manohar/tia
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: stop leaking password reset tokens in response

Browse source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Manohar Gupta 2026-05-17 11:57:54 +05:30
parent 8e7a3fbe35
commit 389f66955c
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/app/api/auth/reset-request/route.ts
View file

@ -37,8 +37,8 @@ export async function POST(request: Request) {
);
// In production, send email with reset link
// For now, return token for testing
return NextResponse.json({ success: true, token: `reset_${token}`, message: "Reset link sent" });
console.log(`[RESET-TOKEN] user=${user.id} email=${email} token=reset_${token} expires=${expiresAt.toISOString()}`);
return NextResponse.json({ success: true, message: "If email exists, reset link sent" });
} catch (error) {
console.error("Reset request error:", error);
return NextResponse.json({ success: true, message: "If email exists, reset link sent" });