I am trying to customise the message returned from Parse Server to guard against account enumeration.
Currently the server will return
No user found with email [email protected]. If there is a user with the email then it will say that something has been sent.
This isn’t ideal as the message confirms that someone with that email actually has an account. I would like to customise this message on the client side as it’s quite easy to see the actual message coming back in Dev tools so I am after a nicer fix than just customising on the frontend.
A message like
if an account exists for [email protected], a password reset email has been sent.