Unknown error resetting password with unknown e-mail address

mydnshost / mydnshost-api

API Backend for mydnshost

Other

2 stars 1 forks source link

Unknown error resetting password with unknown e-mail address #116

Closed csmith closed 3 years ago

csmith commented 3 years ago

If the e-mail address isn't registered with MyDNSHost, the reset password flow displays:

There was an error: There was an unknown error.

~~To avoid user enumeration it should probably just show the same message as success (along the lines of "If this is a registered account, instructions have been sent, blah blah")~~ (It was already meant to do that)

csmith commented 3 years ago

The API call actually returns:

{
  "error": "API currently unavailable."
}

ShaneMcC commented 3 years ago

This should have been the case (Issue #18 should have done this!) - the user not existing should have raised an error, but instead it continued through to the rest of the code and attempted to generate a reset code on a non-existent user object.

This should actually be resolved now.