rydurham
commented
8 years ago Hello,
Thank you for submitting this pull request.
The change you made on line 256 of the SentryUserRepository opens up an opportunity for security information leakage - we don't want anyone to be able to infer from the error messages whether or not an account actually exists. Please revert this.
I also think we should adjust the language of the new Sentinel::users.pendingactivation message to be a bit more vague; something like "If an account is found for this email address a new activation email will be delivered", or something like that.
Other than that I think we are good to go!
tusharvikky
If User requests activation email for an invalid account, send a failure response with User not found message.
FIXES #208