Email Activation Error #7346

firnas created 4 years ago

When i click on the email confirmation link send when registering a user, sometimes it thorws a error and sometimes it passes. Can i please know why this is hapenning? The error occures when user clicks the activation link from mobile. After retrying sometimes then it passes.

Please see the audit logs,

If i click the link from the computer web application it pasees.

below is the error received,

Can anyone help on understanding why this issue happens?

27 Answer(s)

0

maliming created 4 years ago
Support Team

Can you modify your code to write the detailed reason in the log? Such as: user == null, or user.EmailConfirmationCode.IsNullOrEmpty()

You can also write the UserId and ConfirmationCode to the log at the same time to help you find the cause of the problem.

https://github.com/aspnetzero/aspnet-zero-core/blob/f4ac9540a18a5446f6843277e0bd0b046daa51ff/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Application/Authorization/Accounts/AccountAppService.cs#L161
0

firnas created 4 years ago

sure i will try that out and update my findings.

firnas created 4 years ago

Hi,

public async Task ActivateEmail(ActivateEmailInput input)
        {
            var user = await UserManager.GetUserByIdAsync(input.UserId);
            Logger.InfoFormat("user is null: {0}", user == null);
            if (user != null)
            {
                Logger.InfoFormat("user confirmaion code: {0}", user.EmailConfirmationCode);
                Logger.InfoFormat("input confirmaion code: {0}", input.ConfirmationCode);
                Logger.InfoFormat("confirmaion code match: {0}", user.EmailConfirmationCode == input.ConfirmationCode);
            }
            if (user == null || user.EmailConfirmationCode.IsNullOrEmpty() || user.EmailConfirmationCode != input.ConfirmationCode)
            {
                throw new UserFriendlyException(L("InvalidEmailConfirmationCode"), L("InvalidEmailConfirmationCode_Detail"));
            }

            user.IsEmailConfirmed = true;
            user.EmailConfirmationCode = null;

            await UserManager.UpdateAsync(user);
        }

I added logging. The issue occures only sometimes. The issue comes frequently on chrome incognito mode.

INFO  2019-07-22 08:46:45,059 [28   ] Authorization.Accounts.AccountAppService - user is null: False
INFO  2019-07-22 08:46:45,059 [28   ] Authorization.Accounts.AccountAppService - user confirmaion code: 
INFO  2019-07-22 08:46:45,059 [28   ] Authorization.Accounts.AccountAppService - input confirmaion code: 9d347ae77dfb4cddb9dc0d5f1219280f
INFO  2019-07-22 08:46:45,059 [28   ] Authorization.Accounts.AccountAppService - confirmaion code match: False

Any idea why this happens?

0

maliming created 4 years ago
Support Team

It is possible that the ActivateEmail method was called multiple times (the link was clicked multiple times or requested multiple times). Can you look at the audit log?
0

firnas created 4 years ago

I could not find any duplicate records for ActivateEmail method in audit logs. i have created a mobile application and when the user is created the email is send to their email address. When they click on the link from the mobile borwser sometime this issue happens.
0

maliming created 4 years ago
Support Team

When they click on the link from the mobile borwser sometime this issue happens.

I guess even if this problem occurs, the user will actually be activated, right?
0

firnas created 4 years ago

yes. Did you figure out what is causing the issue?
0

maliming created 4 years ago
Support Team

I still think that the ActivateEmail method has been called multiple times. There is no other reason other than this.

You can also get a link and then open it multiple times, and the same error should occur.
0

firnas created 4 years ago

ok i will investigate further and let you know the results
0

firnas created 4 years ago

I am using has based routing in the angular application.

[RouterModule.forRoot(routes,{useHash:true})]

so the email confirmation url contains a #. Is this causing the issue of multiple times the method to be called?
0

maliming created 4 years ago
Support Team

I am not quite sure, no one mentioned this in google search. Have you tried using the history api?

firnas created 4 years ago

what is the history API? I think this is due to the # in the url. I had to change the confirmation code generating code becuse it was not generating the correct encryption.

 private string EncryptQueryParameters(string link, string encrptedParameterName = "c")
        {
            if (!link.Contains("?"))
            {
                return link;
            }

            var basePath = link.Substring(0, link.IndexOf('?'));
            if (link.Contains("#/"))
            {
                link = link.Replace("#/", string.Empty);
            }

            var uri = new Uri(link);
            var query = uri.Query.TrimStart('?');

            return basePath + "?" + encrptedParameterName + "=" + HttpUtility.UrlEncode(SimpleStringCipher.Instance.Encrypt(query));
        }

0

maliming created 4 years ago
Support Team

what is the history API?

I mean using PathLocationStrategy to see if the above problem still occurs.

I think this is due to the # in the url. I had to change the confirmation code generating code becuse it was not generating the correct encryption.

Does this solve your problem?
0

firnas created 4 years ago

i am clicking on the confirmation email url which has a # in it. That is where the problem happens. i will check PathLocationStrategy and see.
0

maliming created 4 years ago
Support Team

hi firnas I will modify the EncryptQueryParameters method. It currently does not consider the case where there is a # in the url. . I believe this should be the cause of the problem.

https://github.com/aspnetzero/aspnet-zero-core/issues/2523
0

firnas created 4 years ago

Above link is not working
0

maliming created 4 years ago
Support Team

If link is 404, please see:

https://aspnetzero.com/LicenseManagement

You can invite anyone to become a member of the ASP.NET Zero organization using their GitHub username. And they can access the ASP.NET Zero private GitHub repositories. Your license plan allows you to add up to 20 users. Right after you add a GitHub user, the user will receive an invitation email. If there is problem receiving the invitation email, alternatively user can visit github.com/orgs/aspnetzero page and accept the invitation.
0

firnas created 4 years ago

Ok. so when you click on a email confirmation link with a # it throws the error. Can you please check that as well.
0

maliming created 4 years ago
Support Team

I will fix it today and close the issue of github. Please follow the issue of github.
0

firnas created 4 years ago

When i navigate to https://aspnetzero.com/LicenseManagement i get the below error.
0

alper created 4 years ago
Support Team

hi @firnas, contact to [email protected] for your license issue.

maliming created 4 years ago

Support Team

hi firnas.

Try replace the EncryptQueryParameters method with the following code.

private string EncryptQueryParameters(string link, string encrptedParameterName = "c")
{
	if (!link.Contains("?"))
	{
		return link;
	}

	var basePath = link.Substring(0, link.IndexOf('?'));
	var query = link.Substring(link.IndexOf('?')).TrimStart('?');

	return basePath + "?" + encrptedParameterName + "=" + HttpUtility.UrlEncode(SimpleStringCipher.Instance.Encrypt(query));
}

0

firnas created 4 years ago

Hi maliming,

I replace the code and now it generates the correct email confirmation link even when the # is in the link. I will check if i still get the error when clicking on the link and update here.
0

firnas created 4 years ago

The error when clicking on the email activation link is still coming. When clicked on the link the routing happens twice it seems. Is there a way how to stop this?

maliming created 4 years ago

Support Team

I guess this may be related to your browser.

If you can't solve the problem that the link is accessed multiple times, you can modify the ActivateEmail method.

Skip detection logic if the user's mail has been activated.

public async Task ActivateEmail(ActivateEmailInput input)
{
	var user = await UserManager.GetUserByIdAsync(input.UserId);
	if(user != null && user.IsEmailConfirmed)
	{
		return;
	}
	
	if (user == null || user.EmailConfirmationCode.IsNullOrEmpty() || user.EmailConfirmationCode != input.ConfirmationCode)
	{
		throw new UserFriendlyException(L("InvalidEmailConfirmationCode"), L("InvalidEmailConfirmationCode_Detail"));
	}

	user.IsEmailConfirmed = true;
	user.EmailConfirmationCode = null;

	await UserManager.UpdateAsync(user);
}

0

firnas created 4 years ago

Ok i will try this out. the application is hosted in azure. does that have any effect on this issue?
0

maliming created 4 years ago
Support Team

Should not affect.

Have an answer to this question? Log in and write your answer.