function UserPasswordForm::validateForm

Same name and namespace in other branches
  1. 8.9.x core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()
  2. 10 core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()
  3. 11.x core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()

Overrides FormBase::validateForm

File

core/modules/user/src/Form/UserPasswordForm.php, line 162

Class

UserPasswordForm
Provides a user password reset form.

Namespace

Drupal\user\Form

Code

public function validateForm(array &$form, FormStateInterface $form_state) {
    $flood_config = $this->configFactory
        ->get('user.flood');
    if (!$this->flood
        ->isAllowed('user.password_request_ip', $flood_config->get('ip_limit'), $flood_config->get('ip_window'))) {
        $form_state->setErrorByName('name', $this->t('Too many password recovery requests from your IP address. It is temporarily blocked. Try again later or contact the site administrator.'));
        return;
    }
    $this->flood
        ->register('user.password_request_ip', $flood_config->get('ip_window'));
    // First, see if the input is possibly valid as a username.
    $name = trim($form_state->getValue('name'));
    $definition = BaseFieldDefinition::create('string')->addConstraint('UserName', []);
    $data = $this->typedDataManager
        ->create($definition);
    $data->setValue($name);
    $violations = $data->validate();
    // Usernames have a maximum length shorter than email addresses. Only print
    // this error if the input is not valid as a username or email address.
    if ($violations->count() > 0 && !$this->emailValidator
        ->isValid($name)) {
        $form_state->setErrorByName('name', $this->t("The username or email address is invalid."));
        return;
    }
    // Try to load by email.
    $users = $this->userStorage
        ->loadByProperties([
        'mail' => $name,
    ]);
    if (empty($users)) {
        // No success, try to load by name.
        $users = $this->userStorage
            ->loadByProperties([
            'name' => $name,
        ]);
    }
    $account = reset($users);
    // Blocked accounts cannot request a new password.
    if ($account && $account->id() && $account->isActive()) {
        // Register flood events based on the uid only, so they apply for any
        // IP address. This allows them to be cleared on successful reset (from
        // any IP).
        $identifier = $account->id();
        if (!$this->flood
            ->isAllowed('user.password_request_user', $flood_config->get('user_limit'), $flood_config->get('user_window'), $identifier)) {
            return;
        }
        $this->flood
            ->register('user.password_request_user', $flood_config->get('user_window'), $identifier);
        $form_state->setValueForElement([
            '#parents' => [
                'account',
            ],
        ], $account);
    }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.