@adonisjs/auth 10.0.0-next.4 → 10.0.0-next.5

package/build/modules/access_tokens_guard/define_config.d.ts

@@ -6,6 +6,16 @@ import { AccessTokensLucidUserProvider } from './user_providers/lucid.ts';
 import type { LucidTokenable, AccessTokensUserProviderContract, AccessTokensLucidUserProviderOptions } from './types.ts';
 /**
  * Configures access tokens guard for authentication
+ *
+ * @param config - Configuration object containing the user provider
+ *
+ * @example
+ * const guard = tokensGuard({
+ *   provider: tokensUserProvider({
+ *     model: () => import('#models/user'),
+ *     tokens: 'accessTokens'
+ *   })
+ * })
  */
 export declare function tokensGuard<UserProvider extends AccessTokensUserProviderContract<unknown>>(config: {
     provider: UserProvider | ConfigProvider<UserProvider>;
@@ -13,5 +23,13 @@ export declare function tokensGuard<UserProvider extends AccessTokensUserProvide
 /**
  * Configures user provider that uses Lucid models to verify
  * access tokens and find users during authentication.
+ *
+ * @param config - Configuration options for the Lucid user provider
+ *
+ * @example
+ * const userProvider = tokensUserProvider({
+ *   model: () => import('#models/user'),
+ *   tokens: 'accessTokens'
+ * })
  */
 export declare function tokensUserProvider<TokenableProperty extends string, Model extends LucidTokenable<TokenableProperty>>(config: AccessTokensLucidUserProviderOptions<TokenableProperty, Model>): AccessTokensLucidUserProvider<TokenableProperty, Model>;

package/build/modules/access_tokens_guard/types.d.ts

@@ -102,12 +102,16 @@ export type AccessTokenDbColumns = {
     last_used_at: null | Date;
 };
 /**
- * Access token providers are used verify an access token
- * during authentication
+ * Access token providers are used to verify an access token
+ * during authentication and manage token lifecycle
  */
 export interface AccessTokensProviderContract<Tokenable extends LucidModel> {
     /**
      * Create a token for a given user
+     *
+     * @param user - The user instance to create a token for
+     * @param abilities - Optional array of abilities the token should have
+     * @param options - Optional token configuration including name and expiration
      */
     create(user: InstanceType<Tokenable>, abilities?: string[], options?: {
         name?: string;
@@ -116,10 +120,14 @@ export interface AccessTokensProviderContract<Tokenable extends LucidModel> {
     /**
      * Verifies a publicly shared access token and returns an
      * access token for it.
+     *
+     * @param tokenValue - The token value to verify
      */
     verify(tokenValue: Secret<string>): Promise<AccessToken | null>;
     /**
      * Invalidates a token identified by its publicly shared token
+     *
+     * @param tokenValue - The token value to invalidate
      */
     invalidate(tokenValue: Secret<string>): Promise<boolean>;
 }
@@ -146,11 +154,17 @@ export type AccessTokensLucidUserProviderOptions<TokenableProperty extends strin
  * and the guard.
  *
  * The guard is user provider agnostic and therefore it
- * needs a adapter to known some basic info about the
+ * needs an adapter to know some basic info about the
  * user.
  */
 export type AccessTokensGuardUser<RealUser> = {
+    /**
+     * Get the unique identifier for the user
+     */
     getId(): string | number | BigInt;
+    /**
+     * Get the original user object from the provider
+     */
     getOriginal(): RealUser;
 };
 /**
@@ -162,10 +176,16 @@ export interface AccessTokensUserProviderContract<RealUser> {
     /**
      * Create a user object that acts as an adapter between
      * the guard and real user value.
+     *
+     * @param user - The real user object from the provider
      */
     createUserForGuard(user: RealUser): Promise<AccessTokensGuardUser<RealUser>>;
     /**
      * Create a token for a given user
+     *
+     * @param user - The user to create a token for
+     * @param abilities - Optional array of abilities the token should have
+     * @param options - Optional token configuration including name and expiration
      */
     createToken(user: RealUser, abilities?: string[], options?: {
         name?: string;
@@ -173,14 +193,20 @@ export interface AccessTokensUserProviderContract<RealUser> {
     }): Promise<AccessToken>;
     /**
      * Invalidates a token identified by its publicly shared token.
+     *
+     * @param tokenValue - The token value to invalidate
      */
     invalidateToken(tokenValue: Secret<string>): Promise<boolean>;
     /**
      * Find a user by the user id.
+     *
+     * @param identifier - The unique identifier of the user
      */
     findById(identifier: string | number | BigInt): Promise<AccessTokensGuardUser<RealUser> | null>;
     /**
      * Verify a token by its publicly shared value.
+     *
+     * @param tokenValue - The token value to verify
      */
     verifyToken(tokenValue: Secret<string>): Promise<AccessToken | null>;
 }

package/build/modules/basic_auth_guard/define_config.d.ts

@@ -5,13 +5,29 @@ import type { GuardConfigProvider } from '../../src/types.ts';
 import { BasicAuthLucidUserProvider } from './user_providers/lucid.ts';
 import type { LucidAuthenticatable, BasicAuthUserProviderContract, BasicAuthLucidUserProviderOptions } from './types.ts';
 /**
- * Configures basic auth guard for authentication
+ * Configures basic auth guard for authentication using HTTP Basic Authentication
+ *
+ * @param config - Configuration object containing the user provider
+ *
+ * @example
+ * const guard = basicAuthGuard({
+ *   provider: basicAuthUserProvider({
+ *     model: () => import('#models/user')
+ *   })
+ * })
  */
 export declare function basicAuthGuard<UserProvider extends BasicAuthUserProviderContract<unknown>>(config: {
     provider: UserProvider | ConfigProvider<UserProvider>;
 }): GuardConfigProvider<(ctx: HttpContext) => BasicAuthGuard<UserProvider>>;
 /**
  * Configures user provider that uses Lucid models to authenticate
- * users using basic auth
+ * users using basic auth credentials
+ *
+ * @param config - Configuration options for the Lucid user provider
+ *
+ * @example
+ * const userProvider = basicAuthUserProvider({
+ *   model: () => import('#models/user')
+ * })
  */
 export declare function basicAuthUserProvider<Model extends LucidAuthenticatable>(config: BasicAuthLucidUserProviderOptions<Model>): BasicAuthLucidUserProvider<Model>;

package/build/modules/basic_auth_guard/guard.d.ts

@@ -51,17 +51,47 @@ export declare class BasicAuthGuard<UserProvider extends BasicAuthUserProviderCo
      * the request is not authenticated.
      */
     user?: UserProvider[typeof PROVIDER_REAL_USER];
+    /**
+     * Creates a new BasicAuthGuard instance
+     *
+     * @param name - Unique name for the guard instance
+     * @param ctx - HTTP context for the current request
+     * @param emitter - Event emitter for guard events
+     * @param userProvider - User provider for credential verification
+     *
+     * @example
+     * const guard = new BasicAuthGuard(
+     *   'basic',
+     *   ctx,
+     *   emitter,
+     *   new BasicAuthLucidUserProvider()
+     * )
+     */
     constructor(name: string, ctx: HttpContext, emitter: EmitterLike<BasicAuthGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>>, userProvider: UserProvider);
     /**
      * Returns an instance of the authenticated user. Or throws
      * an exception if the request is not authenticated.
+     *
+     * @throws {E_UNAUTHORIZED_ACCESS} When user is not authenticated
+     *
+     * @example
+     * const user = guard.getUserOrFail()
+     * console.log('User:', user.email)
      */
     getUserOrFail(): UserProvider[typeof PROVIDER_REAL_USER];
     /**
      * Authenticates the incoming HTTP request by looking for BasicAuth
      * credentials inside the request authorization header.
      *
-     * Returns the authenticated user or throws an exception.
+     * @throws {E_UNAUTHORIZED_ACCESS} When authentication fails
+     *
+     * @example
+     * try {
+     *   const user = await guard.authenticate()
+     *   console.log('Authenticated as:', user.email)
+     * } catch (error) {
+     *   console.log('Authentication failed')
+     * }
      */
     authenticate(): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
     /**
@@ -69,11 +99,24 @@ export declare class BasicAuthGuard<UserProvider extends BasicAuthUserProviderCo
      *
      * The method returns a boolean indicating if the authentication
      * succeeded or failed.
+     *
+     * @example
+     * const isAuthenticated = await guard.check()
+     * if (isAuthenticated) {
+     *   console.log('User is authenticated:', guard.user.email)
+     * }
      */
     check(): Promise<boolean>;
     /**
-     * Does not support authenticating as client. Instead use "basicAuth"
-     * helper on Japa APIClient
+     * Returns the Authorization header clients can use to authenticate
+     * the request using basic auth.
+     *
+     * @param uid - The username or user identifier
+     * @param password - The user's password
+     *
+     * @example
+     * const clientAuth = await guard.authenticateAsClient('user@example.com', 'secret')
+     * // Use clientAuth.headers.authorization in API tests
      */
     authenticateAsClient(uid: string, password: string): Promise<AuthClientResponse>;
 }

package/build/modules/basic_auth_guard/types.d.ts

@@ -10,6 +10,9 @@ export type LucidAuthenticatable = LucidModel & {
     /**
      * Verify credentials method should return the user instance
      * or throw an exception
+     *
+     * @param uid - The username or user identifier
+     * @param password - The password to verify
      */
     verifyCredentials(uid: string, password: string): Promise<InstanceType<LucidAuthenticatable>>;
 };
@@ -31,11 +34,17 @@ export type BasicAuthLucidUserProviderOptions<Model extends LucidAuthenticatable
  * and the guard.
  *
  * The guard is user provider agnostic and therefore it
- * needs a adapter to known some basic info about the
+ * needs an adapter to know some basic info about the
  * user.
  */
 export type BasicAuthGuardUser<RealUser> = {
+    /**
+     * Get the unique identifier for the user
+     */
     getId(): string | number | BigInt;
+    /**
+     * Get the original user object from the provider
+     */
     getOriginal(): RealUser;
 };
 /**
@@ -47,11 +56,16 @@ export interface BasicAuthUserProviderContract<RealUser> {
     /**
      * Create a user object that acts as an adapter between
      * the guard and real user value.
+     *
+     * @param user - The real user object from the provider
      */
     createUserForGuard(user: RealUser): Promise<BasicAuthGuardUser<RealUser>>;
     /**
      * Verify user credentials and must return an instance of the
      * user back or null when the credentials are invalid
+     *
+     * @param uid - The username or user identifier
+     * @param password - The password to verify
      */
     verifyCredentials(uid: string, password: string): Promise<BasicAuthGuardUser<RealUser> | null>;
 }

package/build/modules/basic_auth_guard/user_providers/lucid.d.ts

@@ -39,14 +39,33 @@ export declare class BasicAuthLucidUserProvider<UserModel extends LucidAuthentic
     /**
      * Imports the model from the provider, returns and caches it
      * for further operations.
+     *
+     * @example
+     * const UserModel = await provider.getModel()
+     * const user = await UserModel.find(1)
      */
     protected getModel(): Promise<UserModel>;
     /**
      * Creates an adapter user for the guard
+     *
+     * @param user - The user model instance
+     *
+     * @example
+     * const guardUser = await provider.createUserForGuard(user)
+     * console.log('User ID:', guardUser.getId())
      */
     createUserForGuard(user: InstanceType<UserModel>): Promise<BasicAuthGuardUser<InstanceType<UserModel>>>;
     /**
      * Verifies credentials using the underlying model
+     *
+     * @param uid - The username or user identifier
+     * @param password - The password to verify
+     *
+     * @example
+     * const guardUser = await provider.verifyCredentials('user@example.com', 'secret')
+     * if (guardUser) {
+     *   console.log('Valid credentials')
+     * }
      */
     verifyCredentials(uid: string, password: string): Promise<BasicAuthGuardUser<InstanceType<UserModel>> | null>;
 }

package/build/modules/session_guard/define_config.d.ts

@@ -5,7 +5,17 @@ import type { GuardConfigProvider } from '../../src/types.ts';
 import { SessionLucidUserProvider } from './user_providers/lucid.ts';
 import type { SessionGuardOptions, LucidAuthenticatable, SessionUserProviderContract, SessionLucidUserProviderOptions, SessionWithTokensUserProviderContract } from './types.ts';
 /**
- * Configures session tokens guard for authentication
+ * Configures session guard for authentication using HTTP sessions
+ *
+ * @param config - Configuration object containing the user provider and session options
+ *
+ * @example
+ * const guard = sessionGuard({
+ *   useRememberMeTokens: false,
+ *   provider: sessionUserProvider({
+ *     model: () => import('#models/user')
+ *   })
+ * })
  */
 export declare function sessionGuard<UseRememberTokens extends boolean, UserProvider extends UseRememberTokens extends true ? SessionWithTokensUserProviderContract<unknown> : SessionUserProviderContract<unknown>>(config: {
     provider: UserProvider | ConfigProvider<UserProvider>;
@@ -13,5 +23,12 @@ export declare function sessionGuard<UseRememberTokens extends boolean, UserProv
 /**
  * Configures user provider that uses Lucid models to authenticate
  * users using sessions
+ *
+ * @param config - Configuration options for the Lucid user provider
+ *
+ * @example
+ * const userProvider = sessionUserProvider({
+ *   model: () => import('#models/user')
+ * })
  */
 export declare function sessionUserProvider<Model extends LucidAuthenticatable>(config: SessionLucidUserProviderOptions<Model>): SessionLucidUserProvider<Model>;

package/build/modules/session_guard/guard.d.ts

@@ -106,32 +106,71 @@ export declare class SessionGuard<UseRememberTokens extends boolean, UserProvide
     /**
      * Returns an instance of the authenticated user. Or throws
      * an exception if the request is not authenticated.
+     *
+     * @throws {E_UNAUTHORIZED_ACCESS} When user is not authenticated
+     *
+     * @example
+     * const user = guard.getUserOrFail()
+     * console.log('User:', user.email)
      */
     getUserOrFail(): UserProvider[typeof PROVIDER_REAL_USER];
     /**
      * Login user using sessions. Optionally, you can also create
      * a remember me token to automatically login user when their
      * session expires.
+     *
+     * @param user - The user to login
+     * @param remember - Whether to create a remember me token
+     *
+     * @example
+     * await guard.login(user, true)
+     * console.log('User logged in with remember me token')
      */
     login(user: UserProvider[typeof PROVIDER_REAL_USER], remember?: boolean): Promise<void>;
     /**
      * Logout a user by removing its state from the session
      * store and delete the remember me cookie (if any).
+     *
+     * @example
+     * await guard.logout()
+     * console.log('User logged out successfully')
      */
     logout(): Promise<void>;
     /**
-     * Authenticate the current HTTP request by verifying the bearer
-     * token or fails with an exception
+     * Authenticate the current HTTP request by verifying the session
+     * or remember me token and fails with an exception if authentication fails
+     *
+     * @throws {E_UNAUTHORIZED_ACCESS} When authentication fails
+     *
+     * @example
+     * try {
+     *   const user = await guard.authenticate()
+     *   console.log('Authenticated as:', user.email)
+     * } catch (error) {
+     *   console.log('Authentication failed')
+     * }
      */
     authenticate(): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
     /**
      * Silently check if the user is authenticated or not, without
      * throwing any exceptions
+     *
+     * @example
+     * const isAuthenticated = await guard.check()
+     * if (isAuthenticated) {
+     *   console.log('User is authenticated:', guard.user.email)
+     * }
      */
     check(): Promise<boolean>;
     /**
      * Returns the session info for the clients to send during
      * an HTTP request to mark the user as logged-in.
+     *
+     * @param user - The user to authenticate as
+     *
+     * @example
+     * const clientAuth = await guard.authenticateAsClient(user)
+     * // Use clientAuth.session in API tests
      */
     authenticateAsClient(user: UserProvider[typeof PROVIDER_REAL_USER]): Promise<AuthClientResponse>;
 }

package/build/modules/session_guard/types.d.ts

@@ -30,27 +30,39 @@ export type DbRememberMeTokensProviderOptions<TokenableModel extends LucidModel>
     tokenSecretLength?: number;
 };
 /**
- * Remember me token providers are used verify a remember me
+ * Remember me token providers are used to verify a remember me
  * token during authentication
  */
 export interface RememberMeTokensProviderContract<Tokenable extends LucidModel> {
     /**
      * Create a token for a given user
+     *
+     * @param user - The user instance to create a token for
+     * @param expiresIn - Token expiration time
      */
     create(user: InstanceType<Tokenable>, expiresIn: string | number): Promise<RememberMeToken>;
     /**
      * Verifies the remember me token shared as cookie and returns an
      * instance of remember me token
+     *
+     * @param tokenValue - The token value to verify
      */
     verify(tokenValue: Secret<string>): Promise<RememberMeToken | null>;
     /**
      * Delete token for a user by the token identifier.
+     *
+     * @param user - The user that owns the token
+     * @param identifier - The token identifier to delete
      */
     delete(user: InstanceType<Tokenable>, identifier: string | number | BigInt): Promise<number>;
     /**
      * Recycle an existing token by its id. Recycling tokens helps
      * detect compromised tokens.
      * https://web.archive.org/web/20130214051957/http://jaspan.com/improved_persistent_login_cookie_best_practice
+     *
+     * @param user - The user that owns the token
+     * @param identifier - The token identifier to recycle
+     * @param expiresIn - New expiration time
      */
     recycle(user: InstanceType<Tokenable>, identifier: string | number | BigInt, expiresIn: string | number): Promise<RememberMeToken>;
 }
@@ -111,11 +123,17 @@ export type RememberMeTokenDbColumns = {
  * and the guard.
  *
  * The guard is user provider agnostic and therefore it
- * needs a adapter to known some basic info about the
+ * needs an adapter to know some basic info about the
  * user.
  */
 export type SessionGuardUser<RealUser> = {
+    /**
+     * Get the unique identifier for the user
+     */
     getId(): string | number | BigInt;
+    /**
+     * Get the original user object from the provider
+     */
     getOriginal(): RealUser;
 };
 /**
@@ -127,10 +145,14 @@ export interface SessionUserProviderContract<RealUser> {
     /**
      * Create a user object that acts as an adapter between
      * the guard and real user value.
+     *
+     * @param user - The real user object from the provider
      */
     createUserForGuard(user: RealUser): Promise<SessionGuardUser<RealUser>>;
     /**
      * Find a user by their id.
+     *
+     * @param identifier - The unique identifier of the user
      */
     findById(identifier: string | number | BigInt): Promise<SessionGuardUser<RealUser> | null>;
 }
@@ -141,21 +163,33 @@ export interface SessionWithTokensUserProviderContract<RealUser> extends Session
     /**
      * Create a token for a given user. Must be implemented when
      * "supportsRememberMeTokens" flag is true
+     *
+     * @param user - The user to create a token for
+     * @param expiresIn - Token expiration time
      */
     createRememberToken(user: RealUser, expiresIn: string | number): Promise<RememberMeToken>;
     /**
      * Verify a token by its publicly shared value. Must be implemented when
      * "supportsRememberMeTokens" flag is true
+     *
+     * @param tokenValue - The token value to verify
      */
     verifyRememberToken(tokenValue: Secret<string>): Promise<RememberMeToken | null>;
     /**
      * Recycle a token for a user by the token identifier. Must be
      * implemented when "supportsRememberMeTokens" flag is true
+     *
+     * @param user - The user that owns the token
+     * @param tokenIdentifier - The token identifier to recycle
+     * @param expiresIn - New expiration time
      */
     recycleRememberToken(user: RealUser, tokenIdentifier: string | number | BigInt, expiresIn: string | number): Promise<RememberMeToken>;
     /**
      * Delete a token for a user by the token identifier. Must be
      * implemented when "supportsRememberMeTokens" flag is true
+     *
+     * @param user - The user that owns the token
+     * @param tokenIdentifier - The token identifier to delete
      */
     deleteRemeberToken(user: RealUser, tokenIdentifier: string | number | BigInt): Promise<number>;
 }

package/build/src/auth_manager.d.ts

@@ -12,7 +12,11 @@ export declare class AuthManager<KnownGuards extends Record<string, GuardFactory
         guards: KnownGuards;
     };
     /**
-     * Name of the default guard
+     * Name of the default guard configured in the auth configuration
+     *
+     * @example
+     * const manager = new AuthManager({ default: 'web', guards: {} })
+     * console.log(manager.defaultGuard) // 'web'
      */
     get defaultGuard(): keyof KnownGuards;
     /**

package/build/src/authenticator.d.ts

@@ -7,24 +7,41 @@ import type { GuardFactory } from './types.ts';
 export declare class Authenticator<KnownGuards extends Record<string, GuardFactory>> {
     #private;
     /**
-     * Name of the default guard
+     * Name of the default guard configured in the auth configuration
+     *
+     * @example
+     * const defaultGuard = auth.defaultGuard
+     * console.log(defaultGuard) // 'web'
      */
     get defaultGuard(): keyof KnownGuards;
     /**
      * Reference to the guard using which the current
-     * request has been authenticated.
+     * request has been authenticated. Returns undefined if
+     * authentication has not been attempted or failed.
+     *
+     * @example
+     * await auth.authenticate()
+     * console.log(auth.authenticatedViaGuard) // 'web'
      */
     get authenticatedViaGuard(): keyof KnownGuards | undefined;
     /**
      * A boolean to know if the current request has been authenticated. The
      * property returns false when "authenticate" or "authenticateUsing"
      * methods are not used.
+     *
+     * @example
+     * await auth.authenticate()
+     * console.log(auth.isAuthenticated) // true
      */
     get isAuthenticated(): boolean;
     /**
      * Reference to the currently authenticated user. The property returns
      * undefined when "authenticate" or "authenticateUsing" methods are
      * not used.
+     *
+     * @example
+     * await auth.authenticate()
+     * console.log(auth.user?.email)
      */
     get user(): {
         [K in keyof KnownGuards]: ReturnType<KnownGuards[K]>['user'];
@@ -34,6 +51,10 @@ export declare class Authenticator<KnownGuards extends Record<string, GuardFacto
      * the current request. The property returns false when the
      * "authenticate" or "authenticateUsing" methods are not
      * used.
+     *
+     * @example
+     * await auth.check()
+     * console.log(auth.authenticationAttempted) // true
      */
     get authenticationAttempted(): boolean;
     /**

package/build/src/authenticator_client.d.ts

@@ -8,7 +8,11 @@ import type { GuardFactory } from './types.ts';
 export declare class AuthenticatorClient<KnownGuards extends Record<string, GuardFactory>> {
     #private;
     /**
-     * Name of the default guard
+     * Name of the default guard configured in the auth configuration
+     *
+     * @example
+     * const client = new AuthenticatorClient({ default: 'web', guards: {} })
+     * console.log(client.defaultGuard) // 'web'
      */
     get defaultGuard(): keyof KnownGuards;
     /**

package/build/src/debug.d.ts

@@ -1,2 +1,9 @@
+/**
+ * Debug logger instance for the AdonisJS auth package.
+ * Set NODE_DEBUG=adonisjs:auth environment variable to enable debug logging.
+ *
+ * @example
+ * debug('authenticating user %s', user.email)
+ */
 declare const _default: import("node:util").DebugLogger;
 export default _default;

package/build/src/errors.d.ts

@@ -68,7 +68,13 @@ export declare const E_UNAUTHORIZED_ACCESS: {
         stack?: string;
         cause?: unknown;
     };
+    /**
+     * HTTP status code for unauthorized access
+     */
     status: number;
+    /**
+     * Error code identifier
+     */
     code: string;
     help?: string;
     message?: string;
@@ -126,7 +132,13 @@ export declare const E_INVALID_CREDENTIALS: {
         stack?: string;
         cause?: unknown;
     };
+    /**
+     * HTTP status code for invalid credentials
+     */
     status: number;
+    /**
+     * Error code identifier
+     */
     code: string;
     help?: string;
     message?: string;

package/build/src/mixins/lucid.d.ts

@@ -3,6 +3,7 @@ import { type BaseModel } from '@adonisjs/lucid/orm';
 import type { NormalizeConstructor } from '@adonisjs/core/types/helpers';
 type UserWithUserFinderRow = {
     verifyPassword(plainPassword: string): Promise<boolean>;
+    validatePassword(plainPassword: string, passwordFieldName?: string): Promise<void>;
 };
 type UserWithUserFinderClass<Model extends NormalizeConstructor<typeof BaseModel> = NormalizeConstructor<typeof BaseModel>> = Model & {
     hashPassword<T extends UserWithUserFinderClass>(this: T, user: InstanceType<T>): Promise<void>;

package/build/src/mixins/lucid.js

@@ -39,6 +39,19 @@ function withAuthFinder(hash, options) {
 				if (!passwordHash) throw new RuntimeException(`Cannot verify password. The value for "${normalizedOptions.passwordColumnName}" column is undefined or null`);
 				return hashFactory().verify(passwordHash, plainPassword);
 			}
+			async validatePassword(plainPassword, passwordFieldName) {
+				if (!await this.verifyPassword(plainPassword)) {
+					const error = /* @__PURE__ */ new Error("Validation Error");
+					Object.defineProperty(error, "code", { value: "E_VALIDATION_ERROR" });
+					Object.defineProperty(error, "status", { value: 422 });
+					Object.defineProperty(error, "messages", { value: [{
+						field: passwordFieldName ?? "currentPassword",
+						message: "The current password is incorrect",
+						rule: "current_password"
+					}] });
+					throw error;
+				}
+			}
 		}
 		__decorate([beforeSave()], UserWithUserFinder, "hashPassword", null);
 		return UserWithUserFinder;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@adonisjs/auth",
   "description": "Official authentication provider for Adonis framework",
-  "version": "10.0.0-next.4",
+  "version": "10.0.0-next.5",
   "engines": {
     "node": ">=24.0.0"
   },
@@ -67,11 +67,11 @@
     "@japa/plugin-adonisjs": "^5.1.0-next.0",
     "@japa/runner": "^5.3.0",
     "@japa/snapshot": "^2.0.10",
-    "@poppinss/ts-exec": "^1.4.1",
+    "@poppinss/ts-exec": "^1.4.2",
     "@release-it/conventional-changelog": "^10.0.4",
     "@types/basic-auth": "^1.1.8",
     "@types/luxon": "^3.7.1",
-    "@types/node": "^25.0.9",
+    "@types/node": "^25.0.10",
     "@types/set-cookie-parser": "^2.4.10",
     "@types/sinon": "^21.0.0",
     "better-sqlite3": "^12.6.2",
@@ -87,7 +87,7 @@
     "nock": "^14.0.10",
     "pg": "^8.17.2",
     "playwright": "^1.57.0",
-    "prettier": "^3.8.0",
+    "prettier": "^3.8.1",
     "release-it": "^19.2.4",
     "set-cookie-parser": "^3.0.1",
     "sinon": "^21.0.1",