Calls $wgAuth->allowPasswordChange(), $wgAuth->initUser() and $wgAuth->updateUser(). Should become a PrimaryAuthenticationProvider.
Also using a SpecialChangePassword object as some kind of password change service probably won't work well; either redirect to it or (more likely) rely on ResetPasswordSecondaryAuthenticationProvider instead.