Created
November 30, 2012 17:44
-
-
Save foofoodog/4177306 to your computer and use it in GitHub Desktop.
Patch for ASP.NET Web Site (Razor v2) Visual C# - Account\PasswordReset.cshtml - broken and erroneous validation.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- OLD_PasswordReset.cshtml | |
+++ NEW_PasswordReset.cshtml | |
@@ -14,13 +14,13 @@ | |
bool isSuccess = false; | |
// Setup validation | |
Validation.RequireField("newPassword", "The new password field is required."); | |
Validation.Add("confirmPassword", | |
Validator.EqualsTo("newPassword", "The new password and confirmation password do not match.")); | |
- Validation.RequireField("passwordResetToken", "The password reset token field is required."); | |
+ Validation.RequireField("resetToken", "The password reset token field is required."); | |
Validation.Add("newPassword", | |
Validator.StringLength( | |
maxLength: Int32.MaxValue, | |
minLength: 6, | |
errorMessage: "New password must be at least 6 characters")); | |
@@ -29,25 +29,25 @@ | |
var newPassword = Request["newPassword"]; | |
var confirmPassword = Request["confirmPassword"]; | |
if (WebSecurity.ResetPassword(passwordResetToken, newPassword)) { | |
isSuccess = true; | |
} else { | |
- ModelState.AddError("passwordResetToken", "The password reset token is invalid."); | |
+ ModelState.AddError("resetToken", "The password reset token is invalid."); | |
tokenExpired = true; | |
} | |
} | |
} | |
<hgroup class="title"> | |
<h1>@Page.Title.</h1> | |
<h2>Use the form below to reset your password.</h2> | |
</hgroup> | |
@if (!WebMail.SmtpServer.IsEmpty()) { | |
- if (!Validation.IsValid()) { | |
+ if (IsPost && !Validation.IsValid()) { | |
<p class="validation-summary-errors"> | |
@if (tokenExpired) { | |
<text>The password reset token is incorrect or may be expired. Visit the <a href="~/Account/ForgotPassword">forgot password page</a> | |
to generate a new one.</text> | |
} else { | |
<text>Could not reset password. Please correct the errors and try again.</text> | |
@@ -56,13 +56,12 @@ | |
} | |
if (isSuccess) { | |
<p class="message-success"> | |
Password changed! Click <a href="~/Account/Login" title="Log in">here</a> to log in. | |
</p> | |
- } | |
+ } else { | |
<form method="post"> | |
@AntiForgery.GetHtml() | |
<fieldset> | |
<legend>Password Change Form</legend> | |
<ol> | |
@@ -82,13 +81,14 @@ | |
@Html.ValidationMessage("resetToken") | |
</li> | |
</ol> | |
<input type="submit" value="Reset password" disabled="@isSuccess"/> | |
</fieldset> | |
</form> | |
+ } | |
} else { | |
<p class="message-info"> | |
Password recovery is disabled for this website because the SMTP server is | |
not configured correctly. Please contact the owner of this site to reset | |
your password. | |
</p> | |
} |
Also chose to hide form and only show continue link message after reset succeeds.
Thank you for your kindly sharing. The reset password problem solved.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Validation errors were being shown on initial page display when navigating to page from link in email.
Reset token form field validation was broken.