Hi,
Is there a way/setting to prevent Account.forgotPassword from returning a 403 error when the user is not found?
I would like to have the same response as when the user is found:
Thanks.
Because I don’t want anyone to know whether an email address is valid or not.
You can overwrite the existing methods by doing this:
Meteor.startup(() => {
console.log(
"Server startup, overriding forgotPassword method for harry73.",
);
Meteor.server.method_handlers["forgotPassword"] = async options => {
console.log("Custom forgotPassword called with options:", options);
return { success: true };
};
});
You can creat that posible configuration. There’s no existing one currently.