From 8f4214c8c0ae4c87bd315f306a6c43a7909b9cdd Mon Sep 17 00:00:00 2001 From: Hao Kung Date: Mon, 15 Jul 2019 11:17:52 -0700 Subject: [PATCH] UrlEncode/Decode email/password codes by default (#12109) --- .../Areas/Identity/Pages/V3/Account/ConfirmEmail.cshtml.cs | 3 +++ .../Identity/Pages/V3/Account/ConfirmEmailChange.cshtml.cs | 3 +++ .../Areas/Identity/Pages/V3/Account/ExternalLogin.cshtml.cs | 3 +++ .../Areas/Identity/Pages/V3/Account/ForgotPassword.cshtml.cs | 3 +++ .../Areas/Identity/Pages/V3/Account/Manage/Email.cshtml.cs | 4 ++++ .../src/Areas/Identity/Pages/V3/Account/Register.cshtml.cs | 3 +++ .../Identity/Pages/V3/Account/RegisterConfirmation.cshtml.cs | 3 +++ .../Areas/Identity/Pages/V3/Account/ResetPassword.cshtml.cs | 5 +++-- .../Areas/Identity/Pages/V4/Account/ConfirmEmail.cshtml.cs | 3 +++ .../Identity/Pages/V4/Account/ConfirmEmailChange.cshtml.cs | 3 +++ .../Areas/Identity/Pages/V4/Account/ExternalLogin.cshtml.cs | 3 +++ .../Areas/Identity/Pages/V4/Account/ForgotPassword.cshtml.cs | 3 +++ .../Areas/Identity/Pages/V4/Account/Manage/Email.cshtml.cs | 3 +++ .../src/Areas/Identity/Pages/V4/Account/Register.cshtml.cs | 3 +++ .../Identity/Pages/V4/Account/RegisterConfirmation.cshtml.cs | 3 +++ .../Areas/Identity/Pages/V4/Account/ResetPassword.cshtml.cs | 4 +++- 16 files changed, 49 insertions(+), 3 deletions(-) diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ConfirmEmail.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ConfirmEmail.cshtml.cs index 4477c39fa4..b5e4541257 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ConfirmEmail.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ConfirmEmail.cshtml.cs @@ -2,10 +2,12 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal { @@ -53,6 +55,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal return NotFound($"Unable to load user with ID '{userId}'."); } + code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(code)); var result = await _userManager.ConfirmEmailAsync(user, code); StatusMessage = result.Succeeded ? "Thank you for confirming your email." : "Error confirming your email."; return Page(); diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ConfirmEmailChange.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ConfirmEmailChange.cshtml.cs index ee24b30fd1..2548788be3 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ConfirmEmailChange.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ConfirmEmailChange.cshtml.cs @@ -2,10 +2,12 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal @@ -56,6 +58,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal return NotFound($"Unable to load user with ID '{userId}'."); } + code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(code)); var result = await _userManager.ChangeEmailAsync(user, email, code); if (!result.Succeeded) { diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ExternalLogin.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ExternalLogin.cshtml.cs index aee48019f4..84f0a17611 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ExternalLogin.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ExternalLogin.cshtml.cs @@ -4,6 +4,7 @@ using System; using System.ComponentModel.DataAnnotations; using System.Security.Claims; +using System.Text; using System.Text.Encodings.Web; using System.Threading; using System.Threading.Tasks; @@ -11,6 +12,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity.UI.Services; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; using Microsoft.Extensions.Logging; namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal @@ -204,6 +206,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal await _signInManager.SignInAsync(user, isPersistent: false); var userId = await _userManager.GetUserIdAsync(user); var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); + code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var callbackUrl = Url.Page( "/Account/ConfirmEmail", pageHandler: null, diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ForgotPassword.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ForgotPassword.cshtml.cs index 3ed080fa9f..f7aebe850b 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ForgotPassword.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ForgotPassword.cshtml.cs @@ -3,12 +3,14 @@ using System; using System.ComponentModel.DataAnnotations; +using System.Text; using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity.UI.Services; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal @@ -75,6 +77,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal // For more information on how to enable account confirmation and password reset please // visit https://go.microsoft.com/fwlink/?LinkID=532713 var code = await _userManager.GeneratePasswordResetTokenAsync(user); + code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var callbackUrl = Url.Page( "/Account/ResetPassword", pageHandler: null, diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/Manage/Email.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/Manage/Email.cshtml.cs index 0ff0ca11bf..009c22e9d0 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/Manage/Email.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/Manage/Email.cshtml.cs @@ -2,12 +2,15 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Collections.Generic; using System.ComponentModel.DataAnnotations; +using System.Text; using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Identity.UI.Services; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Manage.Internal { @@ -134,6 +137,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Manage.Internal { var userId = await _userManager.GetUserIdAsync(user); var code = await _userManager.GenerateChangeEmailTokenAsync(user, Input.NewEmail); + code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var callbackUrl = Url.Page( "/Account/ConfirmEmailChange", pageHandler: null, diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/Register.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/Register.cshtml.cs index 68407af5a1..83f63c15e5 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/Register.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/Register.cshtml.cs @@ -5,6 +5,7 @@ using System; using System.Collections.Generic; using System.ComponentModel.DataAnnotations; using System.Linq; +using System.Text; using System.Text.Encodings.Web; using System.Threading; using System.Threading.Tasks; @@ -13,6 +14,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity.UI.Services; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; using Microsoft.Extensions.Logging; namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal @@ -141,6 +143,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal var userId = await _userManager.GetUserIdAsync(user); var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); + code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var callbackUrl = Url.Page( "/Account/ConfirmEmail", pageHandler: null, diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/RegisterConfirmation.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/RegisterConfirmation.cshtml.cs index c361bf7a26..55dea06371 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/RegisterConfirmation.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/RegisterConfirmation.cshtml.cs @@ -2,11 +2,13 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity.UI.Services; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal @@ -75,6 +77,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal { var userId = await _userManager.GetUserIdAsync(user); var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); + code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); EmailConfirmationUrl = Url.Page( "/Account/ConfirmEmail", pageHandler: null, diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ResetPassword.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ResetPassword.cshtml.cs index 848a401609..4fbba0c919 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ResetPassword.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V3/Account/ResetPassword.cshtml.cs @@ -3,10 +3,12 @@ using System; using System.ComponentModel.DataAnnotations; +using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal { @@ -63,7 +65,6 @@ namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal /// [Required] public string Code { get; set; } - } /// @@ -98,7 +99,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V3.Pages.Account.Internal { Input = new InputModel { - Code = code + Code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(code)) }; return Page(); } diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ConfirmEmail.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ConfirmEmail.cshtml.cs index ff143f81d2..0468f52dbf 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ConfirmEmail.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ConfirmEmail.cshtml.cs @@ -2,10 +2,12 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal { @@ -53,6 +55,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal return NotFound($"Unable to load user with ID '{userId}'."); } + code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(code)); var result = await _userManager.ConfirmEmailAsync(user, code); StatusMessage = result.Succeeded ? "Thank you for confirming your email." : "Error confirming your email."; return Page(); diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ConfirmEmailChange.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ConfirmEmailChange.cshtml.cs index ea28d658da..e0c2bc4cb3 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ConfirmEmailChange.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ConfirmEmailChange.cshtml.cs @@ -2,10 +2,12 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal { @@ -55,6 +57,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal return NotFound($"Unable to load user with ID '{userId}'."); } + code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(code)); var result = await _userManager.ChangeEmailAsync(user, email, code); if (!result.Succeeded) { diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ExternalLogin.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ExternalLogin.cshtml.cs index 42c2d2ba53..f075e5fe9c 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ExternalLogin.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ExternalLogin.cshtml.cs @@ -4,6 +4,7 @@ using System; using System.ComponentModel.DataAnnotations; using System.Security.Claims; +using System.Text; using System.Text.Encodings.Web; using System.Threading; using System.Threading.Tasks; @@ -11,6 +12,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity.UI.Services; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; @@ -204,6 +206,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal await _signInManager.SignInAsync(user, isPersistent: false); var userId = await _userManager.GetUserIdAsync(user); var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); + code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var callbackUrl = Url.Page( "/Account/ConfirmEmail", pageHandler: null, diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ForgotPassword.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ForgotPassword.cshtml.cs index 30e329bd39..b2b67e24c9 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ForgotPassword.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ForgotPassword.cshtml.cs @@ -3,12 +3,14 @@ using System; using System.ComponentModel.DataAnnotations; +using System.Text; using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity.UI.Services; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal { @@ -74,6 +76,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal // For more information on how to enable account confirmation and password reset please // visit https://go.microsoft.com/fwlink/?LinkID=532713 var code = await _userManager.GeneratePasswordResetTokenAsync(user); + code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var callbackUrl = Url.Page( "/Account/ResetPassword", pageHandler: null, diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/Manage/Email.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/Manage/Email.cshtml.cs index 533e2a1e6e..8ac54389c1 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/Manage/Email.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/Manage/Email.cshtml.cs @@ -3,11 +3,13 @@ using System; using System.ComponentModel.DataAnnotations; +using System.Text; using System.Text.Encodings.Web; using System.Threading.Tasks; using Microsoft.AspNetCore.Identity.UI.Services; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Manage.Internal { @@ -134,6 +136,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Manage.Internal { var userId = await _userManager.GetUserIdAsync(user); var code = await _userManager.GenerateChangeEmailTokenAsync(user, Input.NewEmail); + code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var callbackUrl = Url.Page( "/Account/ConfirmEmailChange", pageHandler: null, diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/Register.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/Register.cshtml.cs index 165bcc0256..f1eeb92f8e 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/Register.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/Register.cshtml.cs @@ -5,6 +5,7 @@ using System; using System.Collections.Generic; using System.ComponentModel.DataAnnotations; using System.Linq; +using System.Text; using System.Text.Encodings.Web; using System.Threading; using System.Threading.Tasks; @@ -13,6 +14,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity.UI.Services; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; using Microsoft.Extensions.Logging; namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal @@ -140,6 +142,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal var userId = await _userManager.GetUserIdAsync(user); var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); + code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); var callbackUrl = Url.Page( "/Account/ConfirmEmail", pageHandler: null, diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/RegisterConfirmation.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/RegisterConfirmation.cshtml.cs index ab07bb4574..639ccd6726 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/RegisterConfirmation.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/RegisterConfirmation.cshtml.cs @@ -2,11 +2,13 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; +using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity.UI.Services; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal @@ -75,6 +77,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal { var userId = await _userManager.GetUserIdAsync(user); var code = await _userManager.GenerateEmailConfirmationTokenAsync(user); + code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code)); EmailConfirmationUrl = Url.Page( "/Account/ConfirmEmail", pageHandler: null, diff --git a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ResetPassword.cshtml.cs b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ResetPassword.cshtml.cs index bbc5c7cba3..b9d42559c5 100644 --- a/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ResetPassword.cshtml.cs +++ b/src/Identity/UI/src/Areas/Identity/Pages/V4/Account/ResetPassword.cshtml.cs @@ -3,10 +3,12 @@ using System; using System.ComponentModel.DataAnnotations; +using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; +using Microsoft.AspNetCore.WebUtilities; namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal { @@ -98,7 +100,7 @@ namespace Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal { Input = new InputModel { - Code = code + Code = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(code)) }; return Page(); }