    Copy Link
  • Philip Hayton 98 posts 435 karma points
    Mar 18, 2022 @ 10:51
    Philip Hayton
    0

    Ha, glad to hear it's not just me! I used your method on older versions of Umbraco but saw the new API and assumed _memberManager.GeneratePasswordResetTokenAsync is the correct way to go now.

    Maybe someone wiser than me can shed some light, but in the mean time I've just used your method.

    Gracias amigo

    Copy Link
  • Ambert van Unen 175 posts 817 karma points c-trib
    Mar 18, 2022 @ 10:57
    Ambert van Unen
    0

    That was exactly my initial plan..haha!

    You're welcome!

    Copy Link
  • Lucas Michaelsen 32 posts 232 karma points
    Mar 18, 2022 @ 08:45
    Lucas Michaelsen
    1

    Hello,

    I did a RequstChange, where i crate a token:

    var code = await _userManager.GeneratePasswordResetTokenAsync(identityUser);

    This token is sent with the email, and on the reset password page I stored the token in a hidden field so in the API look like this.

    PostSetPassword(int userId, string password, string restCode)
{
        var identityUser = await _memberManager.FindByIdAsync(userId.ToString(CultureInfo.InvariantCulture));

        var result = await _memberManager.ResetPasswordAsync(identityUser, resetCode, password);
        if (result.Succeeded) { ... }
}
    Copy Link
  • Rafael Gino 1 post 73 karma points
    Sep 16, 2022 @ 20:10
    Rafael Gino
    2

    Hello, I had the same issue while I was doing a forgot password feature. Turns out that the problem was the translated token on the email so I encoded the token before send the email: HttpUtility.UrlEncode(token)

    This way you won't have issues with unwanted characters or blanks spaces on the generated token

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft