I’ve managed to “solve” it (though in a less cake way, but it works for now) by adding the following code to ChangePasswordForm.php:
public function checkPassword($inputPassword,$user){
return (new DefaultPasswordHasher)->check($inputPassword,$user->password);
}
then adding calling it by using this in the controller:
$user = $this->Users->find()->where(['id'=> $this->Auth->user('id')])->first();
if($changePasswordForm->checkPassword($this->request->getData('currentPassword'),$user)){
// is valid
}
I’ll probably get some hate for doing it like this, but until I find a better way to do this conforming the CakePHP conventions, it’ll have to do.