yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #7627 from umbraco/v8/bugfix/AB4828-resetpassword-mail

Browse Source 
AB4828 - Reset Password Email

(cherry picked from commit f00680bfe6)
This commit is contained in:
Warren Buckley
2020-02-12 10:41:31 +00:00
parent d1503eba03
commit 1574263c69
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Umbraco.Core/Persistence/Repositories/Implement/UserRepository.cs
View File

@@ -557,6 +557,16 @@ ORDER BY colName";
}
}
// If userlogin or the email has changed then need to reset security stamp
if (changedCols.Contains("userLogin") || changedCols.Contains("userEmail"))
{
userDto.EmailConfirmedDate = null;
userDto.SecurityStampToken = entity.SecurityStamp = Guid.NewGuid().ToString();
changedCols.Add("emailConfirmedDate");
changedCols.Add("securityStampToken");
}
//only update the changed cols
if (changedCols.Count > 0)
{

29
src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs
View File

@@ -421,6 +421,35 @@ namespace Umbraco.Tests.Persistence.Repositories
}
}
[Test]
public void Can_Invalidate_SecurityStamp_On_Username_Change()
{
// Arrange
var provider = TestObjects.GetScopeProvider(Logger);
using (var scope = provider.CreateScope())
{
var repository = CreateRepository(provider);
var userGroupRepository = CreateUserGroupRepository(provider);
var user = CreateAndCommitUserWithGroup(repository, userGroupRepository);
var originalSecurityStamp = user.SecurityStamp;
// Ensure when user generated a security stamp is present
Assert.That(user.SecurityStamp, Is.Not.Null);
Assert.That(user.SecurityStamp, Is.Not.Empty);
// Update username
user.Username = user.Username + "UPDATED";
repository.Save(user);
// Get the user
var updatedUser = repository.Get(user.Id);
// Ensure the Security Stamp is invalidated & no longer the same
Assert.AreNotEqual(originalSecurityStamp, updatedUser.SecurityStamp);
}
}
private void AssertPropertyValues(IUser updatedItem, IUser originalUser)
{
Assert.That(updatedItem.Id, Is.EqualTo(originalUser.Id));