RequestPasswordReset
in package
Use case for requesting a password reset.
Generates a secure token, stores it hashed in the database, and sends the reset link via email.
Security considerations:
- Tokens are generated using cryptographically secure random bytes
- Only the SHA-256 hash is stored in the database
- Tokens expire after 1 hour
- Silent fail on invalid email (prevents user enumeration attacks)
Tags
Table of Contents
Constants
- TOKEN_EXPIRY_HOURS = 1
- Token expiry time in hours.
Properties
Methods
- __construct() : mixed
- Create a new RequestPasswordReset use case.
- execute() : bool
- Execute the password reset request.
Constants
TOKEN_EXPIRY_HOURS
Token expiry time in hours.
private
mixed
TOKEN_EXPIRY_HOURS
= 1
Properties
$emailService
private
EmailService
$emailService
$repository
private
UserRepositoryInterface
$repository
$tokenHasher
private
TokenHasher
$tokenHasher
Methods
__construct()
Create a new RequestPasswordReset use case.
public
__construct(UserRepositoryInterface $repository, TokenHasher $tokenHasher, EmailService $emailService) : mixed
Parameters
- $repository : UserRepositoryInterface
-
User repository
- $tokenHasher : TokenHasher
-
Token hasher service
- $emailService : EmailService
-
Email service
execute()
Execute the password reset request.
public
execute(string $email) : bool
Always returns true to prevent email enumeration attacks. If the email doesn't exist or the account is inactive, we silently succeed.
Parameters
- $email : string
-
User's email address
Return values
bool —Always true (silent fail for security)