Diplomarbeit-Absolventenverein/oqtane.framework
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use EmailConfirmationToken (which is valid for 10 minutes)

Browse Source
This commit is contained in:
sbwalker
2025-12-15 10:43:11 -05:00
parent a48dff4a85
commit 87fd9dd000
2 changed files with 3 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Oqtane.Server/Managers/UserManager.cs
View File

@ -973,10 +973,6 @@ namespace Oqtane.Managers
var alias = _tenantManager.GetAlias();
var user = GetUser(identityuser.UserName, alias.SiteId);
user.TwoFactorCode = token;
user.TwoFactorExpiry = DateTime.UtcNow.AddMinutes(10);
_users.UpdateUser(user);
string url = alias.Protocol + alias.Name + "/pages/loginlink?name=" + user.Username + "&token=" + WebUtility.UrlEncode(token);
string siteName = _sites.GetSite(alias.SiteId).Name;
string subject = _localizer["LoginLinkEmailSubject"];

8
Oqtane.Server/Pages/LoginLink.cshtml.cs
View File

@ -18,14 +18,12 @@ namespace Oqtane.Pages
{
private readonly UserManager<IdentityUser> _identityUserManager;
private readonly SignInManager<IdentityUser> _identitySignInManager;
private readonly IUserManager _userManager;
private readonly ILogManager _logger;
public LoginLinkModel(UserManager<IdentityUser> identityUserManager, SignInManager<IdentityUser> identitySignInManager, IUserManager userManager, ILogManager logger)
public LoginLinkModel(UserManager<IdentityUser> identityUserManager, SignInManager<IdentityUser> identitySignInManager, ILogManager logger)
{
_identityUserManager = identityUserManager;
_identitySignInManager = identitySignInManager;
_userManager = userManager;
_logger = logger;
}
@ -41,8 +39,8 @@ namespace Oqtane.Pages
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(name);
if (identityuser != null)
{
var user = _userManager.GetUser(identityuser.UserName, HttpContext.GetAlias().SiteId);
if (user != null && user.TwoFactorCode == token && DateTime.UtcNow < user.TwoFactorExpiry)
var result = await _identityUserManager.ConfirmEmailAsync(identityuser, token);
if (result.Succeeded)
{
await _identitySignInManager.SignInAsync(identityuser, false);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Login Link Successful For User {Username}", name);