If you don't use validate() or Form Request, but still need to throw errors with the same 422 status code and error structure, you can do it manually throw ValidationException::withMessages()
1if (! $user || ! Hash::check($request->password, $user->password)) {2 throw ValidationException::withMessages([3 'email' => ['The provided credentials are incorrect.'],4 ]);5}