You are here

protected function Redirect::isPasswordReset in Entity Legal 8.2

Same name and namespace in other branches
  1. 4.0.x src/Plugin/EntityLegal/Redirect.php \Drupal\entity_legal\Plugin\EntityLegal\Redirect::isPasswordReset()
  2. 3.0.x src/Plugin/EntityLegal/Redirect.php \Drupal\entity_legal\Plugin\EntityLegal\Redirect::isPasswordReset()

Check if this is a valid password reset request.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The HTTP request object.

Return value

bool If this is a valid password reset request.

1 call to Redirect::isPasswordReset()
Redirect::execute in src/Plugin/EntityLegal/Redirect.php
Execute callback for Entity Legal method plugin.

File

src/Plugin/EntityLegal/Redirect.php, line 177

Class

Redirect
Method class for redirecting existing users to accept a legal document.

Namespace

Drupal\entity_legal\Plugin\EntityLegal

Code

protected function isPasswordReset(Request $request) {

  // Unblock only the current user account edit form.
  if ($this->routeMatch
    ->getRouteName() !== 'entity.user.edit_form' && $this->routeMatch
    ->getRawParameter('user') != $this->currentUser
    ->id()) {
    return FALSE;
  }

  // The password reset token should be present.
  if (!($pass_reset_token = $request
    ->get('pass-reset-token'))) {
    return FALSE;
  }

  // Now we check if it's a valid token.
  // @see \Drupal\user\Controller\UserController::resetPassLogin()
  // @see \Drupal\user\AccountForm::form()
  $session_key = "pass_reset_{$this->currentUser->id()}";
  if (!isset($_SESSION[$session_key]) || !Crypt::hashEquals($_SESSION[$session_key], $pass_reset_token)) {
    return FALSE;
  }
  return TRUE;
}