Magento 2 – send customer password reset mail programmatically
I show you how to send customer password reset mail programmatically. A common problem for shows that migrate customer data from an older Magento shop or third party system is, that passwords are stored hashed. So it is impossible, that a user can use his old password. For this, you need to inform all imported customers to reset their password. You can use Magento 2 base functionality for this quite easy.
Magento 2 – send customer password reset mail programmatically
Interaction with customers is a core functionality in Magento 2. Passwort reset mails are one of them. They can be sent from Magento backend from a shop admin or on frontend by a customer, who has forgotten his password. It is also possible to do this by code without any manual interaction.
Passwords are stored in form of a salted hash value, so it is possible to check if the password from input is correct, but it is impossible to get its password string. For security reasons, this is a standard for all web applications. You will run into a problem if you programmatically create customers, for example from a third party erp system. Normally it is not possible to create this password hash, because you shouldn’t know user passwords. If you do, something is wrong with your security!!! All programmatically created users need to reset their passwords. For this you can send them a password reset mail.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | class ResetPassword { protected $_customerAccountManagement; public function __construct( \Magento\Framework\App\Helper\Context $context, \Magento\Customer\Api\AccountManagementInterface $customerAccountManagement ) { $this->_customerAccountManagement = $customerAccountManagement; parent::__construct($context); } public function sendPasswordResetMail($customer) { $email = $customer->getEmail(); try { $this->_customerAccountManagement->initiatePasswordReset( $email, AccountManagement::EMAIL_RESET, $customer->getWebsiteId() ); } catch (NoSuchEntityException $e) { // Do nothing, we don't want anyone to use this action to determine which email accounts are registered. } catch (\Exception $exception) { echo "error: ".$exception->getMessage()."\n"; } } } |
You can send password reset mails from CustomerAccountManagement, so we inject it in our constructor. We need 2 things to call initiatePasswordReset:
- email
the customers email address - website id
this is optional if you only have one website. If not you must need to it!
You simply need to call initiatePasswordReset. If everything works, your customer will get a password reset mail. If not, there are two catch blocks for exception. The first one (NoSuchEntityException) should not return anything. This error occurs, if there is no user with that email address. It is good to protect that information from attackers! The second catch block returns basic errors. A common error is a wrong website id.
Conclusion
With just some lines of code you can solve problems for customer import and unknown passwords. You are able to send customer password reset mail programmatically.
