From 657c2c90abd9f7a769af589d723017e10edd0c2c Mon Sep 17 00:00:00 2001 From: Mitchel Sellers Date: Wed, 21 Sep 2022 00:30:32 -0500 Subject: [PATCH] Updates to Reset Password Updated logic after password reset to be consistent --- .../admin/Security/PasswordReset.ascx.cs | 66 +++++++------------ 1 file changed, 25 insertions(+), 41 deletions(-) diff --git a/DNN Platform/Website/admin/Security/PasswordReset.ascx.cs b/DNN Platform/Website/admin/Security/PasswordReset.ascx.cs index 62416edd334..0e0b6cb2f50 100644 --- a/DNN Platform/Website/admin/Security/PasswordReset.ascx.cs +++ b/DNN Platform/Website/admin/Security/PasswordReset.ascx.cs @@ -159,49 +159,35 @@ protected override void OnPreRender(EventArgs e) } } - protected void RedirectAfterLogin() + /// + /// After a successful password change will redirect the user to requested returnurl OR the login page. + /// + protected void RedirectAfterPasswordChange() { - var redirectURL = string.Empty; + var redirectUrl = string.Empty; - var setting = GetSetting(this.PortalId, "Redirect_AfterLogin"); - - if (Convert.ToInt32(setting) == Null.NullInteger) + if (this.Request.QueryString["returnurl"] != null) { - if (this.Request.QueryString["returnurl"] != null) - { - // return to the url passed to signin - redirectURL = HttpUtility.UrlDecode(this.Request.QueryString["returnurl"]); - - // clean the return url to avoid possible XSS attack. - redirectURL = UrlUtils.ValidReturnUrl(redirectURL); - } + // return to the url passed to signin + redirectUrl = HttpUtility.UrlDecode(this.Request.QueryString["returnurl"]); - if (this.Request.Cookies["returnurl"] != null) - { - // return to the url passed to signin - redirectURL = HttpUtility.UrlDecode(this.Request.Cookies["returnurl"].Value); + // clean the return url to avoid possible XSS attack. + redirectUrl = UrlUtils.ValidReturnUrl(redirectUrl); + } - // clean the return url to avoid possible XSS attack. - redirectURL = UrlUtils.ValidReturnUrl(redirectURL); - } + if (this.Request.Cookies["returnurl"] != null) + { + // return to the url passed to signin + redirectUrl = HttpUtility.UrlDecode(this.Request.Cookies["returnurl"].Value); - if (string.IsNullOrEmpty(redirectURL)) - { - if (this.PortalSettings.RegisterTabId != -1 && this.PortalSettings.HomeTabId != -1) - { - // redirect to portal home page specified - redirectURL = this._navigationManager.NavigateURL(this.PortalSettings.HomeTabId); - } - else - { - // redirect to current page - redirectURL = this._navigationManager.NavigateURL(); - } - } + // clean the return url to avoid possible XSS attack. + redirectUrl = UrlUtils.ValidReturnUrl(redirectUrl); } - else // redirect to after login page + + if (string.IsNullOrEmpty(redirectUrl)) { - redirectURL = this._navigationManager.NavigateURL(Convert.ToInt32(setting)); + // return to the login page by default to allow users to login + redirectUrl = this._navigationManager.NavigateURL(this.PortalSettings.ActiveTab.TabID, "Login"); } this.AddModuleMessage("ChangeSuccessful", ModuleMessage.ModuleMessageType.GreenSuccess, true); @@ -209,7 +195,7 @@ protected void RedirectAfterLogin() this.lblHelp.Text = this.lblInfo.Text = string.Empty; // redirect page after 5 seconds - var script = string.Format("setTimeout(function(){{location.href = '{0}';}}, {1});", redirectURL, RedirectTimeout); + var script = string.Format("setTimeout(function(){{location.href = '{0}';}}, {1});", redirectUrl, RedirectTimeout); if (ScriptManager.GetCurrent(this.Page) != null) { // respect MS AJAX @@ -243,7 +229,7 @@ private void LoadUserInfo() private void cmdChangePassword_Click(object sender, EventArgs e) { - string username = this.txtUsername.Text; + var username = this.txtUsername.Text; if (MembershipProviderConfig.RequiresQuestionAndAnswer && string.IsNullOrEmpty(this.txtAnswer.Text)) { @@ -296,7 +282,7 @@ private void cmdChangePassword_Click(object sender, EventArgs e) } string errorMessage; - string answer = string.Empty; + var answer = string.Empty; if (MembershipProviderConfig.RequiresQuestionAndAnswer) { answer = this.txtAnswer.Text; @@ -324,9 +310,7 @@ private void cmdChangePassword_Click(object sender, EventArgs e) { // Log user in to site this.LogSuccess(); - var loginStatus = UserLoginStatus.LOGIN_FAILURE; - UserController.UserLogin(this.PortalSettings.PortalId, username, this.txtPassword.Text, string.Empty, string.Empty, string.Empty, ref loginStatus, false); - this.RedirectAfterLogin(); + this.RedirectAfterPasswordChange(); } } }