CompletePasswordReset
in package
Use case for completing a password reset.
Validates the token and updates the user's password.
Security considerations:
- Tokens are hashed before lookup (prevents timing attacks)
- Token expiration is checked
- Token is invalidated after use (one-time use)
- Password strength is validated before update
Tags
Table of Contents
Properties
Methods
- __construct() : mixed
- Create a new CompletePasswordReset use case.
- execute() : bool
- Execute the password reset completion.
- validateToken() : bool
- Validate a password reset token without using it.
Properties
$passwordHasher
private
PasswordHasher
$passwordHasher
$repository
private
UserRepositoryInterface
$repository
$tokenHasher
private
TokenHasher
$tokenHasher
Methods
__construct()
Create a new CompletePasswordReset use case.
public
__construct(UserRepositoryInterface $repository, TokenHasher $tokenHasher, PasswordHasher $passwordHasher) : mixed
Parameters
- $repository : UserRepositoryInterface
-
User repository
- $tokenHasher : TokenHasher
-
Token hasher service
- $passwordHasher : PasswordHasher
-
Password hasher service
execute()
Execute the password reset completion.
public
execute(string $token, string $newPassword) : bool
Parameters
- $token : string
-
The plaintext token from the email
- $newPassword : string
-
The new password
Tags
Return values
bool —True if password was reset successfully
validateToken()
Validate a password reset token without using it.
public
validateToken(string $token) : bool
Parameters
- $token : string
-
The plaintext token to validate
Return values
bool —True if token is valid