diff --git a/src/ResetPasswordHelper.php b/src/ResetPasswordHelper.php index bb02f3f..f965b03 100644 --- a/src/ResetPasswordHelper.php +++ b/src/ResetPasswordHelper.php @@ -168,7 +168,9 @@ public function generateFakeResetToken(?int $resetRequestLifetime = null): Reset $generatedAt = ($expiresAt->getTimestamp() - $resetRequestLifetime); - return new ResetPasswordToken('fake-token', $expiresAt, $generatedAt); + $fakeToken = bin2hex(random_bytes(16)); + + return new ResetPasswordToken($fakeToken, $expiresAt, $generatedAt); } private function findResetPasswordRequest(string $token): ?ResetPasswordRequestInterface