Starts in:
2 DAYS
9 HRS
18 MIN
45 SEC
Starts in:
2 D
9 H
18 M
45 S
Open Closed

Authentication flow (redirects) not working as expected out of the box #711

User avatar
1
bbertechini created

Workflow for registering new user or resetting password is not redirecting to the angular UI. It is redirecting to IdentityServer (Web/MVC) instead.

  • ABP Framework version: v4.0.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Seperated (Angular): no
  • Exception message and stack trace: N/A

Nothing was changed on the project after creation. I would like to know if there is a workaround while this bug is fixed. Steps to reproduce below:

  • Steps to reproduce the issue:

I have a private repo to reproduce. https://github.com/brunobertechini/abp-support/tree/issue/711 I can add someone to this private repo if needed.

  1. Create new solution: abp new Acme.BookStore -t app-pro -u angular -m react-native
  2. Run the solution (backend / frontend)
  3. Click login on the angular frontend
  4. Click Register in the account/login
  5. Fill in username, email and password and click register (NullEmailSender will log the confirmation url)
  6. Example:https://localhost:44316/Account/EmailConfirmation?userId=e50e3300-0df7-988b-30a5-39f98f78126d&tenantId=&confirmationToken=CfDJ8N6x8kCJ6IRAsv0Kfd0y9EVmkiKyG%2BANZm1WhmydE33ABoFX7jRPhVjpVarDDGo%2FxbP8zZ9dtQfYVO3aj0jbHo2nYUWtyIsTZ6LlUPN6ZX%2BnfSc7vM2P0UflYNw15BBtfB3wEscBBJUCaYGB2MPFUFs1aT79S1NoBrnMkL1ciJFmjjw5enhVc5lC2%2Fcz4k%2Fw4xznpV5Pk%2BBWecYZGYVPvPiwiVO0v2AE6IsnxNKgAz9hrdT0BBmJ4L5P4qnc7oOnTQ%3D%3D&returnUrl=http://localhost:4200

Note that returnUrl is correctly set to angular url (http://localhost:4200) 11. Copy the url and paste it on the browser (email is then confirmed successfully and a button is displayed to redirect to application). Click the button. 13. Expectation is that the workflow would redirect to the returnUrl (http://localhost:4200), however, its redirected to the web/mc in identity server, showing swagger:

The same thing is happening on ResetPassword

  1. Click on Forgot my password
  2. Fill in email and click submit
  3. Message is correctly displayed that a link will be sent and clicking the button returns to login ( so far, so good)
  4. Copy the reset password link logged by NullEmailSender and paste on the browser: https://localhost:44316/Account/ResetPassword?userId=e50e3300-0df7-988b-30a5-39f98f78126d&tenantId=&resetToken=CfDJ8N6x8kCJ6IRAsv0Kfd0y9EWLnahZN2oK70gY%2BTufRXP4H%2B9awybUKksSA8Go3UMCPpKT%2BQVAyXiQpFXJiS95PBJd2Pf323zQ3Kzzlz3YjLxqX3LYqTM2q5J%2FrOHPIQlcpaCvbuTf9uhn%2BRBXGT8rNcd70hM2fXXKeMLgRXIPrpmI0zZFiWvdBiUvEIvF6QReKYvzZ%2FWdeTnqJfgOLyQ5BWJGp3feEN4PKC%2BLkOpYz2AP&returnUrl=http://localhost:4200

Note that returnUrl is correctly set to angular url (http://localhost:4200) 5. The password reset is displayed. Type the new password and click Submit 7. Password is changed, and a new view is displayed with a button to go to the application 8. Click "Go to Application" and the page is redirected to swagger instead of angular UI

Go to accepted answer
10 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I will check it out. thanks.

  • User Avatar
    1
    liangshiwei created
    Support Team Fullstack Developer

    See https://github.com/abpframework/abp/pull/6734

  • User Avatar
    0
    bbertechini created

    Thanks for the quick response @liangshiwei.

    I will give it a try.

    Since this is identified as a bug, may I ask you to update my number of questions available back to 15?

    Bruno

  • User Avatar
    1
    alper created
    Support Team Director

    @bbertechini your question credit has been refunded.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    For now, you can try:

    public static class MyStringExtensions
{
    public static string NormalizeReturnUrl(this string returnUrl, IUrlHelper url, string returnUrlHash)
    {
        returnUrl = NormalizeReturnUrl(returnUrl, url);

        if (!returnUrlHash.IsNullOrWhiteSpace())
        {
            returnUrl = returnUrl + returnUrlHash;
        }

        return returnUrl;
    }

    private static string NormalizeReturnUrl(string returnUrl, IUrlHelper url)
    {
        if (returnUrl.IsNullOrEmpty())
        {
            return "~/";
        }

        if (url.IsLocalUrl(returnUrl) || returnUrl.StartsWith("your application url (eg. http://localhost:4200)"))
        {
            return returnUrl;
        }

        return "~/";
    }
}

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(RegisterModel))]
public class MyRegisterModel : RegisterModel
{
    protected override string GetRedirectUrl(string returnUrl, string returnUrlHash = null)
    {
        return returnUrl.NormalizeReturnUrl(Url, returnUrlHash);
    }

}

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(ResetPasswordConfirmationModel))]
public class MyResetPasswordConfirmationModel : ResetPasswordConfirmationModel
{
    protected override string GetRedirectUrl(string returnUrl, string returnUrlHash = null)
    {
        return returnUrl.NormalizeReturnUrl(Url, returnUrlHash);
    }
}

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(ResetPasswordModel))]
public class MyResetPasswordModel : ResetPasswordModel
{
    public MyResetPasswordModel(ITenantResolveResultAccessor tenantResolveResultAccessor) : base(tenantResolveResultAccessor)
    {
    }

    protected override string GetRedirectUrl(string returnUrl, string returnUrlHash = null)
    {
        return returnUrl.NormalizeReturnUrl(Url, returnUrlHash);
    }

    public override async Task<IActionResult> OnPostAsync()
    {
        ValidateModel();

        try
        {
            await AccountAppService.ResetPasswordAsync(
                new ResetPasswordDto
                {
                    UserId = UserId,
                    ResetToken = ResetToken,
                    Password = Password
                }
            );
        }
        catch (AbpIdentityResultException e)
        {
            if (!string.IsNullOrWhiteSpace(e.Message))
            {
                Alerts.Warning(e.Message);
                return Page();
            }

            throw;
        }

        //TODO: Try to automatically login!
        return RedirectToPage("./ResetPasswordConfirmation", new
        {
            returnUrl = GetRedirectUrl(ReturnUrl, ReturnUrlHash)
        });
    }
}
  • User Avatar
    0
    bbertechini created

    The code

    protected override string GetRedirectUrl(string returnUrl, string returnUrlHash = null)
    {
        return returnUrl.NormalizeReturnUrl(Url, returnUrlHash);
    }

    on RegisterModel is never called. Since i am using a separated identity server project, I have added the class to the identityserver project.

  • User Avatar
    0
    bbertechini created

    For Register, the link sent via Email does have the returnUrl set to HTTP://localhost:4200 but the link at the  /Account/EmailConfirmation always points to the IdentityServer Project.*

  • User Avatar
    0
    bbertechini created

    If you share the cshtml code for EmailConfirmation and ResetPassword I can fix it myself until you guys release it as a bugfix.

    Bruno

  • User Avatar
    0
    bbertechini created

    For Register I manage to make it work just changing the button link to the angular app. I am trying to apply the same for reset password. But the URL after I change the password is set to

    https://localhost:44384/Account/ResetPasswordConfirmation?returnUrl=Microsoft.AspNetCore.Mvc.RedirectResult

    The ReturnURL is not set correctly after redirecting to ResetPasswordConfirmation.

    returnUrl=Microsoft.AspNetCore.Mvc.RedirectResult

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Have you tried my suggestion?

Assignee
No one
Labels
None yet
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06