Revert "Verify & check SecurityStamp"

This reverts commit c5e0ef90c3.
2020-02-11 09:56:30 +00:00
parent c5e0ef90c3
commit 6ae88f6c76
2 changed files with 4 additions and 15 deletions
--- a/src/Umbraco.Web/Editors/AuthenticationController.cs
+++ b/src/Umbraco.Web/Editors/AuthenticationController.cs
@@ -301,7 +301,7 @@ namespace Umbraco.Web.Editors
                if (user != null)
                {
                    var code = await UserManager.GeneratePasswordResetTokenAsync(identityUser.Id);
-                    var callbackUrl = ConstructCallbackUrl(identityUser.Id, code, identityUser.SecurityStamp.GenerateHash());
+                    var callbackUrl = ConstructCallbackUrl(identityUser.Id, code);

                    var message = Services.TextService.Localize("resetPasswordEmailCopyFormat",
                        // Ensure the culture of the found user is used for the email!
@@ -506,7 +506,7 @@ namespace Umbraco.Web.Editors
            return response;
        }

-        private string ConstructCallbackUrl(int userId, string code, string userSecurityStamp)
+        private string ConstructCallbackUrl(int userId, string code)
        {
            // Get an mvc helper to get the url
            var http = EnsureHttpContext();
@@ -516,8 +516,7 @@ namespace Umbraco.Web.Editors
                {
                    area = GlobalSettings.GetUmbracoMvcArea(),
                    u = userId,
-                    r = code,
-                    s = userSecurityStamp
+                    r = code
                });

            // Construct full URL using configured application URL (which will fall back to request)
--- a/src/Umbraco.Web/Editors/BackOfficeController.cs
+++ b/src/Umbraco.Web/Editors/BackOfficeController.cs
@@ -296,21 +296,11 @@ namespace Umbraco.Web.Editors
        }

        [HttpGet]
-        public async Task<ActionResult> ValidatePasswordResetCode([Bind(Prefix = "u")]int userId, [Bind(Prefix = "r")]string resetCode, [Bind(Prefix = "s")]string stampHash)
+        public async Task<ActionResult> ValidatePasswordResetCode([Bind(Prefix = "u")]int userId, [Bind(Prefix = "r")]string resetCode)
        {
            var user = UserManager.FindById(userId);
            if (user != null)
            {
-                // Check security stamp that has been generated in forgotten password email link is the same we have stored for user
-                // ie the user has not been marked inactive or password changed by an admin etc
-                if(user.SecurityStamp.GenerateHash() != stampHash)
-                {
-                    // Password, email or something changed to the user since the password reset email requested
-                    // Add error and redirect for it to be displayed
-                    TempData[ViewDataExtensions.TokenPasswordResetCode] = new[] { Services.TextService.Localize("login/resetCodeExpired") };
-                    return RedirectToLocal(Url.Action("Default", "BackOffice"));
-                }
-
                var result = await UserManager.UserTokenProvider.ValidateAsync("ResetPassword", resetCode, UserManager, user);
                if (result)
                {