/** @var \Drupal\user\UserInterface $user */
$user =
$this->userStorage->
load($uid);
if ($user === NULL || !
$user->
isActive()) { // Blocked or invalid user ID, so deny access. The parameters will be in
// the watchdog's URL for the administrator to check.
throw new AccessDeniedHttpException();
} // Time out, in seconds, until login URL expires.
$timeout =
$this->
config('user.settings'
)->
get('password_reset_timeout'
);
$expiration_date =
$user->
getLastLoginTime() ?
$this->dateFormatter->
format($timestamp +
$timeout) : NULL;
return $this->
formBuilder()->
getForm(UserPasswordResetForm::
class,
$user,
$expiration_date,
$timestamp,
$hash);
} /**
* Validates user, hash, and timestamp; logs the user in if correct.
*
* @param int $uid
* User ID of the user requesting reset.
* @param int $timestamp
* The current timestamp.
* @param string $hash
* Login link hash.
* @param \Symfony\Component\HttpFoundation\Request $request
* The request.
*
* @return \Symfony\Component\HttpFoundation\RedirectResponse
* Returns a redirect to the user edit form if the information is correct.
* If the information is incorrect redirects to 'user.pass' route with a
* message for the user.
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
* If $uid is for a blocked user or invalid user ID.
*/