You are here

public function UserController::resetPass in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::resetPass()

Redirects to the user password reset form.

In order to never disclose a reset link via a referrer header this controller must always return a redirect response.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request.

int $uid: User ID of the user requesting reset.

int $timestamp: The current timestamp.

string $hash: Login link hash.

Return value

\Symfony\Component\HttpFoundation\RedirectResponse The redirect response.

1 string reference to 'UserController::resetPass'
user.routing.yml in core/modules/user/user.routing.yml
core/modules/user/user.routing.yml

File

core/modules/user/src/Controller/UserController.php, line 113

Class

UserController
Controller routines for user routes.

Namespace

Drupal\user\Controller

Code

public function resetPass(Request $request, $uid, $timestamp, $hash) {
  $account = $this
    ->currentUser();

  // When processing the one-time login link, we have to make sure that a user
  // isn't already logged in.
  if ($account
    ->isAuthenticated()) {

    // The current user is already logged in.
    if ($account
      ->id() == $uid) {
      user_logout();

      // We need to begin the redirect process again because logging out will
      // destroy the session.
      return $this
        ->redirect('user.reset', [
        'uid' => $uid,
        'timestamp' => $timestamp,
        'hash' => $hash,
      ]);
    }
    else {

      /** @var \Drupal\user\UserInterface $reset_link_user */
      if ($reset_link_user = $this->userStorage
        ->load($uid)) {
        $this
          ->messenger()
          ->addWarning($this
          ->t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href=":logout">log out</a> and try using the link again.', [
          '%other_user' => $account
            ->getAccountName(),
          '%resetting_user' => $reset_link_user
            ->getAccountName(),
          ':logout' => Url::fromRoute('user.logout')
            ->toString(),
        ]));
      }
      else {

        // Invalid one-time link specifies an unknown user.
        $this
          ->messenger()
          ->addError($this
          ->t('The one-time login link you clicked is invalid.'));
      }
      return $this
        ->redirect('<front>');
    }
  }
  $session = $request
    ->getSession();
  $session
    ->set('pass_reset_hash', $hash);
  $session
    ->set('pass_reset_timeout', $timestamp);
  return $this
    ->redirect('user.reset.form', [
    'uid' => $uid,
  ]);
}