From: Andy Allan <git@gravitystorm.co.uk>
Date: Sat, 2 Mar 2024 15:48:54 +0000 (+0000)
Subject: Be paranoid when sending password reset emails
X-Git-Tag: live~1053^2
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/4e237db3902fd9cd9d2f55131c8bba2e830e87fd?hp=4e237db3902fd9cd9d2f55131c8bba2e830e87fd

Be paranoid when sending password reset emails

This implements what is known as "paranoid" password reset flash
messages (using the terminology from Devise). It avoids revealing
whether the supplied email address is already registered.

Added an explicit test for this situation, so that the test for
email non-existance is separate from the duplicate-case tests.
---