Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
There should be an event dispatched when a user's password is going to be reset. It can be dispatched after the user has been validated and before the email which generates a login link is sent.
$account = reset($users);
if (!$account instanceof UserInterface) {
// Error if no users found with provided name or mail.
throw new UnprocessableEntityHttpException('Unrecognized username or email address.');
}
if ($this->userIsBlocked($account->getAccountName())) {
throw new UnprocessableEntityHttpException('The user has not been activated or is blocked.');
}
// @todo dispatch UserPasswordResetEvent($account, $document);
// Send the password reset email.
$mail = _user_mail_notify('password_reset', $account, $account->getPreferredLangcode());
if (empty($mail)) {
throw new UnprocessableEntityHttpException('Unable to send email. Contact the site administrator if the problem persists.');
}
In fact, this event could be used to generate the email which is sent. The password_reset
email may be completely useless in a headless situation and handled by a different service. Moving this code to an event subscriber in this module makes it feasible to swap functionality.
Comment | File | Size | Author |
---|---|---|---|
#2 | 3107573-2.patch | 8.13 KB | mglaman |
Comments
Comment #2
mglamanI also realized we need to revisit this for registration for the same problems.
Comment #4
mglamanCommitted!