_user = User::findByPasswordResetToken($token); if (!$this->_user) { throw new InvalidParamException('Wrong password reset token.'); } parent::__construct($config); } /** * {@inheritdoc} */ public function rules() { return [ ['password', 'required'], ['password', 'string', 'min' => 6], ]; } /** * Resets password. * * @return bool if password was reset. */ public function resetPassword() { $user = $this->_user; $user->setPassword($this->password); $user->removePasswordResetToken(); return $user->save(false); } }