function UserPasswordForm::validateForm

Same name and namespace in other branches
  1. 11.x core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()
  2. 10 core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()
  3. 8.9.x core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()

Overrides FormBase::validateForm

File

core/modules/user/src/Form/UserPasswordForm.php, line 162

Class

UserPasswordForm
Provides a user password reset form.

Namespace

Drupal\user\Form

Code

public function validateForm(array &$form, FormStateInterface $form_state) {
  $flood_config = $this->configFactory
    ->get('user.flood');
  if (!$this->flood
    ->isAllowed('user.password_request_ip', $flood_config->get('ip_limit'), $flood_config->get('ip_window'))) {
    $form_state->setErrorByName('name', $this->t('Too many password recovery requests from your IP address. It is temporarily blocked. Try again later or contact the site administrator.'));
    return;
  }
  $this->flood
    ->register('user.password_request_ip', $flood_config->get('ip_window'));
  // First, see if the input is possibly valid as a username.
  $name = trim($form_state->getValue('name'));
  $definition = BaseFieldDefinition::create('string')->addConstraint('UserName', []);
  $data = $this->typedDataManager
    ->create($definition);
  $data->setValue($name);
  $violations = $data->validate();
  // Usernames have a maximum length shorter than email addresses. Only print
  // this error if the input is not valid as a username or email address.
  if ($violations->count() > 0 && !$this->emailValidator
    ->isValid($name)) {
    $form_state->setErrorByName('name', $this->t("The username or email address is invalid."));
    return;
  }
  // Try to load by email.
  $users = $this->userStorage
    ->loadByProperties([
    'mail' => $name,
  ]);
  if (empty($users)) {
    // No success, try to load by name.
    $users = $this->userStorage
      ->loadByProperties([
      'name' => $name,
    ]);
  }
  $account = reset($users);
  // Blocked accounts cannot request a new password.
  if ($account && $account->id() && $account->isActive()) {
    // Register flood events based on the uid only, so they apply for any
    // IP address. This allows them to be cleared on successful reset (from
    // any IP).
    $identifier = $account->id();
    if (!$this->flood
      ->isAllowed('user.password_request_user', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)) {
      return;
    }
    $this->flood
      ->register('user.password_request_user', $flood_config->get('user_window'), $identifier);
    $form_state->setValueForElement([
      '#parents' => [
        'account',
      ],
    ], $account);
  }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.