function UserController::resetPass

Same name and namespace in other branches
  1. 9 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::resetPass()
  2. 8.9.x core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::resetPass()
  3. 11.x core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::resetPass()

Redirects to the user password reset form.

In order to never disclose a reset link via a referrer header this controller must always return a redirect response.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request.

int $uid: User ID of the user requesting reset.

int $timestamp: The current timestamp.

string $hash: Login link hash.

Return value

\Symfony\Component\HttpFoundation\RedirectResponse The redirect response.

1 string reference to 'UserController::resetPass'
user.routing.yml in core/modules/user/user.routing.yml
core/modules/user/user.routing.yml

File

core/modules/user/src/Controller/UserController.php, line 129

Class

UserController
Controller routines for user routes.

Namespace

Drupal\user\Controller

Code

public function resetPass(Request $request, $uid, $timestamp, $hash) {
  $account = $this->currentUser();
  // When processing the one-time login link, we have to make sure that a user
  // isn't already logged in.
  if ($account->isAuthenticated()) {
    // The current user is already logged in.
    if ($account->id() == $uid) {
      user_logout();
      // We need to begin the redirect process again because logging out will
      // destroy the session.
      return $this->redirect('user.reset', [
        'uid' => $uid,
        'timestamp' => $timestamp,
        'hash' => $hash,
      ]);
    }
    else {
      /** @var \Drupal\user\UserInterface $reset_link_user */
      $reset_link_user = $this->userStorage
        ->load($uid);
      if ($reset_link_user && $this->validatePathParameters($reset_link_user, $timestamp, $hash)) {
        $this->messenger()
          ->addWarning($this->t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. <a href=":logout">Log out</a> and try using the link again.', [
          '%other_user' => $account->getAccountName(),
          '%resetting_user' => $reset_link_user->getAccountName(),
          ':logout' => Url::fromRoute('user.logout')->toString(),
        ]));
      }
      else {
        // Invalid one-time link specifies an unknown user.
        $this->messenger()
          ->addError($this->t('The one-time login link you clicked is invalid.'));
      }
      return $this->redirect('<front>');
    }
  }
  /** @var \Drupal\user\UserInterface $reset_link_user */
  $reset_link_user = $this->userStorage
    ->load($uid);
  if ($redirect = $this->determineErrorRedirect($reset_link_user, $timestamp, $hash)) {
    return $redirect;
  }
  $session = $request->getSession();
  $session->set('pass_reset_hash', $hash);
  $session->set('pass_reset_timeout', $timestamp);
  return $this->redirect('user.reset.form', [
    'uid' => $uid,
  ]);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.