Fix: prevent password reset email flooding

[Tymek]

About the changes

Related to security, limit "forget password" requests. Linear 1-242

Discussion points

Do we want to inform users on the frontend about that? I think we kept the info if mail has been sent very vague before.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
unleash-docs	✅ Ready (Inspect)	Visit Preview	Sep 28, 2022 at 8:18AM (UTC)

2 Ignored Deployments

Name	Status	Preview	Updated
unleash	⬜️ Ignored (Inspect)		Sep 28, 2022 at 8:18AM (UTC)
unleash-monorepo-frontend	⬜️ Ignored (Inspect)		Sep 28, 2022 at 8:18AM (UTC)

[github-actions]

Coverage report

❌ An unexpected error occurred. For more details, check console

Error: The process '/usr/local/bin/yarn' failed with exit code 1

St.❔	Category	Percentage	Covered / Total
🟢	Statements	88.58% (-2.8% 🔻)	7097/8012
🟡	Branches	78.91% (-0.64% 🔻)	1104/1399
🟢	Functions	82.34% (-3.89% 🔻)	2000/2429
🟢	Lines	88.9% (-2.41% 🔻)	6582/7404

⚠️ Details were not displayed: the report size has exceeded the limit.

Test suite run failed

Failed tests: 1/1172. Failed suites: 1/194.

  ● should create default config

    expect(received).toMatchSnapshot()

    Snapshot name: `should create default config 1`

    - Snapshot  - 0
    + Received  + 2

    @@ -66,19 +66,21 @@
            "ENABLE_DARK_MODE_SUPPORT": false,
            "anonymiseEventLog": false,
            "batchMetrics": false,
            "embedProxy": false,
            "embedProxyFrontend": false,
    +       "publicSignup": false,
          },
        },
        "flagResolver": FlagResolver {
          "experiments": {
            "ENABLE_DARK_MODE_SUPPORT": false,
            "anonymiseEventLog": false,
            "batchMetrics": false,
            "embedProxy": false,
            "embedProxyFrontend": false,
    +       "publicSignup": false,
          },
          "externalResolver": {
            "isEnabled": [Function],
          },
        },

      16 |     });
      17 |
    > 18 |     expect(config).toMatchSnapshot();
         |                    ^
      19 | });
      20 |
      21 | test('should add initApiToken for admin token from options', async () => {

      at Object.toMatchSnapshot (src/lib/create-config.test.ts:18:20)
          at runMicrotasks (<anonymous>)

Report generated by 🧪jest coverage report action from d31b8fd

[Tymek]

Works as a bugfix for now. More suggested improvements in: https://linear.app/unleash/issue/1-245/improve-forgotten-password-api

[andreas-unleash]

LGTM