I do not know any way (I looked for this for another reason) to get the plaintext password, and I can understand that it is not possible and why.
Maybe you could "fake" it, by trying to log in the user with the password entered and if this succeeds, call the "alter password" flow?
This could get a little difficult, because of all the cookie chaos this could result in, but maybe using the api flow will eliminate it?