function UserController::resetPass

Same name in other branches
  1. 9 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::resetPass()
  2. 8.9.x core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::resetPass()
  3. 11.x core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::resetPass()

Redirects to the user password reset form.

In order to never disclose a reset link via a referrer header this controller must always return a redirect response.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The request.

int $uid: User ID of the user requesting reset.

int $timestamp: The current timestamp.

string $hash: Login link hash.

Return value

\Symfony\Component\HttpFoundation\RedirectResponse The redirect response.

1 string reference to 'UserController::resetPass'
user.routing.yml in core/modules/user/user.routing.yml
core/modules/user/user.routing.yml

File

core/modules/user/src/Controller/UserController.php, line 129

Class

UserController
Controller routines for user routes.

Namespace

Drupal\user\Controller

Code

public function resetPass(Request $request, $uid, $timestamp, $hash) {
    $account = $this->currentUser();
    // When processing the one-time login link, we have to make sure that a user
    // isn't already logged in.
    if ($account->isAuthenticated()) {
        // The current user is already logged in.
        if ($account->id() == $uid) {
            user_logout();
            // We need to begin the redirect process again because logging out will
            // destroy the session.
            return $this->redirect('user.reset', [
                'uid' => $uid,
                'timestamp' => $timestamp,
                'hash' => $hash,
            ]);
        }
        else {
            
            /** @var \Drupal\user\UserInterface $reset_link_user */
            $reset_link_user = $this->userStorage
                ->load($uid);
            if ($reset_link_user && $this->validatePathParameters($reset_link_user, $timestamp, $hash)) {
                $this->messenger()
                    ->addWarning($this->t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. <a href=":logout">Log out</a> and try using the link again.', [
                    '%other_user' => $account->getAccountName(),
                    '%resetting_user' => $reset_link_user->getAccountName(),
                    ':logout' => Url::fromRoute('user.logout')->toString(),
                ]));
            }
            else {
                // Invalid one-time link specifies an unknown user.
                $this->messenger()
                    ->addError($this->t('The one-time login link you clicked is invalid.'));
            }
            return $this->redirect('<front>');
        }
    }
    
    /** @var \Drupal\user\UserInterface $reset_link_user */
    $reset_link_user = $this->userStorage
        ->load($uid);
    if ($redirect = $this->determineErrorRedirect($reset_link_user, $timestamp, $hash)) {
        return $redirect;
    }
    $session = $request->getSession();
    $session->set('pass_reset_hash', $hash);
    $session->set('pass_reset_timeout', $timestamp);
    return $this->redirect('user.reset.form', [
        'uid' => $uid,
    ]);
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.