From 35da59304d0a0413ed41faafcbcc81900329e6d8 Mon Sep 17 00:00:00 2001
From: unknown <ashutosh.nehete@marcoaiot.com>
Date: Fri, 28 Mar 2025 13:08:50 +0530
Subject: [PATCH] Added the condition to check if received token for reset
 password is encoded or not

---
 .../Controllers/AuthController.cs             | 22 ++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/Marco.Pms.Services/Controllers/AuthController.cs b/Marco.Pms.Services/Controllers/AuthController.cs
index 2259142..6b8a2bb 100644
--- a/Marco.Pms.Services/Controllers/AuthController.cs
+++ b/Marco.Pms.Services/Controllers/AuthController.cs
@@ -162,12 +162,28 @@ namespace MarcoBMS.Services.Controllers
                     UserManager<ApplicationUser>.ResetPasswordTokenPurpose,
                    WebUtility.UrlDecode( model.Token)
                 );
-
+            string token = "";
 
             if (!isTokenValid)
-                return BadRequest("Invalid or expired token.");
+            {
+                var isDecodedTokenValid = await _userManager.VerifyUserTokenAsync(
+                    user,
+                    TokenOptions.DefaultProvider, // This is the token provider
+                    UserManager<ApplicationUser>.ResetPasswordTokenPurpose,
+                   model.Token
+                );
+                if(!isDecodedTokenValid)
+                    return BadRequest("Invalid or expired token.");
 
-            var result = await _userManager.ResetPasswordAsync(user, WebUtility.UrlDecode(model.Token), model.NewPassword);
+                token = model.Token;
+            }
+            else
+            {
+                token = WebUtility.UrlDecode(model.Token);
+            }
+
+
+                var result = await _userManager.ResetPasswordAsync(user, token, model.NewPassword);
             if (!result.Succeeded)
                 return BadRequest(result.Errors);