The process to reset a password is as follows:
1. The user chooses to reset a password. He/she enters a new password
and submits it to Piwik.
2. PasswordResetter will store the hash of the password in the Option table.
This is done by {@link initiatePasswordResetProcess()}.
3. PasswordResetter will generate a reset token and email the user a link
to confirm that they requested a password reset. (This way an attacker
cannot reset a user's password if they do not have control of the user's
email address.)
4. The user opens the email and clicks on the link. The link leads to
a controller action that finishes the password reset process.
5. When the link is clicked, PasswordResetter will update the user's password
and remove the Option stored earlier. This is accomplished by
{@link confirmNewPassword()}.
Note: this class does not contain any controller logic so it won't directly
handle certain requests. Controllers should call the appropriate methods.
## Reset Tokens
Reset tokens are hashes that are unique for each user and are associated with
an expiry timestamp in the future. see the {@link generatePasswordResetToken()}
and {@link isTokenValid()} methods for more info.
By default, reset tokens will expire after 24 hours.
## Overriding
Plugins that want to tweak the password reset process can derive from this
class. They can override certain methods (read documentation for individual
methods to see why and how you might want to), but for the overriding to
have effect, it must be used by the Login controller.