/** * Validate a user against the given credentials. * * @param \Illuminate\Contracts\Auth\Authenticatable $user * @param array $credentials * @return bool */ public function validateCredentials(UserContract $user, array $credentials) { $plain = $credentials['password']; $legacyHasher = $user->getAuthObject(); if ($legacyHasher !== false) { if (!$legacyHasher->check($plain, $user->getAuthPassword())) { return false; } $user->password = $this->hasher->make($plain); $user->password_legacy = null; $user->save(); return true; } return $this->hasher->check($plain, $user->getAuthPassword()); }