New Tenant admin password is not validated #4829

2 Answer(s)

• 

  0

  liangshiwei created one year ago

  Support Team Fullstack Developer

  Hi,

  I will check it.

  Save Cancel
• 

  0

  liangshiwei created one year ago

  Support Team Fullstack Developer

  Hi,

  this is a known issue because SAAS and Identity are two separate modules, the password cannot be verified in the module.

  But you can custom it in your project:

  [Dependency(ReplaceServices = true)]
  [ExposeServices(typeof(ITenantAppService))]
  public class MyTenantAppService : TenantAppService
  {
      protected IOptions<IdentityOptions> IdentityOptions { get; }
      private IdentityUserManager _userManager;
  
      public MyTenantAppService(
          ITenantRepository tenantRepository,
          IEditionRepository editionRepository,
          ITenantManager tenantManager,
          IDataSeeder dataSeeder,
          IDistributedEventBus distributedEventBus,
          IOptions<AbpDbConnectionOptions> dbConnectionOptions,
          IConnectionStringChecker connectionStringChecker,
          IOptions<IdentityOptions> identityOptions, IdentityUserManager userManager) : base(tenantRepository, editionRepository, tenantManager, dataSeeder, distributedEventBus, dbConnectionOptions, connectionStringChecker)
      {
          IdentityOptions = identityOptions;
          _userManager = userManager;
      }
  
      public async override Task<SaasTenantDto> CreateAsync(SaasTenantCreateDto input)
      {
          if (!input.AdminPassword.IsNullOrWhiteSpace())
          {
              await ValidPasswordAsync(input.AdminPassword);
          }
  
          return await base.CreateAsync(input);
      }
  
      public async override Task SetPasswordAsync(Guid id, SaasTenantSetPasswordDto input)
      {
          await ValidPasswordAsync(input.Password);
          await base.SetPasswordAsync(id, input);
      }
  
      private async Task ValidPasswordAsync(string password)
      {
          var errors = new List<IdentityError>();
          var isValid = true;
          await IdentityOptions.SetAsync();
  
          foreach (var passwordValidator in _userManager.PasswordValidators)
          {
              var result = await passwordValidator.ValidateAsync(_userManager, null, password);
              if (!result.Succeeded)
              {
                  if (result.Errors.Any())
                  {
                      errors.AddRange(result.Errors);
                  }
  
                  isValid = false;
              }
          }
  
          if (!isValid)
          {
              IdentityResult.Failed(errors.ToArray()).CheckErrors();
          }
      }
  }
  

  

  Save Cancel