You are here

Home » API reference » GraphQL 8.4 » PasswordReset.php » PasswordReset

public function PasswordReset::resolve in GraphQL 8.4

Creates an user.

Parameters

string $email: The email address to reset the password for.

Return value

\Drupal\graphql\GraphQL\Response\ResponseInterface Response for password reset mutation with violations in case of failure.

File

src/Plugin/GraphQL/DataProducer/User/PasswordReset.php, line 99

Class

PasswordReset
Resets the user's password (mutation).

Namespace

Drupal\graphql\Plugin\GraphQL\DataProducer\User

Code

public function resolve(string $email) : ResponseInterface {
  $content = [
    'mail' => $email,
  ];

  // Drupal does not have a user authentication service so we need to use the
  // authentication controller instead.
  $controller = UserAuthenticationController::create(\Drupal::getContainer());

  // Build up an authentication request for controller out of current request
  // but replace the request body with proper content. This way most of the
  // data are reused including the client's IP which is needed for flood
  // control. The request body is the only thing (besides client's IP) which
  // is pulled from the request within controller.
  $auth_request = new Request($this->currentRequest->query
    ->all(), $this->currentRequest->request
    ->all(), $this->currentRequest->attributes
    ->all(), $this->currentRequest->cookies
    ->all(), $this->currentRequest->files
    ->all(), $this->currentRequest->server
    ->all(), json_encode($content));
  $auth_request
    ->setRequestFormat('json');
  $response = new Response();
  try {
    $controller_response = $controller
      ->resetPassword($auth_request);
  } catch (\Exception $e) {

    // Show general error message so potential attacker cannot abuse endpoint
    // to eg check if some email exist or not. Log to watchdog for potential
    // further investigation.
    $this->logger
      ->warning($e
      ->getMessage());
    $response
      ->addViolation($this
      ->t('Unable to reset password, please try again later.'));
    return $response;
  }

  // Show general error message also in case of unexpected response. Log to
  // watchdog for potential further investigation.
  if ($controller_response
    ->getStatusCode() !== 200) {
    $this->logger
      ->warning("Unexpected response code @code during password reset.", [
      '@code' => $controller_response
        ->getStatusCode(),
    ]);
    $response
      ->addViolation($this
      ->t('Unable to reset password, please try again later.'));
  }
  return $response;
}