Starts in:
2 DAYS
6 HRS
29 MIN
35 SEC
Starts in:
2 D
6 H
29 M
35 S
Open Closed

Forget Password Page not routing without user logged in #8125


User avatar
0
buraksahin94 created

Hi We use Angular pages with ABP Framework Layered Architecture. We moved the user login process to the Angular project. When we click on the I forgot my password link, a password reset link is sent as an e-mail. When we click on this link, the password change page does not open. As a result of our tests, we found that it does not open because the user is not logged in. When the user clicks on this link after logging in to the system, the password change page opens. This page is a page that should open when the user is not logged in.

Apart from this, is there a period of time that the password change link is valid? We want this link to be valid for 15 minutes.

We would like your support on these two issues.

Thanks for your support.

  • ABP Framework version: v8.3.1
  • UI Type: Angular
  • Database System: EF Core (PostgreSQL)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes(Auth Server Separated for Angular)
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

11 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    We moved the user login process to the Angular project.

    Do you mean you use the password grant type?

    https://abp.io/docs/latest/framework/ui/angular/authorization#resource-owner-password-flow

    is there a period of time that the password change link is valid? We want this link to be valid for 15 minutes.

    Change the TokenLifespan(1 day default) of DataProtectionTokenProviderOptions.

    https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.dataprotectiontokenprovideroptions.tokenlifespan?view=aspnetcore-8.0#microsoft-aspnetcore-identity-dataprotectiontokenprovideroptions-tokenlifespan

  • User Avatar
    0
    buraksahin94 created

    hi

    We moved the user login process to the Angular project.

    Do you mean you use the password grant type?

    https://abp.io/docs/latest/framework/ui/angular/authorization#resource-owner-password-flow

    Hello,

    Yes, the grant type 'password' we use.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please share the full email content.

    Thanks

  • User Avatar
    0
    buraksahin94 created

    hi

    Please share the full email content.

    Thanks

    Hi,

    I share the content of the e-mail.

    Thanks,

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    When we click on the I forgot my password link, a password reset link is sent as an e-mail.

    What is the forgot password page? angular or mvc?

    Can you share the code of Configure<AppUrlOptions> in your project?

    You should set the PasswordReset to account/reset-password

    Configure<AppUrlOptions>(options =>
    {
        options.Applications["MVC"].RootUrl = configuration["App:SelfUrl"];
        options.RedirectAllowedUrls.AddRange(configuration["App:RedirectAllowedUrls"]?.Split(',') ?? Array.Empty<string>());
    
        options.Applications["Angular"].RootUrl = configuration["App:AngularUrl"];
        options.Applications["Angular"].Urls[AccountUrlNames.PasswordReset] = "account/reset-password";
        options.Applications["Angular"].Urls[AccountUrlNames.EmailConfirmation] = "account/email-confirmation";
    
    });
    
  • User Avatar
    0
    buraksahin94 created

    Hi,

    In our Angular project, we have implemented a "Forgot My Password" page and included all necessary modules. However, when users click on the verification link, the Angular email verification page does not open as expected because the user is not authenticated. If the user is already logged in, they can access the page via the provided URL. However, this page should be accessible without requiring login, as it is intended for users who have forgotten their password and need to reset it via the link.

    Thanks,

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I have checked.

    The account/src/Volo.Abp.Account.Pro.Public.Web/Pages/Account/ResetPassword.cshtml page can be accessed by an anonymous user.

  • User Avatar
    0
    buraksahin94 created

    Hi,

    Yes, we can access this page from the Blazor application, but we moved these parts to the Angular project and we cannot access this page from Angular.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    What will happen if you access http://localhost:4200/account/reset-password?xxx page?

    Can you check the browser console and network panel?

    What are logs of backend app during access?

  • User Avatar
    0
    buraksahin94 created

    Hi,

    In our Angular project, we have implemented a "Forgot My Password" page and included all necessary modules. However, when users click on the verification link, the Angular email verification page does not open as expected because the user is not authenticated. If the user is already logged in, they can access the page via the provided URL. However, this page should be accessible without requiring login, as it is intended for users who have forgotten their password and need to reset it via the link.

    Thanks,

    It appears that the page cannot be accessed without logging in. Could you please ensure that the login requirements are met, or provide further instructions on how to access the content.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    ok, I see, our angular team will reply you a solution.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06