Provide a decoupled way to get the one time login token

Open on Drupal.org →

Created on 13 May 2023, about 1 year ago

Problem/Motivation

Currently, the module let to edit the password via PasswordUpdate, which ask the hash and timestamp.
However, the email link sent by PasswordReset is the core, hardcoded, to the back-end, thus making impossible to do all the flow only in the front-end

✨ Feature request

Status

Active

Version

1.0

Component

Code

Created by

🇮🇹Italy Giuseppe87

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Comments & Activities

Issue created by @Giuseppe87
Comment about 1 year ago →
🇮🇹Italy Giuseppe87
Attached a patch which provides the functionality.

It adds a submodule, jsonapi_user_resources_one_time_login.

It essentially provides a token, with the same logic of the user module, but without building the entire Drupal's reset password route url.

It also add an alternative to the code user reset_password mail, where is possible to use the token as a partial data of a front-end url.
I went with this implementation because there's is not (or at least I couldn't find) good hook\event to use to insert (or replace) the new token in the standard email. user_mail_tokens() is a good starting point to check that.

I had to to remove the final from PasswordResetSubscriber in order to decorate it in the submodule.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024