function UserController::determineErrorRedirect
Same name in other branches
- 10 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::determineErrorRedirect()
- 11.x core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::determineErrorRedirect()
Validates user, hash, and timestamp.
This method allows the 'user.reset' and 'user.reset.login' routes to use the same logic to check the user, timestamp and hash and redirect to the same location with the same messages.
Parameters
\Drupal\user\UserInterface|null $user: User requesting reset. NULL if the user does not exist.
int $timestamp: The current timestamp.
string $hash: Login link hash.
Return value
\Symfony\Component\HttpFoundation\RedirectResponse|null Returns a redirect if the information is incorrect. It redirects to 'user.pass' route with a message for the user.
Throws
\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException If $uid is for a blocked user or invalid user ID.
2 calls to UserController::determineErrorRedirect()
- UserController::resetPass in core/
modules/ user/ src/ Controller/ UserController.php - Redirects to the user password reset form.
- UserController::resetPassLogin in core/
modules/ user/ src/ Controller/ UserController.php - Validates user, hash, and timestamp; logs the user in if correct.
File
-
core/
modules/ user/ src/ Controller/ UserController.php, line 289
Class
- UserController
- Controller routines for user routes.
Namespace
Drupal\user\ControllerCode
protected function determineErrorRedirect(?UserInterface $user, int $timestamp, string $hash) : ?RedirectResponse {
$current = REQUEST_TIME;
// Verify that the user exists and is active.
if ($user === NULL || !$user->isActive()) {
// Blocked or invalid user ID, so deny access. The parameters will be in
// the watchdog's URL for the administrator to check.
throw new AccessDeniedHttpException();
}
// Time out, in seconds, until login URL expires.
$timeout = $this->config('user.settings')
->get('password_reset_timeout');
// No time out for first time login.
if ($user->getLastLoginTime() && $current - $timestamp > $timeout) {
$this->messenger()
->addError($this->t('You have tried to use a one-time login link that has expired. Please request a new one using the form below.'));
return $this->redirect('user.pass');
}
elseif ($user->isAuthenticated() && $timestamp >= $user->getLastLoginTime() && $timestamp <= $current && hash_equals($hash, user_pass_rehash($user, $timestamp))) {
// The information provided is valid.
return NULL;
}
$this->messenger()
->addError($this->t('You have tried to use a one-time login link that has either been used or is no longer valid. Please request a new one using the form below.'));
return $this->redirect('user.pass');
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.