Problem Statement
The current implementation of password reset in the Dj_rest_auth repository exposes the uidb64 and token directly in the URL parameters when making a request to the /auth/password-reset-confirm/{uidb64}/{token}/ endpoint. This can potentially expose sensitive information, and there is a need to enhance security by introducing a mechanism to hash the uidb64 and token with a short-lived 6-digit code.

Proposed Solution:
I propose adding logic to hash the uidb64 and token with a secure algorithm sending the 6-digit code to the user's email address when initiating a password reset from a mobile app. This hashed information will be decoded back to the original uidb64 and token on the mobile app before making a POST request to the following endpoint: /auth/password-reset-confirm/{uidb64}/{token}/

Implementation Steps:

1. Introduce a hashing mechanism for uidb64 and token on the PasswordReset class implementation hence a 6-digit code will now be sent to the user's email address.
2. Implement corresponding logic on the mobile application to decode the 6-digit code to their corresponding uidb64 and token.
3. Update documentation to reflect the changes in the password reset process.