mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2025-03-13 19:37:37 +01:00
Code Issues Projects Releases Packages Wiki Activity

Account: Sign in user after accepting invitation or resetting password

Browse source 
UX improvements, which we are porting from the app to unify the experience.
This commit is contained in:
Dennis Reimann 2024-11-26 11:42:13 +01:00
parent d3315c2fa6
commit fbf707cde2
No known key found for this signature in database
GPG key ID: 5009E1797F03F8D0
2 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
BTCPayServer.Tests/SeleniumTests.cs
View file

@ -385,10 +385,6 @@ namespace BTCPayServer.Tests
s.Driver.FindElement(By.Id("ConfirmPassword")).SendKeys("123456"); s.Driver.FindElement(By.Id("ConfirmPassword")).SendKeys("123456");
s.ClickPagePrimary(); s.ClickPagePrimary();
Assert.Contains("Account successfully created.", s.FindAlertMessage().Text); Assert.Contains("Account successfully created.", s.FindAlertMessage().Text);
s.Driver.FindElement(By.Id("Email")).SendKeys(usr);
s.Driver.FindElement(By.Id("Password")).SendKeys("123456");
s.Driver.FindElement(By.Id("LoginButton")).Click();
// We should be logged in now // We should be logged in now
s.GoToHome(); s.GoToHome();

21
BTCPayServer/Controllers/UIAccountController.cs
View file

@ -650,6 +650,7 @@ namespace BTCPayServer.Controllers
if (logon) if (logon)
{ {
await _signInManager.SignInAsync(user, isPersistent: false); await _signInManager.SignInAsync(user, isPersistent: false);
_logger.LogInformation("User {Email} logged in", user.Email);
return RedirectToLocal(returnUrl); return RedirectToLocal(returnUrl);
} }
} }
@ -793,7 +794,7 @@ namespace BTCPayServer.Controllers
[HttpPost("/login/set-password")] [HttpPost("/login/set-password")]
[AllowAnonymous] [AllowAnonymous]
[ValidateAntiForgeryToken] [ValidateAntiForgeryToken]
public async Task<IActionResult> SetPassword(SetPasswordViewModel model) public async Task<IActionResult> SetPassword(SetPasswordViewModel model, string returnUrl = null)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)
{ {
@ -802,9 +803,11 @@ namespace BTCPayServer.Controllers
var user = await _userManager.FindByEmailAsync(model.Email); var user = await _userManager.FindByEmailAsync(model.Email);
var hasPassword = user != null && await _userManager.HasPasswordAsync(user); var hasPassword = user != null && await _userManager.HasPasswordAsync(user);
if (!UserService.TryCanLogin(user, out _)) var needsInitialPassword = user != null && !await _userManager.HasPasswordAsync(user);
// Let unapproved users set a password. Otherwise, don't reveal that the user does not exist.
if (!UserService.TryCanLogin(user, out var message) && !needsInitialPassword || user == null)
{ {
// Don't reveal that the user does not exist _logger.LogWarning("User {Email} tried to reset password, but failed: {Message}", user?.Email ?? "(NO EMAIL)", message);
return RedirectToAction(nameof(Login)); return RedirectToAction(nameof(Login));
} }
@ -818,7 +821,19 @@ namespace BTCPayServer.Controllers
? StringLocalizer["Password successfully set."].Value ? StringLocalizer["Password successfully set."].Value
: StringLocalizer["Account successfully created."].Value : StringLocalizer["Account successfully created."].Value
}); });
if (!hasPassword) await FinalizeInvitationIfApplicable(user); if (!hasPassword) await FinalizeInvitationIfApplicable(user);
// see if we can sign in user after accepting an invitation and setting the password
if (needsInitialPassword && UserService.TryCanLogin(user, out _))
{
var signInResult = await _signInManager.PasswordSignInAsync(user.Email!, model.Password, true, true);
if (signInResult.Succeeded)
{
_logger.LogInformation("User {Email} logged in", user.Email);
return RedirectToLocal(returnUrl);
}
}
return RedirectToAction(nameof(Login)); return RedirectToAction(nameof(Login));
} }