You are here

Home » API reference » Drupal 9 » UserAuthenticationController.php » UserAuthenticationController

public function UserAuthenticationController::resetPassword in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/user/src/Controller/UserAuthenticationController.php \Drupal\user\Controller\UserAuthenticationController::resetPassword()

Resets a user password.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request.

Return value

\Symfony\Component\HttpFoundation\Response The response object.

1 string reference to 'UserAuthenticationController::resetPassword'
user.routing.yml in core/modules/user/user.routing.yml
core/modules/user/user.routing.yml

File

core/modules/user/src/Controller/UserAuthenticationController.php, line 235

Class

UserAuthenticationController
Provides controllers for login, login status and logout via HTTP requests.

Namespace

Drupal\user\Controller

Code

public function resetPassword(Request $request) {
  $format = $this
    ->getRequestFormat($request);
  $content = $request
    ->getContent();
  $credentials = $this->serializer
    ->decode($content, $format);

  // Check if a name or mail is provided.
  if (!isset($credentials['name']) && !isset($credentials['mail'])) {
    throw new BadRequestHttpException('Missing credentials.name or credentials.mail');
  }

  // Load by name if provided.
  if (isset($credentials['name'])) {
    $users = $this->userStorage
      ->loadByProperties([
      'name' => trim($credentials['name']),
    ]);
  }
  elseif (isset($credentials['mail'])) {
    $users = $this->userStorage
      ->loadByProperties([
      'mail' => trim($credentials['mail']),
    ]);
  }

  /** @var \Drupal\Core\Session\AccountInterface $account */
  $account = reset($users);
  if ($account && $account
    ->id()) {
    if ($this
      ->userIsBlocked($account
      ->getAccountName())) {
      throw new BadRequestHttpException('The user has not been activated or is blocked.');
    }

    // Send the password reset email.
    $mail = _user_mail_notify('password_reset', $account);
    if (empty($mail)) {
      throw new BadRequestHttpException('Unable to send email. Contact the site administrator if the problem persists.');
    }
    else {
      $this->logger
        ->notice('Password reset instructions mailed to %name at %email.', [
        '%name' => $account
          ->getAccountName(),
        '%email' => $account
          ->getEmail(),
      ]);
      return new Response();
    }
  }

  // Error if no users found with provided name or mail.
  throw new BadRequestHttpException('Unrecognized username or email address.');
}