From 7fe40304532493c5cec7f3a446c80b5f72f47a4e Mon Sep 17 00:00:00 2001
From: Arthur Cinader <700572+acinader@users.noreply.github.com>
Date: Fri, 5 Oct 2018 09:28:53 -0700
Subject: [PATCH] Return success on sendPasswordResetEmail even if email not
 found.

---
 src/Routers/UsersRouter.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Routers/UsersRouter.js b/src/Routers/UsersRouter.js
index 73b46415..1703c3d4 100644
--- a/src/Routers/UsersRouter.js
+++ b/src/Routers/UsersRouter.js
@@ -357,10 +357,11 @@ export class UsersRouter extends ClassesRouter {
       },
       err => {
         if (err.code === Parse.Error.OBJECT_NOT_FOUND) {
-          throw new Parse.Error(
-            Parse.Error.EMAIL_NOT_FOUND,
-            `No user found with email ${email}.`
-          );
+          // Return success so that this endpoint can't
+          // be used to enumerate valid emails
+          return Promise.resolve({
+            response: {},
+          })
         } else {
           throw err;
         }