收到来自 Identity 的无效令牌错误,当运行 UserManager.ResetPasswordAsync() 时。

huangapple go评论69阅读模式
英文:

Getting invalid token error from Identity when running UserManager.ResetPasswordAsync()

问题

I have a .net 6 application with Identity for authentication handling. In a reset password endpoint, I'm struggling with a "Invalid token" error from Identity.

Token generation service:

public async Task AskPasswordReset(string email)
{
    var user = await _userManager.FindByEmailAsync(email);
    if (user != null)
    {
        var token = await _userManager.GeneratePasswordResetTokenAsync(user);
        var confirmationLink = _configuration["Base Url"] + "/ResetPassword?token=" + token + "&email=" + email;
        var emailAddress = email;
        var confimEmail = new EmailCommunicationDto
        {
            To = emailAddress,
            Body = "You have a requested to reset you password. Please click the link provided to reset your password. Please click " + confirmationLink + " to reset.",
            Subject = "Password Reset"
        };
        await _emailSender.SendVerificationEmail(confimEmail);

    }
}

Token reset service:

public async Task ResetPassword(ResetPasswordDto resetPasswordDto)
{
    var user = await _userManager.FindByEmailAsync(resetPasswordDto.email);
    if (user == null)
    {
        throw new NotFoundException();
    }
    var result = await _userManager.ResetPasswordAsync(user, resetPasswordDto.token, resetPasswordDto.newPassword);
    if (!result.Succeeded)
    {
        Console.WriteLine(result.ToString());
        throw new InvalidCredentialsException();
    }
}

Generated email:

You have a requested to reset you password. Please click the link
provided to reset your password. Please click
https://localhost:3000/ResetPassword?token=CfAA8KTxCSxQvlpEtzGh0VfCOQoKfuszpNPEK/yXBxCLkB2iC07vDNHecXedk6GFdl/ZlO8oqxxDNrVjj5ZdiPCXdpleOcfU2+utrCm7MLqlEWQYfx6RvAlmLRgKwcrIqVE1kXLqEGvdumAgDYYfCw0m5RosDgf0JlW3fthpbQWgIe5CoOl9UWJV20gdl2hVgh95wLhRV7WfWNTXSYv28K9ZQk31YzOhNaFjmgqXOSHAgTI2&email=eric@company.com
to reset.

Reset password DTO:

{
"newPassword": "joijoji9**Koji",
"token": "CfAA8KTxCSxQvlpEtzGh0VfCOQoKfuszpNPEK/yXBxCLkB2iC07vDNHecXedk6GFdl/ZlO8oqxxDNrVjj5ZdiPCXdpleOcfU2
utrCm7MLqlEWQYfx6RvAlmLRgKwcrIqVE1kXLqEGvdumAgDYYfCw0m5RosDgf0JlW3fthpbQWgIe5CoOl9UWJV20gdl2hVgh95wLhRV7WfWNTXSYv28K9ZQk31YzOhNaFjmgqXOSHAgTI2",
"email": "eric@company.com" }

1st guess: When the token is gotten from the URL (I'm using React), there is a decoding that alters it.
2nd guess: Identity only allows password reset after email verification.

英文:

I have a .net 6 application with Identity for authentication handling. In a reset password endpoint, I'm struggling with a "Invalid token" error from Identity.

Token generation service:

        public async Task AskPasswordReset(string email)
        {
            var user = await _userManager.FindByEmailAsync(email);
            if (user != null)
            {
                var token = await _userManager.GeneratePasswordResetTokenAsync(user);
                var confirmationLink = _configuration["Base Url"] + "/ResetPassword?token=" + token + "&email=" + email;
                var emailAddress = email;
                var confimEmail = new EmailCommunicationDto
                {
                    To = emailAddress,
                    Body = $"You have a requested to reset you password.  Please click the link provided to reset your password.  Please click " + confirmationLink + " to reset.",
                    Subject = "Password Reset"
                };
                await _emailSender.SendVerificationEmail(confimEmail);

            }
        }

Token reset service:

        public async Task ResetPassword(ResetPasswordDto resetPasswordDto)
        {
            var user = await _userManager.FindByEmailAsync(resetPasswordDto.email);
            if (user == null)
            {
                throw new NotFoundException();
            }
            var result = await _userManager.ResetPasswordAsync(user, resetPasswordDto.token, resetPasswordDto.newPassword);
            if (!result.Succeeded)
            {
                Console.WriteLine(result.ToString());
                throw new InvalidCredentialsException();
            }
        }

Generated email:

> You have a requested to reset you password. Please click the link
> provided to reset your password. Please click
> https://localhost:3000/ResetPassword?token=CfAA8KTxCSxQvlpEtzGh0VfCOQoKfuszpNPEK/yXBxCLkB2iC07vDNHecXedk6GFdl/ZlO8oqxxDNrVjj5ZdiPCXdpleOcfU2+utrCm7MLqlEWQYfx6RvAlmLRgKwcrIqVE1kXLqEGvdumAgDYYfCw0m5RosDgf0JlW3fthpbQWgIe5CoOl9UWJV20gdl2hVgh95wLhRV7WfWNTXSYv28K9ZQk31YzOhNaFjmgqXOSHAgTI2&email=eric@company.com
> to reset.

Reset password DTO:

> {
> "newPassword": "joijoji9**Koji",
> "token": "CfAA8KTxCSxQvlpEtzGh0VfCOQoKfuszpNPEK/yXBxCLkB2iC07vDNHecXedk6GFdl/ZlO8oqxxDNrVjj5ZdiPCXdpleOcfU2
> utrCm7MLqlEWQYfx6RvAlmLRgKwcrIqVE1kXLqEGvdumAgDYYfCw0m5RosDgf0JlW3fthpbQWgIe5CoOl9UWJV20gdl2hVgh95wLhRV7WfWNTXSYv28K9ZQk31YzOhNaFjmgqXOSHAgTI2",
> "email": "eric@company.com" }

1st guess: When the token is gotten from the url (I'm using React), there is a decoding that alters it.
2nd guess: Identity only allows password reset after email verification

答案1

得分: 0

你的第一个猜测对我来说看起来很有希望,因为你要附加到URL中的令牌包含特殊字符,如'/'。

尝试在附加之前对令牌进行编码,类似于:

token = Base64UrlEncoder.Encode(token);
var confirmationLink = _configuration["Base Url"] + "/ResetPassword?token=" + token + "&email=" + email;
英文:

Your first guess looks promising to me, since the token you're appending in your URL contains special characters like '/'.

Try encoding the token before appending it, with something like

token = Base64UrlEncoder.Encode(token);
var confirmationLink = _configuration["Base Url"] + "/ResetPassword?token=" + token + "&email=" + email;

huangapple
  • 本文由 发表于 2023年4月20日 02:01:36
  • 转载请务必保留本文链接:https://go.coder-hub.com/76057574.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定