wip

Author: dblythy

spec/ValidationAndPasswordsReset.spec.js

@@ -1092,10 +1092,33 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
         apiKey: 'k',
         domain: 'd',
       }),
+      passwordPolicy: {
+        resetPasswordSuccessOnInvalidEmail: false,
+      },
     });
 
     await expectAsync(Parse.User.requestPasswordReset('[email protected]')).toBeRejectedWith(
       new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'A user with that email does not exist.')
     );
   });
+
+  it('validate resetPasswordSuccessonInvalidEmail', async () => {
+    const invalidValues = [[], {}, 1, 'string'];
+    for (const value of invalidValues) {
+      await expectAsync(
+        reconfigureServer({
+          appName: 'coolapp',
+          publicServerURL: 'http://localhost:1337/1',
+          emailAdapter: MockEmailAdapterWithOptions({
+            fromAddress: '[email protected]',
+            apiKey: 'k',
+            domain: 'd',
+          }),
+          passwordPolicy: {
+            resetPasswordSuccessOnInvalidEmail: value,
+          },
+        })
+      ).toBeRejectedWith('resetPasswordSuccessOnInvalidEmail must be a boolean value');
+    }
+  });
 });

src/Config.js

@@ -369,6 +369,13 @@ export class Config {
       if (passwordPolicy.resetTokenReuseIfValid && !passwordPolicy.resetTokenValidityDuration) {
         throw 'You cannot use resetTokenReuseIfValid without resetTokenValidityDuration';
       }
+
+      if (
+        passwordPolicy.resetPasswordSuccessOnInvalidEmail &&
+        typeof passwordPolicy.resetPasswordSuccessOnInvalidEmail !== 'boolean'
+      ) {
+        throw 'resetPasswordSuccessOnInvalidEmail must be a boolean value';
+      }
     }
   }
 

src/Options/Definitions.js

@@ -894,6 +894,13 @@ module.exports.PasswordPolicyOptions = {
       'Set the number of previous password that will not be allowed to be set as new password. If the option is not set or set to `0`, no previous passwords will be considered.<br><br>Valid values are >= `0` and <= `20`.<br>Default is `0`.',
     action: parsers.numberParser('maxPasswordHistory'),
   },
+  resetPasswordSuccessOnInvalidEmail: {
+    env: 'PARSE_SERVER_PASSWORD_POLICY_RESET_PASSWORD_SUCCESS_ON_INVALID_EMAIL',
+    help:
+      'Set to true if password resets should return success if the email is invalid<br><br>Default is `true`.',
+    action: parsers.booleanParser,
+    default: true,
+  },
   resetTokenReuseIfValid: {
     env: 'PARSE_SERVER_PASSWORD_POLICY_RESET_TOKEN_REUSE_IF_VALID',
     help:

src/Options/docs.js

@@ -520,6 +520,11 @@ export interface PasswordPolicyOptions {
   Default is `false`.
   :DEFAULT: false */
   resetTokenReuseIfValid: ?boolean;
+  /* Set to true if password resets should return success if the email is invalid
+  <br><br>
+  Default is `true`.
+  :DEFAULT: true */
+  resetPasswordSuccessOnInvalidEmail: ?boolean;
 }
 
 export interface FileUploadOptions {

src/Options/index.js

@@ -435,12 +435,12 @@ export class UsersRouter extends ClassesRouter {
       };
     } catch (err) {
       if (err.code === Parse.Error.OBJECT_NOT_FOUND) {
-        if (!req.config.passwordPolicy) {
+        if (req.config.passwordPolicy?.resetPasswordSuccessOnInvalidEmail ?? true) {
           return {
             response: {},
           };
         }
-        err.message = `A user with the email ${email} does not exist.`;
+        err.message = `A user with that email does not exist.`;
       }
       throw err;
     }