当用户请求重设密码时,重设URL将通过电子邮件发送:
此url由用户ID和Identity Core生成的令牌组成;
[HttpPost("forgot")]
[AllowAnonymous]
public async Task<IActionResult> ForgotPassword([FromBody]ForgotPasswordViewModel model)
{
if (ModelState.IsValid)
{
var user = await _userManager.FindByEmailAsync(model.Email);
if (user == null || !(await _userManager.IsEmailConfirmedAsync(user)))
{
// Don't reveal that the user does not exist or is not confirmed
return Ok();
}
var token = await _userManager.GeneratePasswordResetTokenAsync(user);
var queryParams = new Dictionary<string, string>()
{
{"id", user.Id },
{"token", token }
};
var callbackUrl = ResetPasswordCallbackLink(queryParams); // <--- Creates the url
await _emailSender.SendResetPasswordAsync(model.Email, callbackUrl);
_logger.LogInformation($"User: {model.Email} forgot password");
return Ok();
}
return Ok();
}
由于令牌%2B(+)和%2F(/)中的编码字符,此令牌使客户端(Angular 6+)崩溃。
没有这些编码字符,页面将完美呈现,并且可以读取参数;
this.id = this.route.snapshot.paramMap.get('id');
this.token = this.route.snapshot.paramMap.get('token');
更新
导航到/ login?id = 123%2B之类的随机存在的页面也会由RxJs生成“内部错误:过多的递归”。 http://prntscr.com/mrspvf那么这可能是架构问题吗?