PHPackages                             symfonycasts/reset-password-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. symfonycasts/reset-password-bundle

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

symfonycasts/reset-password-bundle
==================================

Symfony bundle that adds password reset functionality.

v1.25.0(3mo ago)5288.9M↓32.5%72[18 issues](https://github.com/SymfonyCasts/reset-password-bundle/issues)[9 PRs](https://github.com/SymfonyCasts/reset-password-bundle/pulls)20MITPHPPHP &gt;=8.1.10CI failing

Since Mar 27Pushed 1mo ago8 watchersCompare

[ Source](https://github.com/SymfonyCasts/reset-password-bundle)[ Packagist](https://packagist.org/packages/symfonycasts/reset-password-bundle)[ RSS](/packages/symfonycasts-reset-password-bundle/feed)WikiDiscussions main Synced yesterday

READMEChangelog (10)Dependencies (23)Versions (41)Used By (20)

ResetPasswordBundle: Mind-Blowing (and Secure) Password Resetting for Symfony
=============================================================================

[](#resetpasswordbundle-mind-blowing-and-secure-password-resetting-for-symfony)

[![CI](https://github.com/SymfonyCasts/reset-password-bundle/actions/workflows/ci.yaml/badge.svg)](https://github.com/SymfonyCasts/reset-password-bundle/actions/workflows/ci.yaml)

Worrying about how to deal with users that can't remember their password? We've got you covered! This bundle provides a secure out of the box solution to allow users to reset their forgotten passwords.

Installation
------------

[](#installation)

The bundle can be installed using Composer or the [Symfony binary](https://symfony.com/download):

```
composer require symfonycasts/reset-password-bundle

```

Usage
-----

[](#usage)

There are two ways to get started, the easiest and preferred way is to use Symfony's [MakerBundle](https://github.com/symfony/maker-bundle). The Maker will take care of everything from creating configuration, to generating your templates, controllers, and entities.

### Using Symfony's Maker Bundle (Recommended)

[](#using-symfonys-maker-bundle-recommended)

- Run `bin/console make:reset-password`, answer a couple questions, and enjoy our bundle!

### Setting things up manually

[](#setting-things-up-manually)

If you prefer to take care of the leg work yourself, checkout the [manual setup](https://github.com/SymfonyCasts/reset-password-bundle/blob/master/docs/manual-setup.md)guide. We still recommend using the Maker command to get a feel for how we intended the bundle to be used.

---

If you used our Symfony Maker command `bin/console make:reset-password` after installation, your app is ready to go. Go to `https://your-apps-domain/reset-password`, fill out the form, click on the link sent to your email, and change your password. That's it! The ResetPasswordBundle takes care of the rest.

The above assumes you have already setup [authentication](https://symfony.com/doc/current/security.html) with a registered user account &amp; configured Symfony's [mailer](https://symfony.com/doc/current/mailer.html) in your app.

Configuration
-------------

[](#configuration)

You can change the default configuration parameters for the bundle in the `config/packages/reset_password.yaml` config file created by Maker.

```
symfonycasts_reset_password:
    request_password_repository: App\Repository\ResetPasswordRequestRepository
    lifetime: 3600
    throttle_limit: 3600
    enable_garbage_collection: true
```

If using PHP configuration files:

 config/packages/reset\_password.php```
use App\Repository\ResetPasswordRequestRepository;
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;

return static function (ContainerConfigurator $containerConfigurator): void {
    $containerConfigurator->extension('symfonycasts_reset_password', [
        'request_password_repository' => ResetPasswordRequestRepository::class,
        'lifetime' => 3600,
        'throttle_limit' => 3600,
        'enable_garbage_collection' => true,
    ]);
};
```

The production environment may require the `default_uri` to be defined in the `config/packages/routing.yaml` to prevent the URI in emails to point to localhost.

```
# config/packages/routing.yaml
when@prod:
    framework:
        router:
            # ...
            default_uri: 'env() === 'prod') {
        $containerConfigurator->extension('framework', [
            'router' => [
                # ...
                'default_uri' => ''
            ],
        ]);
    }
```

### Parameters:

[](#parameters)

#### `request_password_repository`

[](#request_password_repository)

*Required*

The complete namespace of the repository for the `ResetPasswordRequest` entity. If you used `make:reset-password`, this will be `App\Repository\ResetPasswordRequestRepository`.

#### `lifetime`

[](#lifetime)

*Optional* - Defaults to `3600` seconds

This is the length of time a reset password request is valid for in seconds after it has been created.

#### `throttle_limit`

[](#throttle_limit)

*Optional* - Defaults to `3600` seconds

This is the length of time in seconds that must pass before a user can request a subsequent reset request.

Setting this value *equal to or higher* than `lifetime` will prevent a user from requesting a password reset before a previous reset attempt has either 1) Been successfully completed. 2) The previous request has expired.

Setting this value *lower* than `lifetime` will allow a user to make several reset password requests, even if any previous requests have *not* been successfully completed or have not expired. This would allow for cases such as a user never received the reset password request email.

#### `enable_garbage_collection`

[](#enable_garbage_collection)

*Optional* - Defaults to `true`

Enable or disable the Reset Password Cleaner which handles expired reset password requests that may have been left in persistence.

Advanced Usage
--------------

[](#advanced-usage)

### Purging `ResetPasswordRequest` objects from persistence

[](#purging-resetpasswordrequest-objects-from-persistence)

The `ResetPasswordRequestRepositoryInterface::removeRequests()` method, which is implemented in the [ResetPasswordRequestRepositoryTrait](https://github.com/SymfonyCasts/reset-password-bundle/blob/main/src/Persistence/Repository/ResetPasswordRequestRepositoryTrait.php), can be used to remove all request objects from persistence for a single user. This differs from the [garbage collection mechanism](https://github.com/SymfonyCasts/reset-password-bundle/blob/df64d82cca2ee371da5e8c03c227457069ae663e/src/Persistence/Repository/ResetPasswordRequestRepositoryTrait.php#L73)which only removes *expired* request objects for *all* users automatically.

Typically, you'd call this method when you need to remove request object(s) for a user who changed their email address due to suspicious activity and potentially has valid request objects in persistence with their "old" compromised email address.

```
// ProfileController

#[Route(path: '/profile/{id}', name: 'app_update_profile', methods: ['GET', 'POST'])]
public function profile(Request $request, User $user, ResetPasswordRequestRepositoryInterface $repository): Response
{
    $originalEmail = $user->getEmail();

    $form = $this->createFormBuilder($user)
        ->add('email', EmailType::class)
        ->add('save', SubmitType::class, ['label' => 'Save Profile'])
        ->getForm()
    ;

    $form->handleRequest($request);

    if ($form->isSubmitted() && $form->isValid()) {
        if ($originalEmail !== $user->getEmail()) {
            // The user changed their email address.
            // Remove any old reset requests for the user.
            $repository->removeRequests($user);
        }

        // Persist the user object and redirect...
    }

    return $this->render('profile.html.twig', ['form' => $form]);
}
```

Support
-------

[](#support)

Feel free to open an issue for questions, problems, or suggestions with our bundle. Issues pertaining to Symfony's Maker Bundle, specifically `make:reset-password`, should be addressed in the [Symfony Maker repository](https://github.com/symfony/maker-bundle).

Security Policy
---------------

[](#security-policy)

If you discover a security vulnerability, please do not open a public issue or pull request. Instead, please review this repository's [Security Policy](https://github.com/SymfonyCasts/reset-password-bundle/security) for instructions on how to report it responsibly.

###  Health Score

72

—

ExcellentBetter than 100% of packages

Maintenance87

Actively maintained with recent releases

Popularity68

Solid adoption and visibility

Community45

Growing community involvement

Maturity77

Established project with proven stability

 Bus Factor1

Top contributor holds 69.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~57 days

Recently: every ~125 days

Total

39

Last Release

99d ago

Major Versions

v1.22.0 → 2.x-dev2024-08-31

PHP version history (4 changes)v1.0.0-BETA1PHP ^7.2

v1.2.0PHP &gt;=7.2.5

v1.20.0PHP &gt;=8.1.10

2.x-devPHP &gt;=8.3

### Community

Maintainers

![](https://www.gravatar.com/avatar/8aa57faf031af6d7f14a231d38adf1aed19844770fb5de2f82dc61aa65b45111?d=identicon)[weaverryan](/maintainers/weaverryan)

---

Top Contributors

[![jrushlow](https://avatars.githubusercontent.com/u/40327885?v=4)](https://github.com/jrushlow "jrushlow (435 commits)")[![weaverryan](https://avatars.githubusercontent.com/u/121003?v=4)](https://github.com/weaverryan "weaverryan (95 commits)")[![bocharsky-bw](https://avatars.githubusercontent.com/u/3317635?v=4)](https://github.com/bocharsky-bw "bocharsky-bw (25 commits)")[![kbond](https://avatars.githubusercontent.com/u/127811?v=4)](https://github.com/kbond "kbond (13 commits)")[![t5810m](https://avatars.githubusercontent.com/u/34162365?v=4)](https://github.com/t5810m "t5810m (6 commits)")[![Copilot](https://avatars.githubusercontent.com/in/1143301?v=4)](https://github.com/Copilot "Copilot (3 commits)")[![OskarStark](https://avatars.githubusercontent.com/u/995707?v=4)](https://github.com/OskarStark "OskarStark (2 commits)")[![VincentLanglet](https://avatars.githubusercontent.com/u/9052536?v=4)](https://github.com/VincentLanglet "VincentLanglet (2 commits)")[![MolloKhan](https://avatars.githubusercontent.com/u/3451985?v=4)](https://github.com/MolloKhan "MolloKhan (2 commits)")[![Crovitche-1623](https://avatars.githubusercontent.com/u/35468476?v=4)](https://github.com/Crovitche-1623 "Crovitche-1623 (2 commits)")[![thomas2411](https://avatars.githubusercontent.com/u/992685?v=4)](https://github.com/thomas2411 "thomas2411 (2 commits)")[![DennisdeBest](https://avatars.githubusercontent.com/u/15683927?v=4)](https://github.com/DennisdeBest "DennisdeBest (1 commits)")[![dennis-g](https://avatars.githubusercontent.com/u/451424?v=4)](https://github.com/dennis-g "dennis-g (1 commits)")[![dfridrich](https://avatars.githubusercontent.com/u/3758421?v=4)](https://github.com/dfridrich "dfridrich (1 commits)")[![dragosholban](https://avatars.githubusercontent.com/u/1357968?v=4)](https://github.com/dragosholban "dragosholban (1 commits)")[![erkhembayar-gantulga](https://avatars.githubusercontent.com/u/205824?v=4)](https://github.com/erkhembayar-gantulga "erkhembayar-gantulga (1 commits)")[![Flower7C3](https://avatars.githubusercontent.com/u/3767861?v=4)](https://github.com/Flower7C3 "Flower7C3 (1 commits)")[![glaubinix](https://avatars.githubusercontent.com/u/442056?v=4)](https://github.com/glaubinix "glaubinix (1 commits)")[![idmarinas](https://avatars.githubusercontent.com/u/35842929?v=4)](https://github.com/idmarinas "idmarinas (1 commits)")[![jbonnier](https://avatars.githubusercontent.com/u/14863969?v=4)](https://github.com/jbonnier "jbonnier (1 commits)")

---

Tags

forget-passwordforgot-passwordpassword-recoverypassword-resetreset-passwordsymfonysymfony-bundle

### Embed Badge

![Health badge](/badges/symfonycasts-reset-password-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/symfonycasts-reset-password-bundle/health.svg)](https://phpackages.com/packages/symfonycasts-reset-password-bundle)
```

###  Alternatives

[easycorp/easyadmin-bundle

Admin generator for Symfony applications

4.3k17.9M388](/packages/easycorp-easyadmin-bundle)[symfony/security-bundle

Provides a tight integration of the Security component into the Symfony full-stack framework

2.5k185.6M2.4k](/packages/symfony-security-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
