Forgot password doesn't check for user existence

[tilgovi]

Result is a traceback that NoneType has no attribute 'activation'.

@sontek two questions:

1. Should I fix this, or is the intention to let this repo die and move everything to Pylons/horus?
2. If I fix it, what error do we want to raise (if any)? Are we concerned about leaking information about which email addresses have accounts?

[sontek]

@tilgovi The pylons repo is the future but I think we should fix it here until we are able to finish the pylons version.

I'm not sure what the best policy would be for the message but I don't think we should alert them of the user not existing because they should use it to find out who is signed up. Maybe we should pretend we sent the e-mail even if we don't? That would be confusing for people who have multiple addresses though.

[tilgovi]

I can manage a message that allows for the possibility the email doesn't exist.

PR forthcoming. On May 20, 2014 5:31 PM, "John Anderson" notifications@github.com wrote:

@tilgovi https://github.com/tilgovi The pylons repo is the future but I think we should fix it here until we are able to finish the pylons version.

I'm not sure what the best policy would be for the message but I don't think we should alert them of the user not existing because they should use it to find out who is signed up. Maybe we should pretend we sent the e-mail even if we don't? That would be confusing for people who have multiple addresses though.

— Reply to this email directly or view it on GitHubhttps://github.com/eventray/horus/issues/44#issuecomment-43685990 .