private function verifyPassword(User $user, string $password) { if (!password_verify($password, $user->getPassword())) { throw LoginFailedException::invalidCredentials(); } if (password_needs_rehash($user->getPassword(), $this->algorithm, $this->passwordOptions)) { $user->setPassword(password_hash($password, $this->algorithm, $this->passwordOptions)); $this->userRepository->update($user); } }
public function it_can_login_a_user_and_rehash_password(User $user, Token $token) { $email = '*****@*****.**'; $password = '******'; $this->userRepository->getByEmailAddress(EmailAddress::get($email))->willReturn($user); $user->getPassword()->willReturn(password_hash($password, PASSWORD_BCRYPT, ['cost' => 4])); $user->setPassword(new Argument\Token\StringContainsToken('$2y$10$'))->willReturn($user); $this->userRepository->update($user)->shouldBeCalled(); $this->tokenService->createTokenForUser($user)->willReturn($token); $this->login($email, $password)->shouldReturn($token); }