finishPasswordReset method

Future<UuidValue> finishPasswordReset(Session session, { required String finishPasswordResetToken, required String newPassword, Transaction? transaction, })

Completes a password reset request by setting a new password.

The verificationCode returned from verifyPasswordResetCode is used to validate the password reset request.

Throws an EmailAccountPasswordResetException in case of errors, with reason:

• EmailAccountPasswordResetExceptionReason.expired if the password reset request has already expired.
• EmailAccountPasswordResetExceptionReason.policyViolation if the new password does not comply with the password policy.
• EmailAccountPasswordResetExceptionReason.invalid if no request exists for the given passwordResetRequestId or verificationCode is invalid.

Throws an AuthUserBlockedException if the auth user is blocked.

Implementation

Future<UuidValue> finishPasswordReset(
  final Session session, {
  required final String finishPasswordResetToken,
  required final String newPassword,
  final Transaction? transaction,
}) async {
  return DatabaseUtil.runInTransactionOrSavepoint(
    session.db,
    transaction,
    (final transaction) =>
        EmailIdpUtils.withReplacedServerEmailException(() async {
          final authUserId = await utils.passwordReset.completePasswordReset(
            session,
            completePasswordResetToken: finishPasswordResetToken,
            newPassword: newPassword,
            transaction: transaction,
          );

          await _tokenManager.revokeAllTokens(
            session,
            authUserId: authUserId,
            method: method,
            transaction: transaction,
          );

          return authUserId;
        }),
  );
}