Loopback: User.resetPassword method emit Response Code 204 every time

Created on 14 Jan 2015 · 5Comments · Source: strongloop/loopback

When I try to use resetPassword in the API (http://0.0.0.0:3000/explorer/#!/Users/resetPassword) sending an unregistered or registered User every time the API response is 204 "no content", only when I don't send the "email" parameter I optain a Response Code 400 and an error message

{
  "error": {
    "name": "Error",
    "status": 400,
    "message": "email is required",
    "statusCode": 400,
   ...
  }
}

I suggest add an message error like this when the User is unregistered:

{
  "error": {
    "name": "Error",
    "status": 400,
    "message": "The `User` email doesn't exists",
    "statusCode": 400,
...
  }
}

blocked triaging

Source

panduroab

👍1

Most helpful comment

@loay , I'm facing the similar issue , where "/users/reset/" always throws 204 though I passing correct email , on the another side email existence was working fine and showing 404 work as expected their ,
but no 200 OK response , is there anything i'm missing please suggest me ...

skalyanapu-mtuity on 17 Feb 2017

👍3

All 5 comments

@panduroab Can you create a sample repo/PR to reproduce the issue in https://github.com/strongloop/loopback-sandbox?

superkhau on 2 Feb 2015

@panduroab
Is this issue still persisting?
Thanks

loay on 23 Feb 2016

Hello, the commit pushed is a good workaround in your app, but there are some other security considerations for revealing the existence of the email or not and/or if the issue is with the username/email/password.

Closing due to inactivity. If you are still running into problems, feel free to leave a comment and I will reopen the issue.Thanks.

loay on 25 Feb 2016

skalyanapu-mtuity on 17 Feb 2017

👍3

@loay , me too. I'm getting the same response, /user/reset/ responding with no content with a correct email, and If I try to enter an invalid email it response with email not found and working perfectly fine.