[BUG] The `Auth\Passwords\DoctrineTokenRepository` creates tokens without hashing
rosamarsky opened this issue · comments
I used the default Illuminate Password Broker before I found in your documentation This page
After changing PasswordResetServiceProvider
in config/app.php I checked the table password_resets
and saw not hashed tokens. It looks really unsafe.
Package version 1.4, Laravel version 8.0
I believe that that token is generated here
orm/src/Auth/Passwords/DoctrineTokenRepository.php
Lines 213 to 221 in 2824a85
which just results on a different Hash/Token that laravel which is likely using there built in Hash Facade
ah laravel are building it the same but are pushing the token through the hasher before it goes into the database
Happy to take PR to fix this, but it might be considered a BC, since it would invalidate all existing tokens