Browse Source

Fixed user reset password logging in and throwing off the form validation token.

master
Teknikode 6 years ago
parent
commit
4123fdb8e1
  1. 11
      Teknik/Areas/User/Controllers/UserController.cs

11
Teknik/Areas/User/Controllers/UserController.cs

@ -593,13 +593,9 @@ namespace Teknik.Areas.Users.Controllers @@ -593,13 +593,9 @@ namespace Teknik.Areas.Users.Controllers
if (verified)
{
// The password reset code is valid, let's log them in
// The password reset code is valid, let's get their user account for this session
User user = UserHelper.GetUser(db, username);
user.LastSeen = DateTime.Now;
db.Entry(user).State = EntityState.Modified;
db.SaveChanges();
HttpCookie authcookie = UserHelper.CreateAuthCookie(user.Username, false, Request.Url.Host.GetDomain(), Request.IsLocal);
Response.Cookies.Add(authcookie);
Session["AuthenticatedUser"] = user;
}
ResetPasswordVerificationViewModel model = new ResetPasswordVerificationViewModel();
@ -609,6 +605,7 @@ namespace Teknik.Areas.Users.Controllers @@ -609,6 +605,7 @@ namespace Teknik.Areas.Users.Controllers
}
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public ActionResult SetUserPassword(string password, string confirmPassword)
{
@ -616,7 +613,7 @@ namespace Teknik.Areas.Users.Controllers @@ -616,7 +613,7 @@ namespace Teknik.Areas.Users.Controllers
{
try
{
User user = UserHelper.GetUser(db, User.Identity.Name);
User user = (User)Session["AuthenticatedUser"];
if (user != null)
{
if (string.IsNullOrEmpty(password))

Loading…
Cancel
Save