Hacker News new | ask | show | jobs
by megous 2087 days ago
It makes automated testing of pw reset flow easier. Otherwise you'd need some out of band method to get the token.
1 comments
ativzzz 2087 days ago
You should be able to get the token from your database, unless you're doing black box testing, which I am not a fan of for reasons such as this.
link
megous 2085 days ago
I'm not justifying it.

Just saying that this might have been one reason for such data to be returned.

You may not have access to the database if you're doing frontend testing using headless browser.

link