Updates to Reset Password

Updated logic after password reset to be consistent

DNN Platform/Website/admin/Security/PasswordReset.ascx.cs

@@ -159,57 +159,43 @@ protected override void OnPreRender(EventArgs e)
             }
         }
 
-        protected void RedirectAfterLogin()
+        /// <summary>
+        /// After a successful password change will redirect the user to requested returnurl OR the login page.
+        /// </summary>
+        protected void RedirectAfterPasswordChange()
         {
-            var redirectURL = string.Empty;
+            var redirectUrl = string.Empty;
 
-            var setting = GetSetting(this.PortalId, "Redirect_AfterLogin");
-
-            if (Convert.ToInt32(setting) == Null.NullInteger)
+            if (this.Request.QueryString["returnurl"] != null)
             {
-                if (this.Request.QueryString["returnurl"] != null)
-                {
-                    // return to the url passed to signin
-                    redirectURL = HttpUtility.UrlDecode(this.Request.QueryString["returnurl"]);
-
-                    // clean the return url to avoid possible XSS attack.
-                    redirectURL = UrlUtils.ValidReturnUrl(redirectURL);
-                }
+                // return to the url passed to signin
+                redirectUrl = HttpUtility.UrlDecode(this.Request.QueryString["returnurl"]);
 
-                if (this.Request.Cookies["returnurl"] != null)
-                {
-                    // return to the url passed to signin
-                    redirectURL = HttpUtility.UrlDecode(this.Request.Cookies["returnurl"].Value);
+                // clean the return url to avoid possible XSS attack.
+                redirectUrl = UrlUtils.ValidReturnUrl(redirectUrl);
+            }
 
-                    // clean the return url to avoid possible XSS attack.
-                    redirectURL = UrlUtils.ValidReturnUrl(redirectURL);
-                }
+            if (this.Request.Cookies["returnurl"] != null)
+            {
+                // return to the url passed to signin
+                redirectUrl = HttpUtility.UrlDecode(this.Request.Cookies["returnurl"].Value);
 
-                if (string.IsNullOrEmpty(redirectURL))
-                {
-                    if (this.PortalSettings.RegisterTabId != -1 && this.PortalSettings.HomeTabId != -1)
-                    {
-                        // redirect to portal home page specified
-                        redirectURL = this._navigationManager.NavigateURL(this.PortalSettings.HomeTabId);
-                    }
-                    else
-                    {
-                        // redirect to current page
-                        redirectURL = this._navigationManager.NavigateURL();
-                    }
-                }
+                // clean the return url to avoid possible XSS attack.
+                redirectUrl = UrlUtils.ValidReturnUrl(redirectUrl);
             }
-            else // redirect to after login page
+
+            if (string.IsNullOrEmpty(redirectUrl))
             {
-                redirectURL = this._navigationManager.NavigateURL(Convert.ToInt32(setting));
+                // return to the login page by default to allow users to login
+                redirectUrl = this._navigationManager.NavigateURL(this.PortalSettings.ActiveTab.TabID, "Login");
             }
 
             this.AddModuleMessage("ChangeSuccessful", ModuleMessage.ModuleMessageType.GreenSuccess, true);
             this.resetMessages.Visible = this.divPassword.Visible = false;
             this.lblHelp.Text = this.lblInfo.Text = string.Empty;
 
             // redirect page after 5 seconds
-            var script = string.Format("setTimeout(function(){{location.href = '{0}';}}, {1});", redirectURL, RedirectTimeout);
+            var script = string.Format("setTimeout(function(){{location.href = '{0}';}}, {1});", redirectUrl, RedirectTimeout);
             if (ScriptManager.GetCurrent(this.Page) != null)
             {
                 // respect MS AJAX
@@ -243,7 +229,7 @@ private void LoadUserInfo()
 
         private void cmdChangePassword_Click(object sender, EventArgs e)
         {
-            string username = this.txtUsername.Text;
+            var username = this.txtUsername.Text;
 
             if (MembershipProviderConfig.RequiresQuestionAndAnswer && string.IsNullOrEmpty(this.txtAnswer.Text))
             {
@@ -296,7 +282,7 @@ private void cmdChangePassword_Click(object sender, EventArgs e)
             }
 
             string errorMessage;
-            string answer = string.Empty;
+            var answer = string.Empty;
             if (MembershipProviderConfig.RequiresQuestionAndAnswer)
             {
                 answer = this.txtAnswer.Text;
@@ -324,9 +310,7 @@ private void cmdChangePassword_Click(object sender, EventArgs e)
                 {
                     // Log user in to site
                     this.LogSuccess();
-                    var loginStatus = UserLoginStatus.LOGIN_FAILURE;
-                    UserController.UserLogin(this.PortalSettings.PortalId, username, this.txtPassword.Text, string.Empty, string.Empty, string.Empty, ref loginStatus, false);
-                    this.RedirectAfterLogin();
+                    this.RedirectAfterPasswordChange();
                 }
             }
         }