Uniform "same" validation not working

I have a forgotten password front-end user process, for which I am trying to use the “same” validation in Uniform to check a password matches a re-enter your password field (to catch user typo’s basically). This is my controller:


use Uniform\Form;

return function ($kirby, $page)
    $error = null;
    $success = null;

    $form = new Form([
      'password' => [
        'rules' => ['required','min' => 8],
        'message' => ['Please choose a password', 'Password must be at least 8 characters'],
      'validate' => [
          'rules' => ['required','same' => get('password')],
          'message' => ['Please re-enter your password', 'Passwords do not match'],

    if($kirby->request()->is('POST') and get('update')) {
      try {
            'password' => $kirby->user()->changePassword($form->data('password')),
          $success = 'Your passwords have been changed successfully.';
           catch(Exception $e) {
        $error = $e->getMessage();

    return compact('error', 'success');


This is my form:

<form action="<?php echo $page->url()?>" method="POST" autocomplete="off">

    <?php if(isset($success)): ?>
            <h1>Your password has been changed</h1>
            <a href="/my-dashboard">Go to dashboard</a>
    <?php else: ?>

    <?php if ($error): ?>
        <p><?= $error ?></p>
    <?php endif; ?>

      <label for="password">New password *</label>
      <input autocomplete="new-password" type="password" id="password" name="password">
      <p class="text-xs">Minimum 8 characters.</p>

      <label for="validate">Retype your password *</label>
      <input autocomplete="new-password" type="password" id="validate" name="validate">

    <?php echo csrf_field() ?>

    <button type="submit" name="update" value="update">Change password</button>

    <?php endif; ?>

Now when I submit the form, the validation on the password field is working (I have to enter a minimum of 8 letters, and not leave the field blank), but none of the validation is working on the “validate” field - I can leave it blank, or enter a string that doesn’t match what is entered in “password”.

If anyone has any thoughts that would be super

Without knowing the internals of the Uniform plugin, this is just guessing, but I wonder if the form instance is saved in the session when you first load the page and get('password') is therefore null, because this is only set when you actually submit the form.

Thanks for the pointer, I will take a look and see if that might be the issue.

I set up the same form without Uniform without issues, so that means in normal circumstances, the validator should work.