fix(medusa): Error messages for reset tokens (#3514)

* initial

* reset password token handling

* Create .changeset/old-planes-cross.md

---------

Co-authored-by: Oliver Windall Juhl <59018053+olivermrbl@users.noreply.github.com>

integration-tests/api/__tests__/admin/user.js

@@ -171,6 +171,16 @@ describe("/admin/users", () => {
     })
 
     describe("Password reset", () => {
+      it("Doesn't fail to fetch user when resetting password for an unknown email (unauthorized endpoint)", async () => {
+        const api = useApi()
+
+        const resp = await api.post("/admin/users/password-token", {
+          email: "test-doesnt-exist@test.com",
+        })
+
+        expect(resp.status).toEqual(204)
+      })
+
       it("Doesn't fail when generating password reset token (unauthorized endpoint)", async () => {
         const api = useApi()
 

integration-tests/api/__tests__/store/customer.js

@@ -521,5 +521,40 @@ describe("/store/customers", () => {
 
       expect(response.status).toEqual(204)
     })
+
+    it("Returns 204 for non-existent customer", async () => {
+      const api = useApi()
+
+      const response = await api.post(`/store/customers/password-token`, {
+        email: "non-existent@test.com",
+      })
+
+      expect(response.status).toEqual(204)
+    })
+  })
+
+  describe("POST /store/customers/password-reset", () => {
+    afterEach(async () => {
+      await doAfterEach()
+    })
+
+    it("Returns 204 for non-existent customer", async () => {
+      const api = useApi()
+
+      const response = await api
+        .post(`/store/customers/password-reset`, {
+          email: "non-existent@test.com",
+          token: "token",
+          password: "password",
+        })
+        .catch((error) => {
+          return error
+        })
+      expect(response.response.status).toEqual(401)
+      expect(response.response.data).toEqual({
+        type: "unauthorized",
+        message: "Invalid or expired password reset token",
+      })
+    })
   })
 })