finishPasswordReset static method

Future<AuthSuccess> finishPasswordReset(
  1. Session session, {
  2. required UuidValue passwordResetRequestId,
  3. required String verificationCode,
  4. required String newPassword,
  5. Transaction? transaction,
})

Completes a password reset request by setting a new password.

Throws an EmailAccountPasswordResetRequestNotFoundException in case no reset request could be found for passwordResetRequestId. Throws an EmailAccountPasswordResetRequestExpiredException in case the reset request has expired. Throws an EmailAccountPasswordPolicyViolationException in case the password does not confirm to the configured policy. Throws an EmailAccountPasswordResetRequestUnauthorizedException in case the verificationCode is not valid.

If the reset was successful, a new session is returned and all previous sessions of the user are destroyed.

Implementation

static Future<AuthSuccess> finishPasswordReset(
  final Session session, {
  required final UuidValue passwordResetRequestId,
  required final String verificationCode,
  required final String newPassword,
  final Transaction? transaction,
}) async {
  return DatabaseUtil.runInTransactionOrSavepoint(
    session.db,
    transaction,
    (final transaction) async {
      final authUserId = await EmailAccounts.completePasswordReset(
        session,
        passwordResetRequestId: passwordResetRequestId,
        verificationCode: verificationCode,
        newPassword: newPassword,
        transaction: transaction,
      );

      await AuthSessions.destroyAllSessions(
        session,
        authUserId: authUserId,
        transaction: transaction,
      );

      return admin.createSession(
        session,
        authUserId,
        transaction: transaction,
      );
    },
  );
}