passwordMismatch = The confirmed password doesn't match the new password! isn't always the case eg when the current password isn't a match during changePasswordAsync.

[mistyn8]

Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)

11.4.1

Bug summary

using changePasswordAsyc(), if the current password isn't a match then microsoft.Extensions.Identity.Core.UserManager base method returns ErrorDescriber.PasswordMismatch which would give from base the message Incorrect password.

https://github.com/dotnet/aspnetcore/blob/62af2d714f0a72dd82cb57695b6785ebc41bb289/src/Identity/Extensions.Core/src/UserManager.cs#L753C3-L769

It would appear that Umbraco language is translating that into "The confirmed password doesn't match the new password!" which is a misleading message.. as in the case of Change Password, the error is that the Current Password doesn't match

Steps to reproduce

var resetResult = await _memberManager.ChangePasswordAsync(member, model.CurrentPassword!, model.PasswordDetails!.Password!);

if (!resetResult.Succeeded)
{
    var errors = resetResult.Errors.ToErrorMessage();
    AddErrors(resetResult);
    _logger.LogWarning("Could not change member password {ChangePasswordErrors} [{Code}]", errors, "CP01");
    return CurrentUmbracoPage();
}

and observe the errors when the CurrentPassword isn't a match.

Expected result / actual result

No response

[github-actions]

Hi there @mistyn8!

Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.

We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.

• We'll assess whether this issue relates to something that has already been fixed in a later version of the release that it has been raised for.
• If it's a bug, is it related to a release that we are actively supporting or is it related to a release that's in the end-of-life or security-only phase?
• We'll replicate the issue to ensure that the problem is as described.
• We'll decide whether the behavior is an issue or if the behavior is intended.

We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.

Thanks, from your friendly Umbraco GitHub bot 🤖 🙂

[mistyn8]

Not sure if this is just a case of dropping the new
so should be The confirmed password doesn't match from the errors it also doesn't appear that we get the indication that it's the CurrentPassword at fault either.

[mistyn8]

I guess a workaround is to add an additional explicit check..

if (!await _memberManager.CheckPasswordAsync(member, model.CurrentPassword))
{
    ModelState.AddModelError("CurrentPassword", "The Current Password is not a match");
    return CurrentUmbracoPage();
}

[andr317c]

Hey!

Thanks for reporting the issue. This is something we would like help with, if you want you can make a PR where you update the translation. It can be found in the file en_us.xml, in the user area under the key with the alias 'passwordMismatch'. 😄

I will mark this issue as up for grabs!

[github-actions]

Hi @mistyn8,

We're writing to let you know that we would love some help with this issue. We feel that this issue is ideal to flag for a community member to work on it. Once flagged here, folk looking for issues to work on will know to look at yours. Of course, please feel free work on this yourself ;-). If there are any changes to this status, we'll be sure to let you know.

For more information about issues and states, have a look at this blog post.

Thanks muchly, from your friendly Umbraco GitHub bot :-)

[markadrake]

#14570 was closed, but this is still an issue.

[timmygobang]

Still an issue, can someone fix this pls