Use password hashing method instead of class because it'll return 500 ERROR from calling `/token` API if patching a user's password afterwards.

This change has tested in local development env.