Open Rathetsu opened 9 months ago
@chrisbianca, could you have a look whenever you can?
I had the same problem.
@Rathetsu @zhenyuWang that's because the protection mail enumeration is activated, it is active by default in projects started in September 2023 Read about this
useSendPasswordResetEmail
hook returns incorrect success status for unregistered emailsIssue Type: Bug
Description:
When using the
useSendPasswordResetEmail
hook, I noticed that it does not return anerror
when the email provided is not registered. Moreover, it also returns thesuccess
boolean astrue
even when the email is not associated with any user account.Reproduction Steps:
useSendPasswordResetEmail
hook in a component.sendPasswordResetEmail
function.error
remains undefined andsuccess
returns astrue
.Expected Behavior:
For unregistered emails,
success
should befalse
and an appropriateerror
should be returned indicating that the email is not registered.Actual Behavior:
The
success
is returned astrue
and no error is returned, misleading the user.Code Snippet:
Environment:
Additional Information:
If it's an intended behavior to not differentiate between registered and unregistered emails (to prevent email enumeration attacks), then the documentation should clearly mention this. Otherwise, this is misleading for developers using the hook.
Please let me know if you need further information or if there's a workaround available.