/** * Reset */ public function actionReset($token) { /** @var User $user */ // get user token and check expiration $userToken = UserToken::findByToken($token, UserToken::TYPE_PASSWORD_RESET); if (!$userToken) { return ["error" => "Invalid token"]; } // get user and load post // return user email if user hasn't submitted yet $user = User::findOne($userToken->user_id); if (!$user->loadPost()) { return ["success" => $user->email]; } // set scenario and save new password $user->setScenario("reset"); if ($user->save(true, ["password", "newPassword", "newPasswordConfirm"])) { $userToken->delete(); return ["success" => true]; } return ["errors" => $user->errors]; }