Skip to content

Commit

Permalink
Merge pull request #94 from damienbod/base64code
Browse files Browse the repository at this point in the history
Base64-code
  • Loading branch information
damienbod authored Aug 8, 2020
2 parents 3d80c7f + 99336c3 commit 6524c06
Show file tree
Hide file tree
Showing 7 changed files with 24 additions and 12 deletions.
5 changes: 5 additions & 0 deletions Changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@

[Readme](https://github.com/damienbod/IdentityServer4AspNetCoreIdentityTemplate/blob/master/README.md)

2020-08-08 5.0.2
- Encode PasswordResetToken and EmailConfirmationToken to base64URL enhancement
- updated nuget packages
- updated npm packages

2020-07-03 5.0.1
- Updated to IdentityServer4 V4, updated packages
- Updated FIDO2 packages and code
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ dotnet new -i IdentityServer4AspNetCoreIdentityTemplate
Locally built nupkg:

```
dotnet new -i IdentityServer4AspNetCoreIdentityTemplate.5.0.1.nupkg
dotnet new -i IdentityServer4AspNetCoreIdentityTemplate.5.0.2.nupkg
```

Local folder:
Expand Down
4 changes: 2 additions & 2 deletions content/IdentityServer4AspNetCoreIdentityTemplate.nuspec
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<package xmlns="http://schemas.microsoft.com/packaging/2012/06/nuspec.xsd">
<metadata>
<id>IdentityServer4AspNetCoreIdentityTemplate</id>
<version>5.0.1</version>
<version>5.0.2</version>
<title>IdentityServer4.Identity.Template</title>
<license type="file">LICENSE</license>
<description>
Expand All @@ -17,7 +17,7 @@
<requireLicenseAcceptance>false</requireLicenseAcceptance>
<copyright>2020 damienbod</copyright>
<summary>This template provides a simle getting started for IdentityServer4 with Identity. Identity is Localized and the UI uses Bootstrap 4, Remove AllowAnonymous from the logout</summary>
<releaseNotes>Updated to IdentityServer4 V4, updated packages</releaseNotes>
<releaseNotes>Encode PasswordResetToken and EmailConfirmationToken to base64URL enhancement, updated nuget packages, updated npm packages</releaseNotes>
<repository type="git" url="https://github.com/damienbod/IdentityServer4AspNetCoreIdentityTemplate" />
<packageTypes>
<packageType name="Template" />
Expand Down
14 changes: 11 additions & 3 deletions content/StsServerIdentity/Controllers/AccountController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@
using StsServerIdentity.Resources;
using System.Reflection;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.WebUtilities;
using System.Text;
using System.Text.Encodings.Web;

namespace StsServerIdentity.Controllers
{
Expand Down Expand Up @@ -266,9 +269,10 @@ public async Task<IActionResult> Register(RegisterViewModel model, string return
if (result.Succeeded)
{
//var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
// WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
//var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme);
//await _emailSender.SendEmailAsync(model.Email, "Confirm your account",
// $"Please confirm your account by clicking this link: <a href='{callbackUrl}'>link</a>");
// $"Please confirm your account by clicking this link: <a href='{HtmlEncoder.Default.Encode(callbackUrl)}'>link</a>");
//await _signInManager.SignInAsync(user, isPersistent: false);
//_logger.LogInformation(3, "User created a new account with password.");
return RedirectToLocal(returnUrl);
Expand Down Expand Up @@ -408,6 +412,7 @@ public async Task<IActionResult> ConfirmEmail(string userId, string code)
{
return View("Error");
}
code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(code));
var result = await _userManager.ConfirmEmailAsync(user, code);
return View(result.Succeeded ? "ConfirmEmail" : "Error");
}
Expand Down Expand Up @@ -442,11 +447,12 @@ public async Task<IActionResult> ForgotPassword(ForgotPasswordViewModel model)
// For more information on how to enable account confirmation and password reset please visit http://go.microsoft.com/fwlink/?LinkID=532713
// Send an email with this link
var code = await _userManager.GeneratePasswordResetTokenAsync(user);
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
var callbackUrl = Url.Action("ResetPassword", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme);
await _emailSender.SendEmail(
model.Email,
"Reset Password",
$"Please reset your password by clicking here: {callbackUrl}",
$"Please reset your password by clicking here: {HtmlEncoder.Default.Encode(callbackUrl)}",
"Hi Sir");

return View("ForgotPasswordConfirmation");
Expand Down Expand Up @@ -491,7 +497,8 @@ public async Task<IActionResult> ResetPassword(ResetPasswordViewModel model)
// Don't reveal that the user does not exist
return RedirectToAction(nameof(AccountController.ResetPasswordConfirmation), "Account");
}
var result = await _userManager.ResetPasswordAsync(user, model.Code, model.Password);
var code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(model.Code));
var result = await _userManager.ResetPasswordAsync(user, code, model.Password);
if (result.Succeeded)
{
return RedirectToAction(nameof(AccountController.ResetPasswordConfirmation), "Account");
Expand Down Expand Up @@ -550,6 +557,7 @@ public async Task<IActionResult> SendCode(SendCodeViewModel model)
// Email used
// Generate the token and send it
var code = await _userManager.GenerateTwoFactorTokenAsync(user, model.SelectedProvider);
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
if (string.IsNullOrWhiteSpace(code))
{
return View("Error");
Expand Down
4 changes: 3 additions & 1 deletion content/StsServerIdentity/Controllers/ManageController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
using System.Reflection;
using System.Collections.Generic;
using Newtonsoft.Json;
using Microsoft.AspNetCore.WebUtilities;

namespace StsServerIdentity.Controllers
{
Expand Down Expand Up @@ -135,12 +136,13 @@ public async Task<IActionResult> SendVerificationEmail(IndexViewModel model)
}

var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));

var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: HttpContext.Request.Scheme);
await _emailSender.SendEmail(
model.Email,
"StsServerIdentity Verification Email",
$"Please verify by clicking here: {callbackUrl}",
$"Please verify by clicking here: {HtmlEncoder.Default.Encode(callbackUrl)}",
"Hi Sir");

StatusMessage = _sharedLocalizer["STATUS_UPDATE_PROFILE_EMAIL_SEND"];
Expand Down
4 changes: 2 additions & 2 deletions content/StsServerIdentity/StsServerIdentity.csproj
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
<Version>5.0.1</Version>
<Version>5.0.2</Version>
<Description>IdentityServer4 template with ASP.NET Core 3.1 and ASP.NET Core Identity</Description>
<PackageProjectUrl>https://github.com/damienbod/IdentityServer4AspNetCoreIdentityTemplate</PackageProjectUrl>
<PackageIconUrl>http://www.gravatar.com/avatar/61d005637f57b5c3da8ba662cf04a9d6.png</PackageIconUrl>
<RepositoryUrl>https://github.com/damienbod/IdentityServer4AspNetCoreIdentityTemplate</RepositoryUrl>
<PackageLicenseFile>LICENSE</PackageLicenseFile>
<PackageTags>oidc identityserver4 identity aspnetcore</PackageTags>
<PackageReleaseNotes>Updated FIDO2, nuget packages, npm packages</PackageReleaseNotes>
<PackageReleaseNotes>Updated nuget packages, npm packages, Encode PasswordResetToken and EmailConfirmationToken to base64URL enhancement</PackageReleaseNotes>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="BuildBundlerMinifier" Version="3.2.449" />
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,3 @@
<p>
@SharedLocalizer.GetLocalizedHtmlString("RESET_PASSWORD_YOUR_PASSWORD_HAS_BEEN_RESET") <a asp-controller="Account" asp-action="Login">@SharedLocalizer.GetLocalizedHtmlString("RESET_PASSWORD_CLICK_HERE_TO_LOGIN")</a>.
</p>
<p>
@SharedLocalizer.GetLocalizedHtmlString("RESET_PASSWORD_CONFIRMATION_TEXT1")<a asp-controller="Account" asp-action="Login">@SharedLocalizer.GetLocalizedHtmlString("RESET_PASSWORD_CONFIRMATION_CLICK_HERE")</a>.
</p>

0 comments on commit 6524c06

Please sign in to comment.