[12.x] remove the "prefix" option for cache password resets (#56127)

* remove the "prefix" option for cache password resets

this is mostly a rollback of #53448 per Taylor's request. rather than allowing an optional prefix, we'll use a deterministic hash of the user's email for our cache key.  this should make the chance of a collision if no dedicated store is used statistically insignificant.

I've also opted to extract out a `makeCacheKey()` method here mainly to reduce the duplicated code and help prevent bugs from divergence. however, this could possibly help userland override the cache key generation. maybe I'm overthinking that, maybe it's honestly not a problem.

* formatting

---------

Co-authored-by: Taylor Otwell <[email protected]>

Author: browner12

src/Illuminate/Auth/Passwords/CacheTokenRepository.php

@@ -24,7 +24,6 @@ public function __construct(
         protected string $hashKey,
         protected int $expires = 3600,
         protected int $throttle = 60,
-        protected string $prefix = '',
     ) {
     }
 
@@ -41,7 +40,7 @@ public function create(CanResetPasswordContract $user)
         $token = hash_hmac('sha256', Str::random(40), $this->hashKey);
 
         $this->cache->put(
-            $this->prefix.$user->getEmailForPasswordReset(),
+            $this->cacheKey($user),
             [$this->hasher->make($token), Carbon::now()->format($this->format)],
             $this->expires,
         );
@@ -58,7 +57,7 @@ public function create(CanResetPasswordContract $user)
      */
     public function exists(CanResetPasswordContract $user, #[\SensitiveParameter] $token)
     {
-        [$record, $createdAt] = $this->cache->get($this->prefix.$user->getEmailForPasswordReset());
+        [$record, $createdAt] = $this->cache->get($this->cacheKey($user));
 
         return $record
             && ! $this->tokenExpired($createdAt)
@@ -84,7 +83,7 @@ protected function tokenExpired($createdAt)
      */
     public function recentlyCreatedToken(CanResetPasswordContract $user)
     {
-        [$record, $createdAt] = $this->cache->get($this->prefix.$user->getEmailForPasswordReset());
+        [$record, $createdAt] = $this->cache->get($this->cacheKey($user));
 
         return $record && $this->tokenRecentlyCreated($createdAt);
     }
@@ -114,7 +113,7 @@ protected function tokenRecentlyCreated($createdAt)
      */
     public function delete(CanResetPasswordContract $user)
     {
-        $this->cache->forget($this->prefix.$user->getEmailForPasswordReset());
+        $this->cache->forget($this->cacheKey($user));
     }
 
     /**
@@ -125,4 +124,15 @@ public function delete(CanResetPasswordContract $user)
     public function deleteExpired()
     {
     }
+
+    /**
+     * Determine the cache key for the given user.
+     *
+     * @param  \Illuminate\Contracts\Auth\CanResetPassword  $user
+     * @return string
+     */
+    public function cacheKey(CanResetPasswordContract $user): string
+    {
+        return hash('sha256', $user->getEmailForPasswordReset());
+    }
 }

src/Illuminate/Auth/Passwords/PasswordBrokerManager.php

@@ -95,7 +95,6 @@ protected function createTokenRepository(array $config)
                 $key,
                 ($config['expire'] ?? 60) * 60,
                 $config['throttle'] ?? 0,
-                $config['prefix'] ?? '',
             );
         }