Skip to content

Identity scaffold template missing encoding when verifying via login page #14659

New issue
New issue
Closed
Closed
Identity scaffold template missing encoding when verifying via login page#14659
Assignees
HaoK
Labels
DoneThis issue has been fixedarea-identityIncludes: Identity and providers
Milestone
3.1.0-preview2
@StickMick

Description

@StickMick
StickMick
opened on Oct 2, 2019

Describe the bug

The Identity scaffold template has several ways to trigger the email verification, but one is missing encoding.
.../V3/Account/Login.cshtml.cs

OnPostSendVerificationEmailAsync()
...
var code = await _userManager.GenerateEmailConfirmationTokenAsync(user);
//Missing
code = WebEncoders.Base64UrlEncode(Encoding.UTF8.GetBytes(code));
//End Missing
var callbackUrl = Url.Page(

Verification process will always decode, so un-encoded links will fail.

To Reproduce

Steps to reproduce the behavior:

  1. Using this version of ASP.NET Core 3
  2. Create project with local account storage
  3. Scaffold Identity
  4. Implement IEmailSender
  5. Create Account
  6. Logout
  7. Use Resend Verification Email from login page
  8. Follow link in second email - it will fail.
  9. Follow link in first email - it will succeed.

Expected behavior

All email verification links to be encoded for email, then decoded on submit.

Metadata

Metadata

Assignees

Labels

DoneThis issue has been fixedarea-identityIncludes: Identity and providers

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions