Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.There should be an event dispatched when a user's password is going to be reset. It can be dispatched after the user has been validated and before the email which generates a login link is sent.
$account = reset($users);
if (!$account instanceof UserInterface) {
// Error if no users found with provided name or mail.
throw new UnprocessableEntityHttpException('Unrecognized username or email address.');
}
if ($this->userIsBlocked($account->getAccountName())) {
throw new UnprocessableEntityHttpException('The user has not been activated or is blocked.');
}
// @todo dispatch UserPasswordResetEvent($account, $document);
// Send the password reset email.
$mail = _user_mail_notify('password_reset', $account, $account->getPreferredLangcode());
if (empty($mail)) {
throw new UnprocessableEntityHttpException('Unable to send email. Contact the site administrator if the problem persists.');
}
In fact, this event could be used to generate the email which is sent. The password_reset email may be completely useless in a headless situation and handled by a different service. Moving this code to an event subscriber in this module makes it feasible to swap functionality.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | 3107573-2.patch | 8.13 KB | mglaman |
Comments
Comment #2
mglamanI also realized we need to revisit this for registration for the same problems.
Comment #4
mglamanCommitted!