public function UserController::getResetPassForm in Drupal 10
Same name and namespace in other branches
- 8 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::getResetPassForm()
- 9 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::getResetPassForm()
Returns the user password reset form.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request.
int $uid: User ID of the user requesting reset.
Return value
array|\Symfony\Component\HttpFoundation\RedirectResponse The form structure or a redirect response.
Throws
\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException If the pass_reset_timeout or pass_reset_hash are not available in the session. Or if $uid is for a blocked user or invalid user ID.
1 string reference to 'UserController::getResetPassForm'
- user.routing.yml in core/
modules/ user/ user.routing.yml - core/modules/user/user.routing.yml
File
- core/
modules/ user/ src/ Controller/ UserController.php, line 176
Class
- UserController
- Controller routines for user routes.
Namespace
Drupal\user\ControllerCode
public function getResetPassForm(Request $request, $uid) {
$session = $request
->getSession();
$timestamp = $session
->get('pass_reset_timeout');
$hash = $session
->get('pass_reset_hash');
// As soon as the session variables are used they are removed to prevent the
// hash and timestamp from being leaked unexpectedly. This could occur if
// the user does not click on the log in button on the form.
$session
->remove('pass_reset_timeout');
$session
->remove('pass_reset_hash');
if (!$hash || !$timestamp) {
throw new AccessDeniedHttpException();
}
/** @var \Drupal\user\UserInterface $user */
$user = $this->userStorage
->load($uid);
if ($user === NULL || !$user
->isActive()) {
// Blocked or invalid user ID, so deny access. The parameters will be in
// the watchdog's URL for the administrator to check.
throw new AccessDeniedHttpException();
}
// Time out, in seconds, until login URL expires.
$timeout = $this
->config('user.settings')
->get('password_reset_timeout');
$expiration_date = $user
->getLastLoginTime() ? $this->dateFormatter
->format($timestamp + $timeout) : NULL;
return $this
->formBuilder()
->getForm(UserPasswordResetForm::class, $user, $expiration_date, $timestamp, $hash);
}