Do not return an error on email not found

[vincentchalamon]

Scenario: I can't reset my password with an invalid email address
    When I reset my password using invalid email address
    Then the request should be invalid with message 'User with field "email" equal to "foo@example.com" cannot be found.'

This scenario is a security leak cause it allows any user to check which email is stored in the database. If email address is invalid, the following message should be visible: if the email address exists, an email has been sent to it..

Same for following scenario:

Scenario: I can't reset my password if I already request a token
    Given I have a valid token
    When I reset my password
    Then the request should be invalid with message 'An unexpired token already exists for this user.'

Response should be 200 & message should be the same.

[vincentchalamon]

@gorghoa What do you think about this issue?

[gorghoa]

Totally agree :)

Note that the second scenario should no longer happen when I’ll PR this one ;) #37

Also, on token successfully sent, the message displayed should be exactly the same as when an error occured.

Always return a 204 success response ? (letting the message be the responsibility of the UI)