Customise Password Reset Error / Success


I am trying to customise the message returned from Parse Server to guard against account enumeration.

Currently the server will return No user found with email [email protected]. If there is a user with the email then it will say that something has been sent.

This isn’t ideal as the message confirms that someone with that email actually has an account. I would like to customise this message on the client side as it’s quite easy to see the actual message coming back in Dev tools so I am after a nicer fix than just customising on the frontend.

A message like if an account exists for [email protected], a password reset email has been sent.

Many thanks.


Simon -

Great idea. Currently, that message is hardcoded as an Error - I’m not sure if we have localisation in place on the server to override that message, but - it may be possible to catch the error, and change the message.

There is a good argument however to just open a pull request. Here’s the questionable line:



I similar PR was just merged for custom password reset

You can use that as a base


Thanks to you both… I have some learning to do, but I am going to give it a go. Any tips on how you’d tackle it would be good to hear. Thinking it would be a config option in index.js ?


@dplewis - Do we have any localisation currently on the server?


There isn’t

Where do you see it being used?