commit 98199ad82ca6956717061e75cc120d18183bb946
Author: Nikolay Dobromirov <nikolay.dobromirov@ffwagency.com>
Date:   Tue Jan 31 10:06:02 2017 +0200

    Injected the flood service.

diff --git a/core/modules/user/src/Controller/UserController.php b/core/modules/user/src/Controller/UserController.php
index fbd3e1c..d2911cc 100644
--- a/core/modules/user/src/Controller/UserController.php
+++ b/core/modules/user/src/Controller/UserController.php
@@ -6,6 +6,7 @@
 use Drupal\Component\Utility\Xss;
 use Drupal\Core\Controller\ControllerBase;
 use Drupal\Core\Datetime\DateFormatterInterface;
+use Drupal\Core\Flood\FloodInterface;
 use Drupal\user\Form\UserPasswordResetForm;
 use Drupal\user\UserDataInterface;
 use Drupal\user\UserInterface;
@@ -49,6 +50,13 @@ class UserController extends ControllerBase {
   protected $logger;
 
   /**
+   * A flood service instance.
+   *
+   * @var Drupal\Core\Flood\FloodInterface
+   */
+  protected $flood;
+
+  /**
    * Constructs a UserController object.
    *
    * @param \Drupal\Core\Datetime\DateFormatterInterface $date_formatter
@@ -59,12 +67,15 @@ class UserController extends ControllerBase {
    *   The user data service.
    * @param \Psr\Log\LoggerInterface $logger
    *   A logger instance.
+   * @param Drupal\Core\Flood\FloodInterface $flood
+   *   A logger instance.
    */
-  public function __construct(DateFormatterInterface $date_formatter, UserStorageInterface $user_storage, UserDataInterface $user_data, LoggerInterface $logger) {
+  public function __construct(DateFormatterInterface $date_formatter, UserStorageInterface $user_storage, UserDataInterface $user_data, LoggerInterface $logger, FloodInterface $flood) {
     $this->dateFormatter = $date_formatter;
     $this->userStorage = $user_storage;
     $this->userData = $user_data;
     $this->logger = $logger;
+    $this->flood = $flood;
   }
 
   /**
@@ -75,7 +86,8 @@ public static function create(ContainerInterface $container) {
       $container->get('date.formatter'),
       $container->get('entity.manager')->getStorage('user'),
       $container->get('user.data'),
-      $container->get('logger.factory')->get('user')
+      $container->get('logger.factory')->get('user'),
+      $container->get('flood')
     );
   }
 
@@ -236,8 +248,9 @@ public function resetPassLogin(Request $request, $uid, $timestamp, $hash) {
         // could lock out all users with public user names.
         $identifier = $user->id() . '-' . $request->getClientIP();
       }
-      \Drupal::flood()->clear('user.failed_login_ip');
-      \Drupal::flood()->clear('user.failed_login_user', $identifier);
+      $this->flood->clear('user.failed_login_ip');
+      $this->flood->clear('user.failed_login_user', $identifier);
+
       user_login_finalize($user);
       $this->logger->notice('User %name used one-time login link at time %timestamp.', ['%name' => $user->getDisplayName(), '%timestamp' => $timestamp]);
       drupal_set_message($this->t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.'));