fix: Remove username from email verification and password reset process (#8488)

BREAKING CHANGE: This removes the username from the email verification and password reset process to prevent storing personally identifiable information (PII) in server and infrastructure logs. Customized HTML pages or emails related to email verification and password reset may need to be adapted accordingly. See the new templates that come bundled with Parse Server and the [migration guide](https://github.com/parse-community/parse-server/blob/alpha/8.0.0.md) for more details.

src/Routers/UsersRouter.js

@@ -438,10 +438,20 @@ export class UsersRouter extends ClassesRouter {
   async handleResetRequest(req) {
     this._throwOnBadEmailConfig(req);
 
-    const { email } = req.body;
-    if (!email) {
+    let email = req.body.email;
+    const token = req.body.token;
+    if (!email && !token) {
       throw new Parse.Error(Parse.Error.EMAIL_MISSING, 'you must provide an email');
     }
+    if (token) {
+      const results = await req.config.database.find('_User', {
+        _perishable_token: token,
+        _perishable_token_expires_at: { $lt: Parse._encode(new Date()) },
+      });
+      if (results && results[0] && results[0].email) {
+        email = results[0].email;
+      }
+    }
     if (typeof email !== 'string') {
       throw new Parse.Error(
         Parse.Error.INVALID_EMAIL_ADDRESS,