Changes security stamp when password change via using ChangePasswordAsync function #4807
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
According to the source code of Identity Core, it will not update SecurityStamp in UserManager's UpdateAsync method. It will update SecurityStamp under certain methods, such as SetUserNameAsync, ChangeEmailAsync, UpdatePasswordHash. Perhaps its idea is that developers should not use the UpdateAsync method to update important information such as passwords or usernames. For example, developers should use the UpdatePasswordHash method to modify the user's password. Should we follow this line of thinking? |
|
@maliming yes, we can follow this approach as well 👍 @demirmusa could you make the necessary changes ? |
demirmusa
changed the title
maliming
approved these changes
Aug 28, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
User.SecurityStamp will be changed when:
(AbpUserManager).ChangePasswordAsynccalled(AbpUserManager).UpdateAsynccalled and if IsUserCredentialsSameWithStored returns false(It controls If UserName , Email and Password are changed)
resolves #4775