public function UserPasswordForm::validateForm in Drupal 10
Same name and namespace in other branches
- 8 core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()
- 9 core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()
Form validation handler.
Parameters
array $form: An associative array containing the structure of the form.
\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.
Overrides FormBase::validateForm
File
- core/
modules/ user/ src/ Form/ UserPasswordForm.php, line 154
Class
- UserPasswordForm
- Provides a user password reset form.
Namespace
Drupal\user\FormCode
public function validateForm(array &$form, FormStateInterface $form_state) {
$flood_config = $this->configFactory
->get('user.flood');
if (!$this->flood
->isAllowed('user.password_request_ip', $flood_config
->get('ip_limit'), $flood_config
->get('ip_window'))) {
$form_state
->setErrorByName('name', $this
->t('Too many password recovery requests from your IP address. It is temporarily blocked. Try again later or contact the site administrator.'));
return;
}
$this->flood
->register('user.password_request_ip', $flood_config
->get('ip_window'));
// First, see if the input is possibly valid as a username.
$name = trim($form_state
->getValue('name'));
$definition = BaseFieldDefinition::create('string')
->addConstraint('UserName', []);
$data = $this->typedDataManager
->create($definition);
$data
->setValue($name);
$violations = $data
->validate();
// Usernames have a maximum length shorter than email addresses. Only print
// this error if the input is not valid as a username or email address.
if ($violations
->count() > 0 && !$this->emailValidator
->isValid($name)) {
$form_state
->setErrorByName('name', $this
->t("The username or email address is invalid."));
return;
}
// Try to load by email.
$users = $this->userStorage
->loadByProperties([
'mail' => $name,
]);
if (empty($users)) {
// No success, try to load by name.
$users = $this->userStorage
->loadByProperties([
'name' => $name,
]);
}
$account = reset($users);
// Blocked accounts cannot request a new password.
if ($account && $account
->id() && $account
->isActive()) {
// Register flood events based on the uid only, so they apply for any
// IP address. This allows them to be cleared on successful reset (from
// any IP).
$identifier = $account
->id();
if (!$this->flood
->isAllowed('user.password_request_user', $flood_config
->get('user_limit'), $flood_config
->get('user_window'), $identifier)) {
return;
}
$this->flood
->register('user.password_request_user', $flood_config
->get('user_window'), $identifier);
$form_state
->setValueForElement([
'#parents' => [
'account',
],
], $account);
}
}