member forgot password feature

Go to solution

Press Ctrl / CMD + C to copy this to your clipboard.

Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

Philip Hayton 98 posts 435 karma points

Mar 17, 2022 @ 20:56
0

Member Forgot Password Feature
Hi guys,

I'm having trouble implementing a password reset feature for members who have forgotton their password.

The flow is fairly standard:
1. User submits their email
2. If the user exists, we generate a token for them using IMemberManager GeneratePasswordResetTokenAsync(member)
3. The token is sent to the member via email
4. The member clicks the link, opening a form with the token sent above
5. Member submits the form with new password
6. We try to reset the password using IMemberManager ResetPasswordAsync OR ChangePasswordWithResetAsync
Neither of these methods works though, I keep getting TokenInvalid error, no matter what I try.

Am I missing something? Or am I barking up the wrong tree?

Any help is greatly appreciated!
Copy Link
Ambert van Unen 175 posts 819 karma points c-trib

Mar 18, 2022 @ 07:37
100
Oh my, you do not know how long I've been struggling with this aswell a few weeks ago, haha, token was always invalid for some reason.

In the end I chose a different route.

I generated my own guid (key) and stored it with the member properties, and send it with the email.

When the user clicks the link in the email, the guid is attached to the URL, so you can verify it on the backend.

Then instead of using the ChangePasswordWithResetAsync method, I did something like this:
```
//Injected 
 private readonly IPasswordChanger<MemberIdentityUser> _passwordChanger;

//Code
//Check if supplied Guid matches the member being reset
//If so, reset password:

 var changePasswordModel = new ChangingPasswordModel()
        {
            Id = Convert.ToInt32(member.Id),
            NewPassword = model.ConfirmPassword,
            OldPassword = null
        };
  await _passwordChanger.ChangePasswordWithIdentityAsync(changePasswordModel , _memberManager);
```
And it works!
Copy Link
Philip Hayton 98 posts 435 karma points

Mar 18, 2022 @ 10:51

0

Ha, glad to hear it's not just me! I used your method on older versions of Umbraco but saw the new API and assumed _memberManager.GeneratePasswordResetTokenAsync is the correct way to go now.

Maybe someone wiser than me can shed some light, but in the mean time I've just used your method.

Gracias amigo

Copy Link
Ambert van Unen 175 posts 819 karma points c-trib

Mar 18, 2022 @ 10:57

0

That was exactly my initial plan..haha!

You're welcome!

Copy Link

Lucas Michaelsen 32 posts 233 karma points

Mar 18, 2022 @ 08:45

Hello,

I did a RequstChange, where i crate a token:

var code = await _userManager.GeneratePasswordResetTokenAsync(identityUser);

This token is sent with the email, and on the reset password page I stored the token in a hidden field so in the API look like this.

PostSetPassword(int userId, string password, string restCode)
{
        var identityUser = await _memberManager.FindByIdAsync(userId.ToString(CultureInfo.InvariantCulture));

        var result = await _memberManager.ResetPasswordAsync(identityUser, resetCode, password);
        if (result.Succeeded) { ... }
}

Copy Link

Rafael Gino 1 post 75 karma points

Sep 16, 2022 @ 20:10

4

Hello, I had the same issue while I was doing a forgot password feature. Turns out that the problem was the translated token on the email so I encoded the token before send the email: HttpUtility.UrlEncode(token)

This way you won't have issues with unwanted characters or blanks spaces on the generated token

Copy Link
Lewis Smith 211 posts 620 karma points c-trib

Jun 11, 2024 @ 18:31

0

Ran into the whole invalid token thing as well, Rafael, you champ, worked a treat.

Copy Link
is working on a reply...

Please Sign in or register to post replies

Flag this post as spam?