[BUG] The `Auth\Passwords\DoctrineTokenRepository` creates tokens without hashing

[rosamarsky]

I used the default Illuminate Password Broker before I found in your documentation This page
After changing PasswordResetServiceProvider in config/app.php I checked the table password_resets and saw not hashed tokens. It looks really unsafe.

Package version 1.4, Laravel version 8.0

[dpslwk]

I believe that that token is generated here

orm/src/Auth/Passwords/DoctrineTokenRepository.php

Lines 213 to 221 in 2824a85

	/**
	* Create a new token for the user.
	*
	* @return string
	*/
	public function createNewToken()
	{
	return hash_hmac('sha256', Str::random(40), $this->hashKey);
	}

which just results on a different Hash/Token that laravel which is likely using there built in Hash Facade

[dpslwk]

ah laravel are building it the same but are pushing the token through the hasher before it goes into the database

https://github.com/laravel/framework/blob/cf00a5621f2eacdb978d3176e6d601193d9dc57d/src/Illuminate/Auth/Passwords/DatabaseTokenRepository.php#L207-L215

https://github.com/laravel/framework/blob/cf00a5621f2eacdb978d3176e6d601193d9dc57d/src/Illuminate/Auth/Passwords/DatabaseTokenRepository.php#L111-L121

Happy to take PR to fix this, but it might be considered a BC, since it would invalidate all existing tokens