Closed HaoK closed 6 years ago
Moved from: https://github.com/aspnet/Home/issues/1911#issuecomment-275184195
Today we are passing in the userId from ForgotPassword: https://github.com/aspnet/Templates/blob/dev/src/Rules/StarterWeb/IndividualAuth/Controllers/AccountController.cs#L282
But not using it when we reset: https://github.com/aspnet/Templates/blob/dev/src/Rules/StarterWeb/IndividualAuth/Controllers/AccountController.cs#L321
We should check that the User with userId matches the user that is retrieved via FindByEmail as well.
cc @blowdart
This issue was moved to aspnet/templating#96
Moved from: https://github.com/aspnet/Home/issues/1911#issuecomment-275184195
Today we are passing in the userId from ForgotPassword: https://github.com/aspnet/Templates/blob/dev/src/Rules/StarterWeb/IndividualAuth/Controllers/AccountController.cs#L282
But not using it when we reset: https://github.com/aspnet/Templates/blob/dev/src/Rules/StarterWeb/IndividualAuth/Controllers/AccountController.cs#L321
We should check that the User with userId matches the user that is retrieved via FindByEmail as well.
cc @blowdart