Fixed user reset password logging in and throwing off the form validation token.

2023-08-02 14:16:22 +02:00 · 2017-01-16 23:23:35 -08:00 · 2017-01-16 23:23:35 -08:00 · 4123fdb8e1
commit 4123fdb8e1
parent 3f10fc6616
1 changed files with 4 additions and 7 deletions
--- a/Teknik/Areas/User/Controllers/UserController.cs
+++ b/Teknik/Areas/User/Controllers/UserController.cs
@ -593,13 +593,9 @@ namespace Teknik.Areas.Users.Controllers

            if (verified)
            {
-                // The password reset code is valid, let's log them in
+                // The password reset code is valid, let's get their user account for this session
                User user = UserHelper.GetUser(db, username);
-                user.LastSeen = DateTime.Now;
-                db.Entry(user).State = EntityState.Modified;
-                db.SaveChanges();
-                HttpCookie authcookie = UserHelper.CreateAuthCookie(user.Username, false, Request.Url.Host.GetDomain(), Request.IsLocal);
-                Response.Cookies.Add(authcookie);
+                Session["AuthenticatedUser"] = user;
            }

            ResetPasswordVerificationViewModel model = new ResetPasswordVerificationViewModel();
@ -609,6 +605,7 @@ namespace Teknik.Areas.Users.Controllers
        }

        [HttpPost]
+        [AllowAnonymous]
        [ValidateAntiForgeryToken]
        public ActionResult SetUserPassword(string password, string confirmPassword)
        {
@ -616,7 +613,7 @@ namespace Teknik.Areas.Users.Controllers
            {
                try
                {
-                    User user = UserHelper.GetUser(db, User.Identity.Name);
+                    User user = (User)Session["AuthenticatedUser"];
                    if (user != null)
                    {
                        if (string.IsNullOrEmpty(password))