0

I've inherited a system which was written in MVC. This system uses the asp.net membership api, which works well. I've just discovered a bug however whereby the user is unable to change his/her password.

The system displays the form to enter in the old password, and the new password twice to confirm, however on clicking submit, it just redisplays the form, and does not change the password.

I've gone through the code but as I'm new enough to MVC, and using the membership api, I can't see anything overly wrong with it.

Here is the GET and POST code from within the Account Controller. If anyone could see anything wrong with this, I would greatly appreciate it. If anyone needs me to post additional information/code, please ask :)

Also, after debugging through the code, what seems to happen is, after

if (ModelState.IsValid)

is hit, the nested if statement within this is skipped and the code jumps straight down to the bottom to redisplay the form.

[Authorize]
        public ActionResult ChangePassword(string source)
        {
            ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
            ViewData["source"] = source;

            if (!string.IsNullOrEmpty(source))
            {
                return View("ChangePassword", source);
            }

            return View("ChangePassword", "User");
        }

        [Authorize]
        [HttpPost]
        public ActionResult ChangePassword(ChangePasswordModel model, FormCollection formValues)
        {
            string source = formValues["source"];

            if (formValues["btnCancel"] != null)
            {
                RedirectToRouteResult result = null;

                // The user has clicked cancel. Redirect back to source!
                //
                switch (source)
                {
                    case "user":
                        result = RedirectToAction("Index", "ManageAccount", new { Area = "User" });
                        break;
                    case "administrator":
                        result = RedirectToAction("Index", "ManageAccount", new { Area = "Administrator" });
                        break;
                }

                return result;
            }

            if (ModelState.IsValid)
            {
                if (MembershipService.ChangePassword(User.Identity.Name, model.OldPassword, model.NewPassword))
                {
                    return RedirectToAction("Index", "ManageAccount", new { Area = "User" });
                }
                else
                {
                    ModelState.AddModelError("", "The current password is incorrect or the new password is invalid.");
                }
            }

            // If we got this far, something failed, redisplay form
            ViewData["PasswordLength"] = MembershipService.MinPasswordLength;
            ViewData["source"] = source;
            return View("ChangePassword", formValues["source"], model);
        }
Improve this question
4
  • Have you debugged through? Are you hitting model validation errors? Commented Dec 15, 2010 at 9:05
  • Hi Paddy, I just did. What happens is after the line "if (ModelState.IsValid)", it skips the entire if statement within this, and jumps straight to the code where the form is redisplayed. Commented Dec 15, 2010 at 9:11
  • As a debugging step, did you try taking out (commenting) ModelState.IsValid and letting framework handle "ChangePassword".? does that work? Commented Dec 15, 2010 at 9:23
  • @msuhash, I just tried that. It seems to work fine without ModelState.IsValid, changes the password, etc. Would you recommend leaving out ModelState.IsValid? Commented Dec 15, 2010 at 9:35

1 Answer 1

Reset to default
1

Maybe you could check for the Errors as stated here ASP.NET MVC Model State

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.