Is there a way to hook into the
user_pass_reset form to detect if the provided hash is valid? Currently it seems to just throw a 403 error when submitting the form if the hash has already been used to change the password.
hook_form_alter(), I can retrieve the hash itself with
explode("/",$ form['#action']), but am unsure how to check if it’s already been used or not, or if it’s expired. I see that this information might be part of the
UserController class, but I’m not sure how to retrieve that.