public function updatePassword(UserModel $user, $newPassword, $oldPassword = null)
 {
     if (!$user->getId()) {
         throw new InvalidArgumentException('Supplied user model does not have an Id');
     }
     if (!$newPassword) {
         throw new InvalidArgumentException('newPassword param not given');
     }
     $userId = $user->getId();
     // Fetch password hashing resource
     $bootstrap = \Zend_Controller_Front::getInstance()->getParam('bootstrap');
     $phpass = $bootstrap->getResource('PHPass');
     if ($oldPassword && !$phpass->checkPassword($oldPassword, $user->getPassword())) {
         throw new \Application\Exceptions\ValidateException("Invalid old password given", ValidationCodes::USER_INVALID_PASSWORD);
     }
     // Validate password
     $user->setPassword($newPassword);
     $this->validatePassword($user);
     // Store a hashed version of the password in the user profile
     $user->setPassword($phpass->hashPassword($newPassword));
     $user->setLastPasswordChange(time());
     // Update last used passwords
     $lastUsedPasswordsLimit = \App::config('lastUsedPasswordsLimit', 10);
     $lastUsedPasswords = $this->getLastUsedPasswords($userId);
     if (!$lastUsedPasswords) {
         $lastUsedPasswords = array();
     }
     if (count($lastUsedPasswords) >= $lastUsedPasswordsLimit) {
         $limit = $lastUsedPasswordsLimit - 1;
         $lastUsedPasswords = array_slice($lastUsedPasswords, $limit * -1, $limit);
     }
     array_push($lastUsedPasswords, sha1($newPassword));
     UserMapper::getInstance()->insertLastUsedPasswords($user->id, $lastUsedPasswords);
     // Persist the changes
     $user->save();
     // Remove old token if exists
     $userMapper = \Application\Model\Mapper\UserMapper::getInstance();
     $userMapper->removeLostPasswordToken($user->getId());
     \App::audit('Updated password for user with Id ' . $user->getId(), $user);
     $this->_sendEvent('update', $user);
     return $user;
 }