Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-09-24 02:09:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix issue where password reset form sends password as a GET parameter.

Browse source
This commit is contained in:
Michael VanOverbeek 2021-12-03 21:54:30 -05:00
commit fbcf0eafa7
2 changed files with 41 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

14
ProjectLighthouse/Pages/PasswordResetPage.cshtml
View file

@ -20,7 +20,19 @@
} }
</script> </script>
<form onsubmit="return onSubmit(this)"> @if (!string.IsNullOrWhiteSpace(Model.Error))
{
<div class="ui negative message">
<div class="header">
Uh oh!
</div>
<p>@Model.Error</p>
</div>
}
<form onsubmit="return onSubmit(this)" method="post">
@Html.AntiForgeryToken()
<div class="ui left labeled input"> <div class="ui left labeled input">
<label for="password" class="ui blue label">Password: </label> <label for="password" class="ui blue label">Password: </label>
<input type="password" name="password" id="password"> <input type="password" name="password" id="password">

27
ProjectLighthouse/Pages/PasswordResetPage.cshtml.cs
View file

@ -1,5 +1,6 @@
#nullable enable #nullable enable
using System.Threading.Tasks; using System.Threading.Tasks;
using JetBrains.Annotations;
using LBPUnion.ProjectLighthouse.Helpers; using LBPUnion.ProjectLighthouse.Helpers;
using LBPUnion.ProjectLighthouse.Pages.Layouts; using LBPUnion.ProjectLighthouse.Pages.Layouts;
using LBPUnion.ProjectLighthouse.Types; using LBPUnion.ProjectLighthouse.Types;
@ -12,17 +13,26 @@ namespace LBPUnion.ProjectLighthouse.Pages
public PasswordResetPage(Database database) : base(database) public PasswordResetPage(Database database) : base(database)
{} {}
public bool WasResetRequest { get; private set; }
public async Task<IActionResult> OnGet([FromQuery] string password, [FromQuery] string confirmPassword) public string Error { get; private set; }
[UsedImplicitly]
public async Task<IActionResult> OnPost(string password, string confirmPassword)
{ {
User? user = this.Database.UserFromWebRequest(this.Request); User? user = this.Database.UserFromWebRequest(this.Request);
if (user == null) return this.Redirect("~/login"); if (user == null) return this.Redirect("~/login");
this.WasResetRequest = !string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(confirmPassword); if (string.IsNullOrWhiteSpace(password))
if (this.WasResetRequest)
{ {
if (password != confirmPassword) return this.BadRequest(); this.Error = "The password field is required.";
return this.Page();
}
if (password != confirmPassword)
{
this.Error = "Passwords do not match!";
return this.Page();
}
user.Password = HashHelper.BCryptHash(password); user.Password = HashHelper.BCryptHash(password);
user.PasswordResetRequired = false; user.PasswordResetRequired = false;
@ -32,6 +42,11 @@ namespace LBPUnion.ProjectLighthouse.Pages
return this.Redirect("~/"); return this.Redirect("~/");
} }
[UsedImplicitly]
public IActionResult OnGet()
{
User? user = this.Database.UserFromWebRequest(this.Request);
if (user == null) return this.Redirect("~/login");
return this.Page(); return this.Page();
} }
} }