The sample app has a forgot password link in the Login page, but there is no ForgotPassword page

aws / aws-aspnet-cognito-identity-provider

ASP.NET Core Identity Provider for Amazon Cognito

https://aws.amazon.com/developer/language/net/

Apache License 2.0

215 stars 89 forks source link

The sample app has a forgot password link in the Login page, but there is no ForgotPassword page #171

Closed alexisatkinson closed 3 years ago

alexisatkinson commented 4 years ago

See the line of code at https://github.com/aws/aws-aspnet-cognito-identity-provider/blob/e54f03d7854e17b05434ed34a3c67fa992ffe45c/samples/Samples/Areas/Identity/Pages/Account/Login.cshtml#L39

There is no ForgotPassword page, so it just results in a page reload.

Is it possible to advice how to handle forgot passwords?

ashishdhingra commented 4 years ago

Hi @alexisatkinson,

Good afternoon.

Thanks for posting the guidance question. Please refer the following links to get some idea on how to implement Forgot Password functionality:

IAmazonCognitoIdentityProvider.ForgotPassword(ForgotPasswordRequest)
REST API Reference for ForgotPassword Operation
Stackoverflow post which can be used as a general reference (not permanent solution).

Please let me know if this helps and if we could close this issue.

Thanks, Ashish

alexisatkinson commented 4 years ago

Hi @ashishdhingra,

I guess the issue is that the current sample does not provide a way to reset passwords and the 'Forgotten Password' functionality in the sample is broken as it links to a page that does not exist.

I'm just getting my head around this, but it looks to me like the samples are missing a couple of key pieces:

1) A ForgotPassword.cshtml file (so the link the login actually goes somewhere) 2) The ForgotPassword.cshtml.cs file which checks if the email is a confirmed user (using the CognitoUserManager.IsEmailConfirmedAsync) and if so, calls CognitoUserManager.ResetPasswordAsync to trigger the password reset. The page should redirect to a ForgotPasswordConfirmationPage (regardless of whether the user's email existed). 3) A ForgotPasswordConfirmationPage.

I am happy to have a go at putting together a pull request tomorrow. I think closing the issue before addressing would leave the sample without some pretty much required functionality.

ashishdhingra commented 4 years ago

Hi @alexisatkinson,

Sure, feel free to submit a pull request with the tested code changes. I will change this issue back to bug so that development team can prioritize it.

Thanks, Ashish

ashishdhingra commented 3 years ago

Sample app https://github.com/aws/aws-aspnet-cognito-identity-provider/tree/master/samples has been updated with Forgot Password scenario as part of commit https://github.com/aws/aws-aspnet-cognito-identity-provider/commit/9d8aa1faa018707df06c79efd75947ea9938adba#diff-24baa7a731ce04b431af93d94cba8e0160a0e6a4607edc2d70c595dd098e56cf.

github-actions[bot] commented 3 years ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.