lonnieezell · najdanovicivan · May 8, 2020 · lonnieezell · Jun 10, 2021 · lonnieezell
diff --git a/src/Authentication/AuthenticatorInterface.php b/src/Authentication/AuthenticatorInterface.php
@@ -32,6 +32,16 @@ public function check(): bool;
      */
     public function validate(array $credentials, bool $returnUser=false);
 
+    /**
+     * Validates the user password
+     *
+     * @param User $user
+     * @param string $password
+     *
+     * @return bool
+     */
+    public function validate_password(User $user, string $password) : bool;
+
     /**
      * Returns the User instance for the current logged in user.
      *

diff --git a/src/Authentication/LocalAuthenticator.php b/src/Authentication/LocalAuthenticator.php
@@ -161,9 +161,7 @@ public function validate(array $credentials, bool $returnUser=false)
         }
 
         // Now, try matching the passwords.
-        $result = password_verify(base64_encode(
-            hash('sha384', $password, true)
-        ), $user->password_hash);
+        $result = $this->validate_password($user, $password);
 
         if (! $result)
         {
@@ -186,4 +184,23 @@ public function validate(array $credentials, bool $returnUser=false)
             : true;
     }
 
+    /**
+     * Validates the user password
+     *
+     * @param User $user
+     * @param string $password
+     *
+     * @return bool
+     */
+    public function validate_password(User $user, string $password) : bool
-    public function validate_password(User $user, string $password) : bool
+    public function validatePassword(User $user, string $password) : bool
-    public function validate_password(User $user, string $password) : bool
+    public function validatePassword(User $user, string $password) : bool
+    {
+        // Can't validate without a password.
+        if (empty($credentials['password']) || count($credentials) < 2)
+        {
+            return password_verify(base64_encode(
+                hash('sha384', $password, true)
+            ), $user->password_hash);
+        }
+    }
+
 }
diff --git a/src/Authentication/Passwords/ValidationRules.php b/src/Authentication/Passwords/ValidationRules.php
@@ -60,6 +60,27 @@ public function strong_password(string $value, string &$error1 = null, array $da
         return $result;
     }
 
+    /**
+     * A validation helper method to check if the passed
-     * A validation helper method to check if the passed
+     * A validation helper method to check if the 
-     * A validation helper method to check if the passed
+     * A validation helper method to check if the 
+     * current user's password is valid
+     *
+     * @param string $password
+     *
+     * @return bool
+     */
+    public function valid_password(string $password)
+    {
+        helper('auth');
+        $user = user();
+
+        if (empty($user)) {
+            return false;
+        }
+
+        $authenticate = \Config\Services::authentication();
+        return  $authenticate->validate_password($user, $password);
+    }
+
     /**
      * Builds a new user instance from the global request.
      *

diff --git a/src/Language/en/Validation.php b/src/Language/en/Validation.php
@@ -0,0 +1,5 @@
+<?php
+
+return [
+    'valid_password'      => 'The {field} is not valid.',
+];