Open Closed

Reset password - Invalid token #1326


User avatar
0
alexander.nikonov created
  • ABP Framework version: v4.3.0
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes

I have the following error in my solution running on ABP 4.3.0 after submitting a new password in the forgotten password box: "VerifyUserTokenAsync() failed with purpose: ResetPassword for user."

I test everything on localhost in VS debug mode using a non-default tenant. As far as I remember, it used to work in the ABP 3.x.x. Any ideas, suggestions?

On other hand, ResetPassword works OK in test generated 4.3.0 solution on default tenant. So I cannot figure out what could be wrong...

What I have noticed is that ResetToken is a bit shorter in Test app...

Just in case if it matters: I have custom ProfileAppService.

Please make a note I am trying this code now:

    public override async Task ResetPasswordAsync(ResetPasswordDto input)
    {
        await IdentityOptions.SetAsync();

        var user = await UserManager.GetByIdAsync(input.UserId);

        (await UserManager.ResetPasswordAsync(user, input.ResetToken, input.Password)).CheckErrors();

        await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
        {
            Identity = IdentitySecurityLogIdentityConsts.Identity,
            Action = IdentitySecurityLogActionConsts.ChangePassword
        });
    }

But since I need to change the password for ALL TENANTS having such loginname I will need to use a custom implementation of AccountAppService :

    public override async Task ResetPasswordAsync(ResetPasswordDto input)
    {
        await IdentityOptions.SetAsync();

        var currentUser = await UserManager.GetByIdAsync(input.UserId);

        var tenants = await _abxUserRepository.FindTenantsByLoginAsync(currentUser.UserName);

        foreach (var tenant in tenants)
        {
            using (CurrentTenant.Change(tenant.AbpId))
            {
                var tenantUser = await UserManager.GetByIdAsync(input.UserId);

                // Generate reset token for tenantUser!
                
                (await UserManager.ResetPasswordAsync(tenantUser, /*resetToken for tenantUser */, input.Password)).CheckErrors();

                await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
                {
                    Identity = IdentitySecurityLogIdentityConsts.Identity,
                    Action = IdentitySecurityLogActionConsts.ChangePassword
                });
            }
        }
    }

2 Answer(s)
  • User Avatar
    0
    alexander.nikonov created

    Seems like I have managed to write it properly. Could you please regain my commercial tickets count, since I've resolved this one myself??

        public override async Task ResetPasswordAsync(ResetPasswordDto input)
        {
            await IdentityOptions.SetAsync();
    
            var currentUser = await UserManager.GetByIdAsync(input.UserId);
    
            var tenants = await _abxUserRepository.FindTenantsByLoginAsync(currentUser.UserName);
    
            foreach (var tenant in tenants)
            {
                using (CurrentTenant.Change(tenant.AbpId))
                {
                    var abxUser = await _abxUserRepository.FindUserByLoginAsync(currentUser.UserName, tenant.Id);
    
                    var tenantUser = await UserManager.GetByIdAsync(abxUser.Id);
    
                    var tenantUserResetToken = await UserManager.GeneratePasswordResetTokenAsync(tenantUser);
    
                    (await UserManager.ResetPasswordAsync(tenantUser, tenantUserResetToken, input.Password)).CheckErrors();
    
                    await IdentitySecurityLogManager.SaveAsync(new IdentitySecurityLogContext
                    {
                        Identity = IdentitySecurityLogIdentityConsts.Identity,
                        Action = IdentitySecurityLogActionConsts.ChangePassword
                    });
                }
            }
        }
    
  • User Avatar
    0
    maliming created
    Support Team

    hi

    Refunded

Made with ❤️ on ABP v9.1.0-rc.1. Updated on January 17, 2025, 14:13