Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DataProtectorTokenProvider ValidateAsync always return false #10

Open
FolabiAhn opened this issue Jan 9, 2021 · 9 comments
Open

DataProtectorTokenProvider ValidateAsync always return false #10

FolabiAhn opened this issue Jan 9, 2021 · 9 comments

Comments

@FolabiAhn
Copy link

When trying to regenerate OTP code with PUT action, the code
await _dataProtectorTokenProvider.ValidateAsync("resend_token", resendToken, _userManager, user) always return false. So the token is Invalid.
Can you help on this ?
@jurabek
Copy link
Owner

jurabek commented Jan 12, 2021

@FolabiAhn did you try to check logs?

in appsettings.json

"LogLevel": {
      "Microsoft": "Trace"
    }

@FolabiAhn
Copy link
Author

Thanks @jurabek for your reply.
Yes i change the loglevel to Trace, but nothing useful in logs.

When I generate the code and validate within the same action(POST), it return true.

I debug ValidateAsync method and for somehow it returning false when it tries to compare the userId and actualUserdId(the ids are not the same ?)

var userId = reader.ReadString();
var actualUserId = await manager.GetUserIdAsync(user);
if (userId != actualUserId)
{
    Logger.UserIdsNotEquals();
    return false;
}

@FolabiAhn
Copy link
Author

It is like DataProtectorTokenProvider between each http request is not the same

@jurabek
Copy link
Owner

jurabek commented Jan 14, 2021

the problem might be DataProtectorTokenProvider perhaps await manager.GetUserIdAsync(user); returning null which is not equal to userId, manager somehow should keep data for the generated users.

@FolabiAhn
Copy link
Author

Hello,
Both (userId and actualUserdId) are set, but different guid values.

@jurabek
Copy link
Owner

jurabek commented Jan 14, 2021
edited

Here is a bug on GetUser() method, which now I realized
image

on the line 95 it is looking at users list which does not exist and every time when PUT request creates new User

@FolabiAhn
Copy link
Author

FolabiAhn commented Jan 14, 2021
edited

Yes you are right.
So we have to move the creation of the user in PhoneNumberTokenGrantValidator to the POST action. Is that correct ?

Maybe saving the user in POST action is bad, like we can have multiple users saved without verification.

@jurabek
Copy link
Owner

jurabek commented Jan 14, 2021
edited

Yes, this is one way when you POST verify we are gonna store the user into Database, in that case, we should remove the user if he cancels the process, the only way to do that running batch jobs periodically and check the user actually verified or not.

@FolabiAhn
Copy link
Author

Yes. I can complete the POST with a batch job.
Great. Thank you very much

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jurabek @FolabiAhn