From 2ee00ca8e6397314a8c69f58f5cfc8ea957657d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Eric=20Dub=C3=A9?= <eric.alex.dube@gmail.com>
Date: Fri, 26 Apr 2024 18:22:14 -0400
Subject: [PATCH] Revert "fix(security): Prevent email enumeration" (#351)

---
 packages/backend/src/routers/send-pass-recovery-email.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/routers/send-pass-recovery-email.js b/packages/backend/src/routers/send-pass-recovery-email.js
index 33f43df6..f1fa8dd5 100644
--- a/packages/backend/src/routers/send-pass-recovery-email.js
+++ b/packages/backend/src/routers/send-pass-recovery-email.js
@@ -114,7 +114,10 @@ router.post('/send-pass-recovery-email', express.json(), body_parser_error_handl
         });
 
         // Send response
-	return res.send({message: `If the email address exists in our database. A recovery email will be sent to <strong>${user.email}</strong>`});
+        if(req.body.username)
+            return res.send({message: `Password recovery sent to the email associated with <strong>${user.username}</strong>. Please check your email for instructions on how to reset your password.`});
+        else
+            return res.send({message: `Password recovery email sent to <strong>${user.email}</strong>. Please check your email for instructions on how to reset your password.`});
 
     }catch(e){
         console.log(e)
@@ -123,4 +126,4 @@ router.post('/send-pass-recovery-email', express.json(), body_parser_error_handl
 
 })
 
-module.exports = router
+module.exports = router
\ No newline at end of file