Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix endpoint api/users/reset-password to set tenant ID. #742

Closed
wants to merge 5 commits into from
Closed

Fix endpoint api/users/reset-password to set tenant ID. #742

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
db2dc58
Fix endpoint api/users/reset-password to set tenant ID via param.
jay-cascade Jul 13, 2022
8c9e93c
Add allow anonymous attribute.
jay-cascade Jul 13, 2022
2d7d608
Remove tenant param from ResetPasswordAsync interface; Add TennantIdH…
jay-cascade Jul 14, 2022
c6464ce
The email message now contains the API endpoint for password reset;
jay-cascade Jul 14, 2022
d1d5fa8
merge main branch
jay-cascade Jul 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/Host/Controllers/Identity/UsersController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,8 @@ public Task<string> ForgotPasswordAsync(ForgotPasswordRequest request)
}

[HttpPost("reset-password")]
[AllowAnonymous]
[TenantIdHeader]
[OpenApiOperation("Reset a user's password.", "")]
[ApiConventionMethod(typeof(FSHApiConventions), nameof(FSHApiConventions.Register))]
public Task<string> ResetPasswordAsync(ResetPasswordRequest request)
Expand Down
4 changes: 3 additions & 1 deletion src/Infrastructure/Identity/UserService.Password.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ public async Task<string> ForgotPasswordAsync(ForgotPasswordRequest request, str
// For more information on how to enable account confirmation and password reset please
// visit https://go.microsoft.com/fwlink/?LinkID=532713
string code = await _userManager.GeneratePasswordResetTokenAsync(user);
const string route = "account/reset-password";
const string route = $"api/users/reset-password";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You still need to add the tenantid in the url... Btw, the url is prepended with "{origin}" in the line below this, which means the front-end ui... so it makes no sense to put "api" in there... better leave it as is for now... a corresponding page will need to exist in the front-end (I see even in the blazor front-end this hasn't been added yet though).

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, so maybe if I get some down time I can start looking at Blazor. It certainly looks interesting. in the meantime, I will keep this branch up to date with main. Thanks.

var endpointUri = new Uri(string.Concat($"{origin}/", route));
string passwordResetUrl = QueryHelpers.AddQueryString(endpointUri.ToString(), "Token", code);
var mailRequest = new MailRequest(
Expand All @@ -35,6 +35,8 @@ public async Task<string> ForgotPasswordAsync(ForgotPasswordRequest request, str

public async Task<string> ResetPasswordAsync(ResetPasswordRequest request)
{
EnsureValidTenant();

var user = await _userManager.FindByEmailAsync(request.Email?.Normalize());

// Don't reveal that the user does not exist
Expand Down