function UserController::resetPass
Same name in other branches
- 9 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::resetPass()
- 10 core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::resetPass()
- 11.x core/modules/user/src/Controller/UserController.php \Drupal\user\Controller\UserController::resetPass()
Redirects to the user password reset form.
In order to never disclose a reset link via a referrer header this controller must always return a redirect response.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request.
int $uid: User ID of the user requesting reset.
int $timestamp: The current timestamp.
string $hash: Login link hash.
Return value
\Symfony\Component\HttpFoundation\RedirectResponse The redirect response.
1 string reference to 'UserController::resetPass'
- user.routing.yml in core/
modules/ user/ user.routing.yml - core/modules/user/user.routing.yml
File
-
core/
modules/ user/ src/ Controller/ UserController.php, line 117
Class
- UserController
- Controller routines for user routes.
Namespace
Drupal\user\ControllerCode
public function resetPass(Request $request, $uid, $timestamp, $hash) {
$account = $this->currentUser();
// When processing the one-time login link, we have to make sure that a user
// isn't already logged in.
if ($account->isAuthenticated()) {
// The current user is already logged in.
if ($account->id() == $uid) {
user_logout();
// We need to begin the redirect process again because logging out will
// destroy the session.
return $this->redirect('user.reset', [
'uid' => $uid,
'timestamp' => $timestamp,
'hash' => $hash,
]);
}
else {
/** @var \Drupal\user\UserInterface $reset_link_user */
if ($reset_link_user = $this->userStorage
->load($uid)) {
$this->messenger()
->addWarning($this->t('Another user (%other_user) is already logged into the site on this computer, but you tried to use a one-time link for user %resetting_user. Please <a href=":logout">log out</a> and try using the link again.', [
'%other_user' => $account->getAccountName(),
'%resetting_user' => $reset_link_user->getAccountName(),
':logout' => Url::fromRoute('user.logout')->toString(),
]));
}
else {
// Invalid one-time link specifies an unknown user.
$this->messenger()
->addError($this->t('The one-time login link you clicked is invalid.'));
}
return $this->redirect('<front>');
}
}
$session = $request->getSession();
$session->set('pass_reset_hash', $hash);
$session->set('pass_reset_timeout', $timestamp);
return $this->redirect('user.reset.form', [
'uid' => $uid,
]);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.