Return an error message if the user doesn't exist inside ReviseAuth::PasswordResetsController

[ahmadabdelhalim]

Hello,

So I was reviewing the code and taking a look inside ReviseAuth::PasswordResetsController

I noticed that in the create action, you're ignoring cases where the user enters an incorrect email and no error message is returned.

  def create
    user = User.find_by(email: user_params[:email])
    user&.send_password_reset_instructions

    flash[:notice] = t(".password_reset_sent")
    redirect_to login_path
  end

shouldn't we return an error message instead of using the safe navigation operator?

[excid3]

No, the general best practice here is to send the same message either way. It helps prevent people checking if an account is registered with that email if someone is trying to do malicious things.

[ahmadabdelhalim]

that makes sense. closing this one