/**
* Changes user password
*
* @param string $current Current password
* @param string $new New password
* @param string $confirm Confirm new password
* @throws Exception
* @return array User array
*/
public function changePassword($email, $current, $new, $confirm)
{
if (!$new || !$confirm) {
throw new \InvalidArgumentException('New and confirm password are both required.');
}
if ($new !== $confirm) {
throw new \InvalidArgumentException('New and confirm passwords must match.');
}
if (strlen($new) < 8) {
throw new \InvalidArgumentException('Password must be at least 8 characters in length.');
}
$authResult = $this->authenticate($email, $current);
if (!$authResult->isValid()) {
throw new \Exception('Your current password is incorrect.');
}
$newHash = password_hash($new, PASSWORD_DEFAULT);
$user = $this->dao->findByEmail($email);
$user = $this->dao->changePassword($user['id'], $newHash);
$this->authenticate($email, $new);
if (!$authResult->isValid()) {
throw new \Exception('Your password was changed but there was an issue reauthenticating. PLease log out and back in with your new password.');
}
unset($user['password_hash']);
return $user;
}
public function testChangePassword()
{
$user = $this->dao->findByEmail($this->user['email']);
$password = $user['password_hash'];
$newPasswordHash = 'this_is_a_password_h@sh';
$updatedUser = $this->dao->changePassword($user['id'], $newPasswordHash);
$this->assertEquals($newPasswordHash, $updatedUser['password_hash']);
}