Users can set the new tenant password to the existing one
Steps:
- Create a new tenant with the password Admin@123
- After the creation, click on the Actions button of the tenant
- Click on the Set Password option
- Enter the same password "Admin@123"
- Click on the Save button
Expected: Users should see the error - Entered an Existing password
cc: @<fd493ccd-86a6-6fea-b933-038d8ccbb6fc>
1 Answer(s)
-
0
To prevent users from setting the same password as the current one when using the "Set Password" feature for tenants, you need to implement a custom password validation in your application. By default, ABP does not check if the new password is the same as the existing password.
You can override the password setting logic in your custom TenantAppService. Here’s how you can do it:
- Override the SetPasswordAsync method in your custom TenantAppService.
- Before setting the new password, compare it with the current password using the UserManager's CheckPasswordAsync method.
- If the new password matches the current password, throw a validation error.
Example:
public async override Task SetPasswordAsync(Guid id, SaasTenantSetPasswordDto input) { var tenantAdminUser = // get the tenant admin user by tenant id var isSame = await _userManager.CheckPasswordAsync(tenantAdminUser, input.Password); if (isSame) { throw new UserFriendlyException("Entered an existing password"); } await base.SetPasswordAsync(id, input); }- Replace the comment with your logic to retrieve the tenant admin user.
This will ensure that users cannot set the password to the existing one and will receive an appropriate error message.
Sources:
- https://abp.io/support/questions/9002
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
