verifyPasswordResetCode method

Future<String> verifyPasswordResetCode(Session session, { required UuidValue passwordResetRequestId, required String verificationCode, required Transaction transaction, })

Returns the credentials for setting the password for the password reset request.

This method should only be called after the startPasswordReset method has been called successfully.

The method returns a completePasswordResetToken that can be used to complete the password reset.

Can throw the following EmailPasswordResetServerException subclasses:

• EmailPasswordResetRequestNotFoundException if no reset request could be found for passwordResetRequestId.
• EmailPasswordResetRequestExpiredException if the reset request has expired and has not been cleaned up yet.
• EmailPasswordResetVerificationCodeAlreadyUsedException if the verification code has already been used.
• EmailPasswordResetTooManyVerificationAttemptsException if the user has made too many attempts trying to complete the password reset.
• EmailPasswordResetInvalidVerificationCodeException if the provided verificationCode is not valid.

In case of an invalid verificationCode or passwordResetRequestId, the failed password reset completion will be logged to the database outside of the transaction and can not be rolled back.

Implementation

Future<String> verifyPasswordResetCode(
  final Session session, {
  required final UuidValue passwordResetRequestId,
  required final String verificationCode,
  required final Transaction transaction,
}) async {
  return await withReplacedSecretChallengeException(
    () => _challengeUtil.verifyChallenge(
      session,
      requestId: passwordResetRequestId,
      verificationCode: verificationCode,
      transaction: transaction,
    ),
  );
}