Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Philip Hayton 73 posts 368 karma points
    Mar 17, 2022 @ 20:56
    Philip Hayton
    0

    Member Forgot Password Feature

    Hi guys,

    I'm having trouble implementing a password reset feature for members who have forgotton their password.

    The flow is fairly standard:

    1. User submits their email
    2. If the user exists, we generate a token for them using IMemberManager GeneratePasswordResetTokenAsync(member)
    3. The token is sent to the member via email
    4. The member clicks the link, opening a form with the token sent above
    5. Member submits the form with new password
    6. We try to reset the password using IMemberManager ResetPasswordAsync OR ChangePasswordWithResetAsync

    Neither of these methods works though, I keep getting TokenInvalid error, no matter what I try.

    Am I missing something? Or am I barking up the wrong tree?

    Any help is greatly appreciated!

  • Ambert van Unen 166 posts 778 karma points c-trib
    Mar 18, 2022 @ 07:37
    Ambert van Unen
    100

    Oh my, you do not know how long I've been struggling with this aswell a few weeks ago, haha, token was always invalid for some reason.

    In the end I chose a different route.

    I generated my own guid (key) and stored it with the member properties, and send it with the email.

    When the user clicks the link in the email, the guid is attached to the URL, so you can verify it on the backend.

    Then instead of using the ChangePasswordWithResetAsync method, I did something like this:

    //Injected 
     private readonly IPasswordChanger<MemberIdentityUser> _passwordChanger;
    
    //Code
    //Check if supplied Guid matches the member being reset
    //If so, reset password:
    
     var changePasswordModel = new ChangingPasswordModel()
            {
                Id = Convert.ToInt32(member.Id),
                NewPassword = model.ConfirmPassword,
                OldPassword = null
            };
      await _passwordChanger.ChangePasswordWithIdentityAsync(changePasswordModel , _memberManager);
    

    And it works!

  • Philip Hayton 73 posts 368 karma points
    Mar 18, 2022 @ 10:51
    Philip Hayton
    0

    Ha, glad to hear it's not just me! I used your method on older versions of Umbraco but saw the new API and assumed _memberManager.GeneratePasswordResetTokenAsync is the correct way to go now.

    Maybe someone wiser than me can shed some light, but in the mean time I've just used your method.

    Gracias amigo

  • Ambert van Unen 166 posts 778 karma points c-trib
    Mar 18, 2022 @ 10:57
    Ambert van Unen
    0

    That was exactly my initial plan..haha!

    You're welcome!

  • Lucas Michaelsen 32 posts 230 karma points
    Mar 18, 2022 @ 08:45
    Lucas Michaelsen
    0

    Hello,

    I did a RequstChange, where i crate a token:

    var code = await _userManager.GeneratePasswordResetTokenAsync(identityUser);
    

    This token is sent with the email, and on the reset password page I stored the token in a hidden field so in the API look like this.

    PostSetPassword(int userId, string password, string restCode)
    {
            var identityUser = await _memberManager.FindByIdAsync(userId.ToString(CultureInfo.InvariantCulture));
    
            var result = await _memberManager.ResetPasswordAsync(identityUser, resetCode, password);
            if (result.Succeeded) { ... }
    }
    
  • Rafael Gino 1 post 71 karma points
    1 week ago
    Rafael Gino
    0

    Hello, I had the same issue while I was doing a forgot password feature. Turns out that the problem was the translated token on the email so I encoded the token before send the email: HttpUtility.UrlEncode(token)

    This way you won't have issues with unwanted characters or blanks spaces on the generated token

Please Sign in or register to post replies

Write your reply to:

Draft