7 replies

Forget Password endpoint always returns status code 200

When I call the forget password endpoint on both postman and my next.js app, I always get status code 200, no error, even if the user doesn't exist. In my next.js logs I can see the user not found error being registered, but my code which looks like this:

async function onSubmit(event: React.SyntheticEvent) {
        event.preventDefault()
        setIsLoading(true)
        setError("")

        const { data, error } = await authClient.forgetPassword({
            email: email,
            redirectTo: "/reset-password",
        });

        setIsLoading(false)


        console.log(data,error);
        
        if (error) {
            setError(error.message!)
            return
        }
        
        toast.success("Reset link sent to your email!")
        //router.push("/auth")
    }

async function onSubmit(event: React.SyntheticEvent) {
        event.preventDefault()
        setIsLoading(true)
        setError("")

        const { data, error } = await authClient.forgetPassword({
            email: email,
            redirectTo: "/reset-password",
        });

        setIsLoading(false)


        console.log(data,error);
        
        if (error) {
            setError(error.message!)
            return
        }
        
        toast.success("Reset link sent to your email!")
        //router.push("/auth")
    }

Has data with value {status: true} and error is null

Is this normal behaviour?

Solution

I would say for security

Jump to solution

Better Auth•12mo ago•

7 replies

FredTheNoob

Forget Password endpoint always returns status code 200

async function onSubmit(event: React.SyntheticEvent) {
        event.preventDefault()
        setIsLoading(true)
        setError("")

        const { data, error } = await authClient.forgetPassword({
            email: email,
            redirectTo: "/reset-password",
        });

        setIsLoading(false)


        console.log(data,error);
        
        if (error) {
            setError(error.message!)
            return
        }
        
        toast.success("Reset link sent to your email!")
        //router.push("/auth")
    }

async function onSubmit(event: React.SyntheticEvent) {
        event.preventDefault()
        setIsLoading(true)
        setError("")

        const { data, error } = await authClient.forgetPassword({
            email: email,
            redirectTo: "/reset-password",
        });

        setIsLoading(false)


        console.log(data,error);
        
        if (error) {
            setError(error.message!)
            return
        }
        
        toast.success("Reset link sent to your email!")
        //router.push("/auth")
    }

Has data with value {status: true} and error is null

Is this normal behaviour?

Solution

I would say for security

Jump to solution

Forget Password endpoint always returns status code 200

Forget Password endpoint always returns status code 200

Similar Threads

Similar Threads

Similar Threads