I'm trying to modify the default Laravel 5.6 Auth in a way to email new users a link to create their password, since this is an invite only system and I don't want to email created users their password as plaintext.
In 5.3 what I was able to do was grab the reset token from the password_resets table and send them a Notification with a "Create Password" button.
In 5.6 (not sure when this changed) it seems to be an encrypted version of their password reset token in the database. How would I then call the correct url in a custom notification for users to be able to create a password?
Here's what I had in 5.3:
controller
......
$token = strtolower(str_random(64));
DB::table('password_resets')->insert([
'email' => $request->email,
'token' => $token,
'created_at' => Carbon::now()
]);
$user->notify(new UserCreated($user));
......
password create email
.....
$token = DB::table('password_resets')->where('email', $user_email)->pluck('token')->first();
$url = url('/password/reset/' . $token);
......
Copying the same code over to 5.6, it tells me my reset tokens are invalid. It appears the tokens in the database no longer match the token in the url when doing a normal password reset. Now they appear to be encrypted or something?
I've made sure in the email the url and the token match exactly whats in the database, with the valid period set to like a week (to test), and every token created this way it says is invalid.
How then do you do auth for an invite only system, or how do you just manually create a reset token and then send it in a custom email? The docs mentions being able to replace the password reset email, but I don't want that, I want to supplement it.