function UserAuthenticationController::resetPassword

Same name in other branches
  1. 8.9.x core/modules/user/src/Controller/UserAuthenticationController.php \Drupal\user\Controller\UserAuthenticationController::resetPassword()
  2. 10 core/modules/user/src/Controller/UserAuthenticationController.php \Drupal\user\Controller\UserAuthenticationController::resetPassword()
  3. 11.x core/modules/user/src/Controller/UserAuthenticationController.php \Drupal\user\Controller\UserAuthenticationController::resetPassword()

Resets a user password.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request.

Return value

\Symfony\Component\HttpFoundation\Response The response object.

1 string reference to 'UserAuthenticationController::resetPassword'
user.routing.yml in core/modules/user/user.routing.yml
core/modules/user/user.routing.yml

File

core/modules/user/src/Controller/UserAuthenticationController.php, line 235

Class

UserAuthenticationController
Provides controllers for login, login status and logout via HTTP requests.

Namespace

Drupal\user\Controller

Code

public function resetPassword(Request $request) {
    $format = $this->getRequestFormat($request);
    $content = $request->getContent();
    $credentials = $this->serializer
        ->decode($content, $format);
    // Check if a name or mail is provided.
    if (!isset($credentials['name']) && !isset($credentials['mail'])) {
        throw new BadRequestHttpException('Missing credentials.name or credentials.mail');
    }
    // Load by name if provided.
    if (isset($credentials['name'])) {
        $users = $this->userStorage
            ->loadByProperties([
            'name' => trim($credentials['name']),
        ]);
    }
    elseif (isset($credentials['mail'])) {
        $users = $this->userStorage
            ->loadByProperties([
            'mail' => trim($credentials['mail']),
        ]);
    }
    
    /** @var \Drupal\Core\Session\AccountInterface $account */
    $account = reset($users);
    if ($account && $account->id()) {
        if ($this->userIsBlocked($account->getAccountName())) {
            throw new BadRequestHttpException('The user has not been activated or is blocked.');
        }
        // Send the password reset email.
        $mail = _user_mail_notify('password_reset', $account);
        if (empty($mail)) {
            throw new BadRequestHttpException('Unable to send email. Contact the site administrator if the problem persists.');
        }
        else {
            $this->logger
                ->notice('Password reset instructions mailed to %name at %email.', [
                '%name' => $account->getAccountName(),
                '%email' => $account->getEmail(),
            ]);
            return new Response();
        }
    }
    // Error if no users found with provided name or mail.
    throw new BadRequestHttpException('Unrecognized username or email address.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.