function UserController::determineErrorRedirect

Same name and namespace in other branches
  1. 9 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::determineErrorRedirect()
  2. 11.x core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::determineErrorRedirect()

Validates user, hash, and timestamp.

This method allows the 'user.reset' and 'user.reset.login' routes to use the same logic to check the user, timestamp and hash and redirect to the same location with the same messages.

Parameters

\Drupal\user\UserInterface|null $user: User requesting reset. NULL if the user does not exist.

int $timestamp: The current timestamp.

string $hash: Login link hash.

Return value

\Symfony\Component\HttpFoundation\RedirectResponse|null Returns a redirect if the information is incorrect. It redirects to 'user.pass' route with a message for the user.

Throws

\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException If $uid is for a blocked user or invalid user ID.

2 calls to UserController::determineErrorRedirect()
UserController::resetPass in core/modules/user/src/Controller/UserController.php
Redirects to the user password reset form.
UserController::resetPassLogin in core/modules/user/src/Controller/UserController.php
Validates user, hash, and timestamp; logs the user in if correct.

File

core/modules/user/src/Controller/UserController.php, line 305

Class

UserController
Controller routines for user routes.

Namespace

Drupal\user\Controller

Code

protected function determineErrorRedirect(?UserInterface $user, int $timestamp, string $hash) : ?RedirectResponse {
    // The current user is not logged in, so check the parameters.
    $current = $this->time
        ->getRequestTime();
    // Verify that the user exists and is active.
    if ($user === NULL || !$user->isActive()) {
        // Blocked or invalid user ID, so deny access. The parameters will be in
        // the watchdog's URL for the administrator to check.
        throw new AccessDeniedHttpException();
    }
    // Time out, in seconds, until login URL expires.
    $timeout = $this->config('user.settings')
        ->get('password_reset_timeout');
    // No time out for first time login.
    if ($user->getLastLoginTime() && $current - $timestamp > $timeout) {
        $this->messenger()
            ->addError($this->t('You have tried to use a one-time login link that has expired. Request a new one using the form below.'));
        return $this->redirect('user.pass');
    }
    elseif ($user->isAuthenticated() && $this->validatePathParameters($user, $timestamp, $hash, $timeout)) {
        // The information provided is valid.
        return NULL;
    }
    $this->messenger()
        ->addError($this->t('You have tried to use a one-time login link that has either been used or is no longer valid. Request a new one using the form below.'));
    return $this->redirect('user.pass');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.