Reset password - Invalid token #1326 | Support

alexander.nikonov created 3 years ago

ABP Framework version: v4.3.0
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes

I have the following error in my solution running on ABP 4.3.0 after submitting a new password in the forgotten password box: "VerifyUserTokenAsync() failed with purpose: ResetPassword for user."

I test everything on localhost in VS debug mode using a non-default tenant. As far as I remember, it used to work in the ABP 3.x.x. Any ideas, suggestions?

On other hand, ResetPassword works OK in test generated 4.3.0 solution on default tenant. So I cannot figure out what could be wrong...

What I have noticed is that ResetToken is a bit shorter in Test app...

Just in case if it matters: I have custom ProfileAppService.

Please make a note I am trying this code now:

    public override async Task ResetPasswordAsync(ResetPasswordDto input)
    {
        await IdentityOptions.SetAsync();

        var user = await UserManager.GetByIdAsync(input.UserId);

        (await UserManager.ResetPasswordAsync(user, input.ResetToken, input.Password)).CheckErrors();

        await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
        {
            Identity = IdentitySecurityLogIdentityConsts.Identity,
            Action = IdentitySecurityLogActionConsts.ChangePassword
        });
    }

But since I need to change the password for ALL TENANTS having such loginname I will need to use a custom implementation of AccountAppService :

    public override async Task ResetPasswordAsync(ResetPasswordDto input)
    {
        await IdentityOptions.SetAsync();

        var currentUser = await UserManager.GetByIdAsync(input.UserId);

        var tenants = await _abxUserRepository.FindTenantsByLoginAsync(currentUser.UserName);

        foreach (var tenant in tenants)
        {
            using (CurrentTenant.Change(tenant.AbpId))
            {
                var tenantUser = await UserManager.GetByIdAsync(input.UserId);

                // Generate reset token for tenantUser!
                
                (await UserManager.ResetPasswordAsync(tenantUser, /*resetToken for tenantUser */, input.Password)).CheckErrors();

                await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
                {
                    Identity = IdentitySecurityLogIdentityConsts.Identity,
                    Action = IdentitySecurityLogActionConsts.ChangePassword
                });
            }
        }
    }

Go to accepted answer

2 Answer(s)

alexander.nikonov created 3 years ago

Seems like I have managed to write it properly. Could you please regain my commercial tickets count, since I've resolved this one myself??

    public override async Task ResetPasswordAsync(ResetPasswordDto input)
    {
        await IdentityOptions.SetAsync();

        var currentUser = await UserManager.GetByIdAsync(input.UserId);

        var tenants = await _abxUserRepository.FindTenantsByLoginAsync(currentUser.UserName);

        foreach (var tenant in tenants)
        {
            using (CurrentTenant.Change(tenant.AbpId))
            {
                var abxUser = await _abxUserRepository.FindUserByLoginAsync(currentUser.UserName, tenant.Id);

                var tenantUser = await UserManager.GetByIdAsync(abxUser.Id);

                var tenantUserResetToken = await UserManager.GeneratePasswordResetTokenAsync(tenantUser);

                (await UserManager.ResetPasswordAsync(tenantUser, tenantUserResetToken, input.Password)).CheckErrors();

                await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
                {
                    Identity = IdentitySecurityLogIdentityConsts.Identity,
                    Action = IdentitySecurityLogActionConsts.ChangePassword
                });
            }
        }
    }

0

maliming created 3 years ago
Support Team Fullstack Developer

hi

Refunded

Have an answer to this question? Log in and write your answer.