protected function Redirect::isPasswordReset in Entity Legal 3.0.x
Same name and namespace in other branches
- 8.2 src/Plugin/EntityLegal/Redirect.php \Drupal\entity_legal\Plugin\EntityLegal\Redirect::isPasswordReset()
- 4.0.x src/Plugin/EntityLegal/Redirect.php \Drupal\entity_legal\Plugin\EntityLegal\Redirect::isPasswordReset()
Check if this is a valid password reset request.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The HTTP request object.
Return value
bool If this is a valid password reset request.
1 call to Redirect::isPasswordReset()
- Redirect::execute in src/
Plugin/ EntityLegal/ Redirect.php - Execute callback for Entity Legal method plugin.
File
- src/
Plugin/ EntityLegal/ Redirect.php, line 176
Class
- Redirect
- Method class for redirecting existing users to accept a legal document.
Namespace
Drupal\entity_legal\Plugin\EntityLegalCode
protected function isPasswordReset(Request $request) {
// Unblock only the current user account edit form.
if ($this->routeMatch
->getRouteName() !== 'entity.user.edit_form' && $this->routeMatch
->getRawParameter('user') != $this->currentUser
->id()) {
return FALSE;
}
// The password reset token should be present.
if (!($pass_reset_token = $request
->get('pass-reset-token'))) {
return FALSE;
}
// Now we check if it's a valid token.
// @see \Drupal\user\Controller\UserController::resetPassLogin()
// @see \Drupal\user\AccountForm::form()
$session_key = "pass_reset_{$this->currentUser->id()}";
if (!isset($_SESSION[$session_key]) || !hash_equals($_SESSION[$session_key], $pass_reset_token)) {
return FALSE;
}
return TRUE;
}