V15: User password resetting notification

[Zeegaan]

Notes

• Introduces new UserPasswordResettingNotification, that will fire when the user tries to reset their password
• With this, we have to get out the user, before trying to change password (as its used in the notification) thus I had to refactor the user service a little bit, to retain some DRYness

How to test

• Enable user password resetting by setting AllowPasswordReset in AppSettings.json to true:

      "Security": {
        "AllowPasswordReset": true,

• Remember to enable SMTP, as the reset password function will send you an email

"Umbraco": {
    "CMS": {
      "Examine": {
        "LuceneDirectoryFactory": "TempFileSystemDirectoryFactory"
      },
      "Global": {
        "Smtp": {
          "From": "[email protected]",
          "Host": "localhost",
           "Port": 25
        }
      },

• You can now test the functionality with a notification handler, here is some code to help:

using Umbraco.Cms.Core.Composing;
using Umbraco.Cms.Core.Events;
using Umbraco.Cms.Core.Notifications;

namespace Umbraco.Cms.Web.UI;

public class MyNotiHandler : INotificationHandler<UserPasswordResettingNotification>
{
    public void Handle(UserPasswordResettingNotification notification)
    {
        // // Do something with the notification
        // if(notification.User.Name?.Contains("Niko") ?? false)
        // {
        //     notification.CancelOperation(new EventMessage("fail", "Can't reset users with name containing 'Niko'"));
        // }
    }
}


public class MyComposer : IComposer
{
    public void Compose(IUmbracoBuilder builder) => builder.AddNotificationHandler<UserPasswordResettingNotification, MyNotiHandler>();
}

[AndyButland]

Realised yesterday we hadn't merged this one in yet. I've tested it out and works as expected. I guess it's not a perfect experience in the sense that you only get the rejection at the last stage of resetting your password, but it at least gives the option to prevent. And it's not obvious if we could do it earlier without leaking information about the existence of the user account.

I made a small amend though to revert the change to the IUserService interface, as it didn't seem this was necessary. If you are happy I haven't missed anything in doing this, please feel free to merge in.

Once that's done, one of us should add details for the docs, to this PR: umbraco/UmbracoDocs#6921