don't send forgot-password email if user doesn't exist

gingko · Feb 21, 2024 · bf553c9 · bf553c9
1 parent 5a9d0d9
commit bf553c9
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/index.ts b/src/index.ts
@@ -677,7 +677,12 @@ app.post('/logout', async (req, res) => {
 app.post('/forgot-password', async (req, res) => {
   let email = req.body.email;
   try {
-    let user = userByEmail.run(email);
+    let user = userByEmail.get(email);
+
+    if (!user) {
+      res.status(404).send();
+      return;
+    }
 
     let token = newToken();
     user.resetToken = hashToken(token); // Consider not hashing token for test user, so we can check it