_userFactory = $userFactory; } /** * Check if password reset token is valid * * @param int $userId * @param string $resetPasswordToken * @return void * @throws LocalizedException */ protected function _validateResetPasswordLinkToken($userId, $resetPasswordToken) { if (!is_int( $userId ) || !is_string( $resetPasswordToken ) || empty($resetPasswordToken) || empty($userId) || $userId < 0 ) { throw new LocalizedException(__('Please correct the password reset token.')); } /** @var $user \Magento\User\Model\User */ $user = $this->_userFactory->create()->load($userId); if (!$user->getId()) { throw new LocalizedException( __('Please specify the correct account and try again.') ); } $userToken = $user->getRpToken(); if (!Security::compareStrings($userToken, $resetPasswordToken) || $user->isResetPasswordLinkTokenExpired()) { throw new LocalizedException(__('Your password reset link has expired.')); } } /** * Check if user has permissions to access this controller * * @return bool */ protected function _isAllowed() { return true; } }