PasswordChange: added userId

2019-09-26 12:15:01 +03:00 · 2019-09-26 12:15:01 +03:00 · 22e4d19458
commit 22e4d19458
parent 7d1b6eb79e
2 changed files with 6 additions and 3 deletions
--- a/common/ASC.Api.Core/Auth/ConfirmAuthHandler.cs
+++ b/common/ASC.Api.Core/Auth/ConfirmAuthHandler.cs
@ -38,6 +38,9 @@ namespace ASC.Api.Core.Auth
            _ = Request.TryGetValue("key", out var key);
            _ = Request.TryGetValue("emplType", out var emplType);
            _ = Request.TryGetValue("email", out var _email);
+            _ = Request.TryGetValue("uid", out var userIdKey);
+            _ = Guid.TryParse(userIdKey, out var userId);
+
            var validInterval = SetupInfo.ValidEmailKeyInterval;

            EmailValidationKeyProvider.ValidationResult checkKeyResult;
@ -59,10 +62,10 @@ namespace ASC.Api.Core.Auth
                    if (userHash)
                    {
                        var tenantId = CoreContext.TenantManager.GetCurrentTenant().TenantId;
-                        hash = CoreContext.Authentication.GetUserPasswordHash(tenantId, CoreContext.UserManager.GetUserByEmail(tenantId, _email).ID);
+                        hash = CoreContext.Authentication.GetUserPasswordHash(tenantId, userId);
                    }

-                    checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)), key, validInterval);
+                    checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)) + userId, key, validInterval);
                    break;
                default:
                    checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval);
--- a/web/ASC.Web.Core/Notify/StudioNotifyService.cs
+++ b/web/ASC.Web.Core/Notify/StudioNotifyService.cs
@ -124,7 +124,7 @@ namespace ASC.Web.Studio.Core.Notify
        public void UserPasswordChange(int tenantId, UserInfo userInfo)
        {
            var hash = Hasher.Base64Hash(CoreContext.Authentication.GetUserPasswordHash(tenantId, userInfo.ID));
-            var confirmationUrl = CommonLinkUtility.GetConfirmationUrl(tenantId, userInfo.Email, ConfirmType.PasswordChange, hash);
+            var confirmationUrl = CommonLinkUtility.GetConfirmationUrl(tenantId, userInfo.Email, ConfirmType.PasswordChange, hash + userInfo.ID, userInfo.ID);

            static string greenButtonText() => WebstudioNotifyPatternResource.ButtonChangePassword;