From 1a6cdaa078e9061cc49f3dd44bee25982a27ac43 Mon Sep 17 00:00:00 2001 From: null Date: Wed, 1 Jul 2026 01:50:40 -0500 Subject: [PATCH] feat(auth): enumeration-safe forgot-password confirmation copy --- .../main/java/app/closer/ui/auth/ForgotPasswordScreen.kt | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/app/src/main/java/app/closer/ui/auth/ForgotPasswordScreen.kt b/app/src/main/java/app/closer/ui/auth/ForgotPasswordScreen.kt index 4bd66211..3c3e36fc 100644 --- a/app/src/main/java/app/closer/ui/auth/ForgotPasswordScreen.kt +++ b/app/src/main/java/app/closer/ui/auth/ForgotPasswordScreen.kt @@ -105,14 +105,17 @@ fun ForgotPasswordScreen( ) Spacer(Modifier.height(16.dp)) Text( - "Reset email sent", + "Check your email", style = MaterialTheme.typography.headlineSmall, color = AuthInk, textAlign = TextAlign.Center ) Spacer(Modifier.height(8.dp)) + // Enumeration-safe: we don't reveal whether this specific email is registered or how it + // signs in. The Google line quietly covers accounts that have no password to reset. Text( - "Check your inbox and follow the link to reset your password.", + "If an account exists for that email, a reset link is on its way — check your inbox. " + + "Signed up with Google? Use “Continue with Google” to sign in instead.", style = MaterialTheme.typography.bodyMedium, color = AuthMuted, textAlign = TextAlign.Center