Added the condition to check if received token for reset password is encoded or not

2025-03-28 13:08:50 +05:30 · 2025-03-28 13:08:50 +05:30 · 35da59304d
commit 35da59304d
parent c701187223
1 changed files with 19 additions and 3 deletions
--- a/Marco.Pms.Services/Controllers/AuthController.cs
+++ b/Marco.Pms.Services/Controllers/AuthController.cs
@ -162,12 +162,28 @@ namespace MarcoBMS.Services.Controllers
                    UserManager<ApplicationUser>.ResetPasswordTokenPurpose,
                   WebUtility.UrlDecode( model.Token)
                );
-
+            string token = "";

            if (!isTokenValid)
-                return BadRequest("Invalid or expired token.");
+            {
+                var isDecodedTokenValid = await _userManager.VerifyUserTokenAsync(
+                    user,
+                    TokenOptions.DefaultProvider, // This is the token provider
+                    UserManager<ApplicationUser>.ResetPasswordTokenPurpose,
+                   model.Token
+                );
+                if(!isDecodedTokenValid)
+                    return BadRequest("Invalid or expired token.");

-            var result = await _userManager.ResetPasswordAsync(user, WebUtility.UrlDecode(model.Token), model.NewPassword);
+                token = model.Token;
+            }
+            else
+            {
+                token = WebUtility.UrlDecode(model.Token);
+            }
+
+
+                var result = await _userManager.ResetPasswordAsync(user, token, model.NewPassword);
            if (!result.Succeeded)
                return BadRequest(result.Errors);