Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Mila Pandurska 75 posts 354 karma points
    Oct 28, 2019 @ 09:37
    Mila Pandurska
    1

    How to change member password

    Hi,

    How I can change the password for a logged in in Front end site member in Umbraco 8? In IMemberService I see only SavePassword() method but it dones't take into account the oldPassword.

    Regards Mila

    Copy Link
  • Rihab 104 posts 388 karma points
    Oct 31, 2019 @ 12:27
    Rihab
    0

    Same issue.

    Copy Link
  • Steve Megson 151 posts 1024 karma points MVP c-trib
    Oct 31, 2019 @ 12:54
    Steve Megson
    0

    There's a ChangePassword method on MembershipHelperwhich should do the job. Something like this:

    var passwordModel = new ChangingPasswordModel { OldPassword = "foo", NewPassword = "bar" };
var result = Umbraco.MembershipHelper.ChangePassword(username, passwordModel, Constants.Conventions.Member.UmbracoMemberProviderName);
    Copy Link
  • Mila Pandurska 75 posts 354 karma points
    Oct 31, 2019 @ 13:06
    Mila Pandurska
    0

    Hi,

    I managed to change password with the following code:

    var provider = MembershipProviderExtensions.GetMembersMembershipProvider();
                    if (provider.IsUmbracoMembershipProvider())
                    {
                        bool result = provider.ChangePassword(username, model.OldPassword, model.NewPassword);
                        if (result)
                        {
                            ViewBag.Success = true;
                            return CurrentUmbracoPage();
                        }
                    }

    The problem that I have now is that event though the oldPassword is wrong it updates my password with the new one.

    I am a bit confused what providers, services, methods I should use in Umbraco 8 in order to handle this. What is the recommended way?

    Mila

    Copy Link
  • Mila Pandurska 75 posts 354 karma points
    Nov 04, 2019 @ 09:23
    Mila Pandurska
    1

    I search the Umbraco 8 source code and find this in UmbracoMembershipProvider.

    protected override bool PerformChangePassword(string username, string oldPassword, string newPassword)
    {
        //NOTE: due to backwards compatibility reasons (and UX reasons), this provider doesn't care about the old password and
        // allows simply setting the password manually so we don't really care about the old password.
        // This is allowed based on the overridden AllowManuallyChangingPassword option.

        // in order to support updating passwords from the umbraco core, we can't validate the old password
        var m = MemberService.GetByUsername(username);
        if (m == null) return false;

        string salt;
        var encodedPassword = EncryptOrHashNewPassword(newPassword, out salt);

        m.RawPasswordValue = FormatPasswordForStorage(encodedPassword, salt);
        m.LastPasswordChangeDate = DateTime.Now;

        MemberService.Save(m);

        return true;
    }

    Here the old password is not checked. I need to validate the oldPassword. How I can do that?

    Mila

    Copy Link
  • Damien Holley 181 posts 542 karma points
    Sep 06, 2020 @ 09:45
    Damien Holley
    0

    +1 to this.

    Copy Link
  • Damien Holley 181 posts 542 karma points
    Sep 06, 2020 @ 09:49
    Damien Holley
    0

    Possibly use Members.ChangePassword([username], [changingpasswordmodel], [MembersMembershipProvider])

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies