Open Closed

New Tenant admin password is not validated #4829


User avatar
0
dkaczor created
  • ABP Framework version: v7.1.1
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

I created a new project using abp suite. I log in as a host and create new tenant. I the "New tenant" modal I need to input an email and a password. The password is not validated. I can pass a single character and there are no validation messages. I does not comply with the setting where I can decide if the password has to have one lowercase, one uppercase etc. The validation works in angular. I need the password validation method in another (custom) public page where I allow users to create a new tenant and subscription with stripe.


2 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I will check it.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    this is a known issue because SAAS and Identity are two separate modules, the password cannot be verified in the module.

    But you can custom it in your project:

    [Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(ITenantAppService))]
    public class MyTenantAppService : TenantAppService
    {
        protected IOptions<IdentityOptions> IdentityOptions { get; }
        private IdentityUserManager _userManager;
    
        public MyTenantAppService(
            ITenantRepository tenantRepository,
            IEditionRepository editionRepository,
            ITenantManager tenantManager,
            IDataSeeder dataSeeder,
            IDistributedEventBus distributedEventBus,
            IOptions<AbpDbConnectionOptions> dbConnectionOptions,
            IConnectionStringChecker connectionStringChecker,
            IOptions<IdentityOptions> identityOptions, IdentityUserManager userManager) : base(tenantRepository, editionRepository, tenantManager, dataSeeder, distributedEventBus, dbConnectionOptions, connectionStringChecker)
        {
            IdentityOptions = identityOptions;
            _userManager = userManager;
        }
    
        public async override Task<SaasTenantDto> CreateAsync(SaasTenantCreateDto input)
        {
            if (!input.AdminPassword.IsNullOrWhiteSpace())
            {
                await ValidPasswordAsync(input.AdminPassword);
            }
    
            return await base.CreateAsync(input);
        }
    
        public async override Task SetPasswordAsync(Guid id, SaasTenantSetPasswordDto input)
        {
            await ValidPasswordAsync(input.Password);
            await base.SetPasswordAsync(id, input);
        }
    
        private async Task ValidPasswordAsync(string password)
        {
            var errors = new List<IdentityError>();
            var isValid = true;
            await IdentityOptions.SetAsync();
    
            foreach (var passwordValidator in _userManager.PasswordValidators)
            {
                var result = await passwordValidator.ValidateAsync(_userManager, null, password);
                if (!result.Succeeded)
                {
                    if (result.Errors.Any())
                    {
                        errors.AddRange(result.Errors);
                    }
    
                    isValid = false;
                }
            }
    
            if (!isValid)
            {
                IdentityResult.Failed(errors.ToArray()).CheckErrors();
            }
        }
    }
    

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38