Just some of my thoughts, why not use the store() directly and make another protected function in your controller, push those input data into that function to handle the login validation instead?

You could then return the result and give control back to store(), for example, a boolean of a pass/no pass and as well as the errors handling and let store() decides what to do next (or you could throw exceptions and let the exception handles this matter I guess ?) .

In that case not only your store() can share this protected function but your update() which you might likely need that later can share this similar "gateway" to check if user is authenticated.