From fe1edb3c01f36fc8fb0abc29cd4b5ac98cab533a Mon Sep 17 00:00:00 2001 From: shariquerik Date: Wed, 15 Apr 2026 12:04:53 +0530 Subject: [PATCH] fix: change return type to None --- frappe/core/doctype/user/user.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py index 797894f99d..6c6c4375a2 100644 --- a/frappe/core/doctype/user/user.py +++ b/frappe/core/doctype/user/user.py @@ -1154,7 +1154,7 @@ def sign_up(email: str, full_name: str, redirect_to: str) -> tuple[int, str]: @frappe.whitelist(allow_guest=True, methods=["POST"]) @rate_limit(limit=get_password_reset_limit, seconds=60 * 60) -def reset_password(user: str) -> str: +def reset_password(user: str) -> None: # Always return the same generic response regardless of whether the user # exists, is disabled, or is restricted. This prevents username enumeration # via different messages or HTTP status codes (CWE-204). @@ -1174,7 +1174,7 @@ def reset_password(user: str) -> str: frappe.clear_messages() frappe.log_error(title="Password reset failed unexpectedly", message=frappe.get_traceback()) - return frappe.msgprint( + frappe.msgprint( msg=_("If an account with this email exists, password reset instructions have been sent."), title=_("Password Reset"), )