function UserController::getResetPassForm

Same name and namespace in other branches
  1. 9 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::getResetPassForm()
  2. 8.9.x core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::getResetPassForm()
  3. 10 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::getResetPassForm()

Returns the user password reset form.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request.

int $uid: User ID of the user requesting reset.

Return value

array|\Symfony\Component\HttpFoundation\RedirectResponse The form structure or a redirect response.

Throws

\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException If the pass_reset_timeout or pass_reset_hash are not available in the session. Or if $uid is for a blocked user or invalid user ID.

1 string reference to 'UserController::getResetPassForm'
user.routing.yml in core/modules/user/user.routing.yml
core/modules/user/user.routing.yml

File

core/modules/user/src/Controller/UserController.php, line 195

Class

UserController
Controller routines for user routes.

Namespace

Drupal\user\Controller

Code

public function getResetPassForm(Request $request, $uid) {
    $session = $request->getSession();
    $timestamp = $session->get('pass_reset_timeout');
    $hash = $session->get('pass_reset_hash');
    // As soon as the session variables are used they are removed to prevent the
    // hash and timestamp from being leaked unexpectedly. This could occur if
    // the user does not click on the log in button on the form.
    $session->remove('pass_reset_timeout');
    $session->remove('pass_reset_hash');
    if (!$hash || !$timestamp) {
        throw new AccessDeniedHttpException();
    }
    
    /** @var \Drupal\user\UserInterface $user */
    $user = $this->userStorage
        ->load($uid);
    if ($user === NULL || !$user->isActive()) {
        // Blocked or invalid user ID, so deny access. The parameters will be in
        // the watchdog's URL for the administrator to check.
        throw new AccessDeniedHttpException();
    }
    // Time out, in seconds, until login URL expires.
    $timeout = $this->config('user.settings')
        ->get('password_reset_timeout');
    $expiration_date = $user->getLastLoginTime() ? $this->dateFormatter
        ->format($timestamp + $timeout) : NULL;
    return $this->formBuilder()
        ->getForm(UserPasswordResetForm::class, $user, $expiration_date, $timestamp, $hash);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.