By roderik on
Change record status:
Draft (View all draft change records)
Project:
Introduced in branch:
9.3.x
Introduced in version:
Issue links:
Description:
The "initial login link" that a user gets in their email when registering for an account on a site that allows anonymous registration without approval , now has the same expiry time as a "password reset link" that an already registered user can send themselves.
The effect on callers is that in a form builder called as below, the $expiration_date must have a non-NULL value. (Note the $timestamp and $hash parameters are already effectively mandatory.)
$form = \Drupal::service('form_builder')->getForm(UserPasswordResetForm::class, $user, $expiration_date, $timestamp, $hash);
Impacts:
Module developers
