new: reset password improve transparency

Author: dblythy

spec/ValidationAndPasswordsReset.spec.js

@@ -1082,4 +1082,22 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
         done();
       });
   });
+
+  it('should throw on an invalid reset password', async () => {
+    await reconfigureServer({
+      appName: 'coolapp',
+      publicServerURL: 'http://localhost:1337/1',
+      emailAdapter: MockEmailAdapterWithOptions({
+        fromAddress: '[email protected]',
+        apiKey: 'k',
+        domain: 'd',
+      }),
+    });
+    await expectAsync(Parse.User.requestPasswordReset('[email protected]')).toBeRejectedWith(
+      new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'A user with the email [email protected] does not exist.'
+      )
+    );
+  });
 });

src/Routers/UsersRouter.js

@@ -406,14 +406,9 @@ export class UsersRouter extends ClassesRouter {
       },
       err => {
         if (err.code === Parse.Error.OBJECT_NOT_FOUND) {
-          // Return success so that this endpoint can't
-          // be used to enumerate valid emails
-          return Promise.resolve({
-            response: {},
-          });
-        } else {
-          throw err;
+          err.message = `A user with the email ${email} does not exist.`;
         }
+        throw err;
       }
     );
   }