How to check if a password reset token is still valid?

Is there a way to hook into the user_pass_reset form to detect if the provided hash is valid? Currently it seems to just throw a 403 error when submitting the form if the hash has already been used to change the password.

Using hook_form_alter(), I can retrieve the hash itself with explode("/",$ form['#action'])[5], but am unsure how to check if it’s already been used or not, or if it’s expired. I see that this information might be part of the UserController class, but I’m not sure how to retrieve that.