private function verifyPassword(User $user, string $password) { if (!password_verify($password, $user->getPassword())) { throw LoginFailedException::invalidCredentials(); } if (password_needs_rehash($user->getPassword(), $this->algorithm, $this->passwordOptions)) { $user->setPassword(password_hash($password, $this->algorithm, $this->passwordOptions)); $this->userRepository->update($user); } }