$dto->token, 'email' => $dto->email, 'password' => $dto->password, 'password_confirmation' => $dto->password_confirmation, ], function (User $user) use ($dto) { $user->forceFill([ 'password' => $dto->password, 'remember_token' => Str::random(60), ])->save(); // Framework event: triggers session token invalidation etc. event(new PasswordReset($user)); // Domain event: for application-level listeners (audit log, security alert). UserPasswordReset::dispatch($user); } ); } }