Auth Scaffolding Should Not Verify Existence of Emails in Database In Password Reset #935
Description
Is your feature request related to a problem? Please describe.
Both
What do we currently have to do now?
Currently, the auth scaffolding controllers when requesting a password request returns an error if the email address does not exist in the users' table.
Describe the solution you'd like
I think it is preferable to just say an email was sent to the provided email. In my implementation, I only send the email if the user exists. Likewise, login errors should just say "credentials could not be verified" and not specify whether it was because an email couldn't be found or the password was wrong.