public UserController::getResetPassForm(Request $request, $uid)
Returns the user password reset form.
Parameters
\Symfony\Component\HttpFoundation\Request $request: The request.
int $uid: User ID of the user requesting reset.
Return value
array|\Symfony\Component\HttpFoundation\RedirectResponse The form structure or a redirect response.
Throws
\Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException If the pass_reset_timeout or pass_reset_hash are not available in the session. Or if $uid is for a blocked user or invalid user ID.
File
- core/modules/user/src/Controller/UserController.php, line 158
Class
- UserController
- Controller routines for user routes.
Namespace
Drupal\user\Controller
Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | public function getResetPassForm(Request $request, $uid) { $session = $request->getSession(); $timestamp = $session->get('pass_reset_timeout'); $hash = $session->get('pass_reset_hash'); // As soon as the session variables are used they are removed to prevent the // hash and timestamp from being leaked unexpectedly. This could occur if // the user does not click on the log in button on the form. $session->remove('pass_reset_timeout'); $session->remove('pass_reset_hash'); if (!$hash || !$timestamp) { throw new AccessDeniedHttpException(); } /** @var \Drupal\user\UserInterface $user */ $user = $this->userStorage->load($uid); if ($user === NULL || !$user->isActive()) { // Blocked or invalid user ID, so deny access. The parameters will be in // the watchdog's URL for the administrator to check. throw new AccessDeniedHttpException(); } // Time out, in seconds, until login URL expires. $timeout = $this->config('user.settings')->get('password_reset_timeout'); $expiration_date = $user->getLastLoginTime() ? $this->dateFormatter->format($timestamp + $timeout) : NULL; return $this->formBuilder()->getForm(UserPasswordResetForm::class, $user, $expiration_date, $timestamp, $hash);} |
Please login to continue.