Open Closed

Resend forgot password email error #5043


User avatar
0
ed_developer3 created

Hi We are using Application template with Angular as frontend for our application.

in Case user forgets password and tries to reset by clicking on the email received. After user clicks the link is opened in new browser tab and then on other tab where forgotpassword page was opened he tries to resend email by clicking Resend button but its giving 400 error. Can you help us to gracefully show a message to the user like "Email already sent:".

Thanks


10 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    but its giving 400 error. Can you help us to gracefully show a message to the user like "Email already sent:".

    Please share the full logs of backend, Thanks

    liming.ma@volosoft.com

  • User Avatar
    0
    ed_developer3 created

    Here are the logs https://easyupload.io/eya839

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    HTTP 400

    This is an error coming from Antiforgery token validation, We can't show "Email already sent:". to user.

    Antiforgery token validation failed. The antiforgery cookie token and request token do not match.
    Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The antiforgery cookie token and request token do not match.
       at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateTokens(HttpContext httpContext, AntiforgeryTokenSet antiforgeryTokenSet)
       at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext)
       at Microsoft.AspNetCore.Mvc.ViewFeatures.Filters.ValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context)
    
  • User Avatar
    0
    ed_developer3 created

    Can you help us in resolving this error? Any solution for this?

  • User Avatar
    1
    maliming created
    Support Team Fullstack Developer

    hi

    You can override the Account/ForgotPassword and disable the csrf. But its not recommended,

    https://learn.microsoft.com/en-us/aspnet/core/security/anti-request-forgery?view=aspnetcore-7.0#override-global-or-controller-antiforgery-attributes

  • User Avatar
    0
    ed_developer3 created

    hi Maliming,

    let me try your solution.

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    🙂

  • User Avatar
    0
    ed_developer3 created

    how can we override antiforgery we don't have account/forgotpassword endpoint in api. Can you please share more details about it.

    Also is there a way to handle 500 error gracefully on fogotpassword login page so that we redirect user to login page instead of displaying error message.

  • User Avatar
    -1
    maliming created
    Support Team Fullstack Developer

    hi

    https://support.abp.io/QA/Questions/160/How-to-customize-an-ABP-project

  • User Avatar
    0
    ed_developer3 created

    It worked thank you

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19