You are here

Home » API reference » Drupal 9 » UserPasswordForm.php » UserPasswordForm

public function UserPasswordForm::validateForm in Drupal 9

Same name and namespace in other branches
  1. 8 core/modules/user/src/Form/UserPasswordForm.php \Drupal\user\Form\UserPasswordForm::validateForm()

Form validation handler.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Overrides FormBase::validateForm

File

core/modules/user/src/Form/UserPasswordForm.php, line 162

Class

UserPasswordForm
Provides a user password reset form.

Namespace

Drupal\user\Form

Code

public function validateForm(array &$form, FormStateInterface $form_state) {
  $flood_config = $this->configFactory
    ->get('user.flood');
  if (!$this->flood
    ->isAllowed('user.password_request_ip', $flood_config
    ->get('ip_limit'), $flood_config
    ->get('ip_window'))) {
    $form_state
      ->setErrorByName('name', $this
      ->t('Too many password recovery requests from your IP address. It is temporarily blocked. Try again later or contact the site administrator.'));
    return;
  }
  $this->flood
    ->register('user.password_request_ip', $flood_config
    ->get('ip_window'));

  // First, see if the input is possibly valid as a username.
  $name = trim($form_state
    ->getValue('name'));
  $definition = BaseFieldDefinition::create('string')
    ->addConstraint('UserName', []);
  $data = $this->typedDataManager
    ->create($definition);
  $data
    ->setValue($name);
  $violations = $data
    ->validate();

  // Usernames have a maximum length shorter than email addresses. Only print
  // this error if the input is not valid as a username or email address.
  if ($violations
    ->count() > 0 && !$this->emailValidator
    ->isValid($name)) {
    $form_state
      ->setErrorByName('name', $this
      ->t("The username or email address is invalid."));
    return;
  }

  // Try to load by email.
  $users = $this->userStorage
    ->loadByProperties([
    'mail' => $name,
  ]);
  if (empty($users)) {

    // No success, try to load by name.
    $users = $this->userStorage
      ->loadByProperties([
      'name' => $name,
    ]);
  }
  $account = reset($users);

  // Blocked accounts cannot request a new password.
  if ($account && $account
    ->id() && $account
    ->isActive()) {

    // Register flood events based on the uid only, so they apply for any
    // IP address. This allows them to be cleared on successful reset (from
    // any IP).
    $identifier = $account
      ->id();
    if (!$this->flood
      ->isAllowed('user.password_request_user', $flood_config
      ->get('user_limit'), $flood_config
      ->get('user_window'), $identifier)) {
      return;
    }
    $this->flood
      ->register('user.password_request_user', $flood_config
      ->get('user_window'), $identifier);
    $form_state
      ->setValueForElement([
      '#parents' => [
        'account',
      ],
    ], $account);
  }
}