private function verifyPassword(User $user, string $password)
{
if (!password_verify($password, $user->getPassword())) {
throw LoginFailedException::invalidCredentials();
}
if (password_needs_rehash($user->getPassword(), $this->algorithm, $this->passwordOptions)) {
$user->setPassword(password_hash($password, $this->algorithm, $this->passwordOptions));
$this->userRepository->update($user);
}
}
