The part of LostPassword which checks nonce and input new password is not working


The nonce is not transmitted when the new password is posted so the user is sent to '~/'
Closed May 17 at 5:08 PM by sebastienros


CSADNT wrote Apr 15 at 8:26 PM

A possible solution is adding ViewData["nonce"] = nonce; in accountcontroller

public ActionResult LostPassword(string nonce) {
        if ( _userService.ValidateLostPassword(nonce) == null ) {
            return RedirectToAction("LogOn");

        ViewData["PasswordLength"] = MinPasswordLength;
        ViewData["nonce"] = nonce;

        return View();
in view an Hiidden with it
@using (Html.BeginFormAntiForgeryPost()) { 
     @Html.Hidden("nonce", ViewData["nonce"])  
        <legend>@T("Account Information")</legend>
            <label for="newPassword">@T("New password:")</label>
            <label for="confirmPassword">@T("Confirm new password:")</label>
            <button class="primaryAction" type="submit">@T("Change Password")</button>

sebastienros wrote May 2 at 6:10 PM

Can you provide some repro steps, I don't understand where the issue is.


CSADNT wrote May 2 at 7:35 PM

Ask for a new password, when the email is received, click on its link to acces orchard and enter a new password.
Until this point everything is Ok.
But the new value you entered is posted without the nonce value and the posted action in the controller fails.

sebastienros wrote May 16 at 8:05 PM

The nonce is in the querystring of the form action, and this worked for me. Can you try again? And provide some failing repro if it still doesn't work? I am using 1.8.x.
<form action="/OrchardLocal/Users/Account/LostPassword?nonce=HStrFidUb%2F9AKFHuMmkIq7wRxPgub1Rqi0qAt%2BKHk%2BddyjqcKBVEEJ86aRHBy0tj3cX2iBDcsXW65zwP6ooZyb6JllyR8rWia%2FcNeZ3Jvm4izpqyuYfylbKWNoCNptjH" method="post"> <fieldset> <legend>Account Information</legend> <div> <label for="newPassword">New password:</label> <input id="newPassword" name="newPassword" type="password"> </div> <div> <label for="confirmPassword">Confirm new password:</label> <input id="confirmPassword" name="confirmPassword" type="password"> </div> <div> <button class="primaryAction" type="submit">Change Password</button> </div> </fieldset> <input name="__RequestVerificationToken" type="hidden" value="29OY4gISiq-CmEHYM0WTschXQj3p2YLEl2_0Tl6Vy3EyWaaM36peBBpYx4LgGNiTIU3cn7bodVElS-AsEU-2Ga1dww2uOhMwb2FGc60Ocvg1"></form>

CSADNT wrote May 17 at 7:49 AM

I get the last 1.U.x to try and get this

Compiler Error Message: CS0103: The name 'ConfigurationManager' does not exist in the current context

Source Error:
Line 5: var smtpClient = new SmtpClient();
Line 6:
Line 7: dynamic section = ConfigurationManager.GetSection("system.net/mailSettings/smtp");
Line 8: }
Line 9:
Source File: e:\Datwendo\TestDLoc\orchard\src\Orchard.Web\Modules\Orchard.Email\Views\EditorTemplates\Parts\SmtpSettings.cshtml Line: 7

CSADNT wrote May 17 at 7:51 AM

1.8.x. It was when trying to setup stmp settings.

CSADNT wrote May 17 at 8:37 AM

But it is another problem so I tested on another orchard instance with 1.8 and it is working now.
You may close it, thanks.

I have now to understand the previous error, !!!!#@&&&~\ , why on same pc (w8.1) one Orchard works and the other doesn't ?
In which web.config file is this <smt> ? certainly some access pb ?

sebastienros wrote May 17 at 5:09 PM

Regarding the missing referemce, I did change something regarding that, if it broke something please report it in another issue.