0
peyman@debtrak.com created
ABP Framework version: v5.3.4
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes Hi .we want for security in Forgot password , flow and messages be the same when an account exist or not exist, how can I do that? and i want to know how override SendPasswordResetCodeAsync and config it.
1 Answer(s)
-
0
Hi,
You can try to override the
SendPasswordResetCodeAsyncmethod to handle the exception.For example:
[Dependency(ReplaceServices = true)] [ExposeServices(typeof(IAccountAppService))] public class MyAccountAppService: AccountAppService { public MyAccountAppService( IdentityUserManager userManager, IAccountEmailer accountEmailer, IAccountPhoneService phoneService, IIdentityRoleRepository roleRepository, IdentitySecurityLogManager identitySecurityLogManager, IBlobContainer<AccountProfilePictureContainer> accountProfilePictureContainer, ISettingManager settingManager, IOptions<IdentityOptions> identityOptions, IIdentitySecurityLogRepository securityLogRepository) : base(userManager, accountEmailer, phoneService, roleRepository, identitySecurityLogManager, accountProfilePictureContainer, settingManager, identityOptions, securityLogRepository) { } public override async Task SendPasswordResetCodeAsync(SendPasswordResetCodeDto input) { try { var user = await GetUserByEmail(input.Email); var resetToken = await UserManager.GeneratePasswordResetTokenAsync(user); await AccountEmailer.SendPasswordResetLinkAsync(user, resetToken, input.AppName, input.ReturnUrl, input.ReturnUrlHash); } catch (Exception e) { throw new UserFriendlyException("custom message"); } } }
