avoid exposing registered email addresses

2026-03-21 21:37:29 +00:00 · 2022-07-13 13:28:07 +02:00
parent d82bb22341
commit 9bbfc2de3f
2 changed files with 3 additions and 2 deletions
--- a/src/main/java/com/commafeed/frontend/resource/UserREST.java
+++ b/src/main/java/com/commafeed/frontend/resource/UserREST.java
@@ -259,8 +259,9 @@ public class UserREST {
 	public Response sendPasswordReset(@Valid @ApiParam(required = true) PasswordResetRequest req) {
 		User user = userDAO.findByEmail(req.getEmail());
 		if (user == null) {
-			return Response.status(Status.PRECONDITION_FAILED).entity("Email not found.").type(MediaType.TEXT_PLAIN).build();
+			return Response.ok().build();
 		}
+
 		try {
 			user.setRecoverPasswordToken(DigestUtils.sha1Hex(UUID.randomUUID().toString()));
 			user.setRecoverPasswordTokenDate(new Date());