[Catalyst] Change user password

I think you're best off using 'check_password' from Credential::Password

Take a look at it:
http://cpansearch.perl.org/src/FLORA/Catalyst-Plugin-Authentication-0.10016/lib/Catalyst/Authentication/Credential/Password.pm

Assuming the user is authenticated, you should try:

$c->get_auth_realm('default')->credential->check_password($c->user,
{password=>$pass});

Thanks Bogdan, works like a charm!

I noticed that the following also works:

$c->authenticate( { username => $username, password => $password_old },
'users');

Do they result in the same actions?

Well, $c->authenticate is a more complex process, it does a number of
operations , one of which is calling check_password.

$c->authenticate calls $realm->authenticate which calls
$credential->authenticate which fetches a new user object from the
store and then calls check_password to see if the stored password
(hash) matches the provided password.

Considering you just want to check the password and not reauthenticate
the user, using check_password is less overhead, saves you a trip to
the database, and it's probably cleaner.

Otherwise I doubt there's any side-efect in calling $c->authenticate
directly, and the performance overhead is probably not important, as
you would probably need to run this code quite rarely. And it's
probably more readable for people not knowing the Authentication
internals

Yeah, that's what I suspected, but I feel more confident hearing it from
an expert, thanks.

Its worth pointing out that
http://search.cpan.org/perldoc?Catalyst::Plugin::Authentication::Internals
does not document the check_password method, and so those
implementing credentials may not implement it.

I'd go with $c->authenticate as it is a documented route into the
API and should be handled by all credential modules.

Nigel.