Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Pedro Mendes 53 posts 258 karma points
    Oct 25, 2023 @ 00:42
    Pedro Mendes
    0

    Verifying member password reset token

    Hey there folks,

    I'm using Umbraco 12 and I wanted to provide a "forgot password" mechanism to frontend members.

    I'm currently asking for the e-mail to get the MemberIdentityUser member and then using the MemberManager.GeneratePasswordResetTokenAsync(member) to get the token. I then encode it and send the e-mail with the encoded token.

    After clicking the link in the e-mail, a controller is called with the encoded token and the user. A token validation is performed using MemberManager.VerifyUserTokenAsync(member, _options.Tokens.PasswordResetTokenProvider, UserManager<MemberIdentityUser>.ResetPasswordTokenPurpose, token)

    I've also tried MemberManager.VerifyUserTokenAsync(member, "Default", "ResetPassword", token)

    Both return false. I've debugged it and can confirm the token sent (before encoding) matches the received token.

    What am I missing here?

    Thanks

    Copy Link
  • Pedro Mendes 53 posts 258 karma points
    Oct 27, 2023 @ 00:05
    Pedro Mendes
    0

    little update: I've tried using UserManager<MemberIdentityUser> instead of MemberManager to generate and verify token but still it will always return false.

    I've also tried every possible combination of provider and purpose.

    Is there any other way to verify the token? -_-

    Copy Link
  • Pedro Mendes 53 posts 258 karma points
    Nov 03, 2023 @ 19:08
    Pedro Mendes
    100

    My mistake, I was creating a new() UmbracoIdentityMember (not persisted) user with the member.Id instead of fetching one which led to different token signature.

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft