Currently function returns NULL if the input reset token does not exist. I am not right on this one, but as I see it I think it would be better that function would throw exception in case of non-existing/invalid reset token. Like for expired_token... Something like this:
public static function reset_password_by_token($reset_password_token, $new_password)
{
$recoverable = static::find('first', array(
'where' => array(
'reset_password_token' => $reset_password_token
)
));
if ($recoverable) {
if ($recoverable->is_reset_password_period_valid()) {
$recoverable->reset_password($new_password);
} else {
throw new Failure('expired_token', array('name' => 'Reset password'));
}
}
else {
throw new Failure('invalid_token', array('name' => 'Reset password'));
}
return $recoverable;
}
Currently function returns NULL if the input reset token does not exist. I am not right on this one, but as I see it I think it would be better that function would throw exception in case of non-existing/invalid reset token. Like for expired_token... Something like this: