admin/marco.pms.api
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Added the condition to check if received token for reset password is encoded or not

Browse Source
This commit is contained in:
unknown 2025-03-28 13:08:50 +05:30 committed by Pramod Mahajan
parent 6ae2912a52
commit c071b7ecaf
1 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Marco.Pms.Services/Controllers/AuthController.cs
View File

@ -162,12 +162,28 @@ namespace MarcoBMS.Services.Controllers
UserManager<ApplicationUser>.ResetPasswordTokenPurpose, UserManager<ApplicationUser>.ResetPasswordTokenPurpose,
WebUtility.UrlDecode( model.Token) WebUtility.UrlDecode( model.Token)
); );
string token = "";
if (!isTokenValid) if (!isTokenValid)
return BadRequest("Invalid or expired token."); {
var isDecodedTokenValid = await _userManager.VerifyUserTokenAsync(
user,
TokenOptions.DefaultProvider, // This is the token provider
UserManager<ApplicationUser>.ResetPasswordTokenPurpose,
model.Token
);
if(!isDecodedTokenValid)
return BadRequest("Invalid or expired token.");
var result = await _userManager.ResetPasswordAsync(user, WebUtility.UrlDecode(model.Token), model.NewPassword); token = model.Token;
}
else
{
token = WebUtility.UrlDecode(model.Token);
}
var result = await _userManager.ResetPasswordAsync(user, token, model.NewPassword);
if (!result.Succeeded) if (!result.Succeeded)
return BadRequest(result.Errors); return BadRequest(result.Errors);