It can enhance user experience while signing in if the user can be explicitly told that their account does not exist, so they can try using any alternate or site-specific email addresses they have.
Currently devise uses the :invalid message, 'Invalid email or password.' when the user's account does not exist.
It is arguably less secure to allow attackers to figure out whether or not an given email address has an account in the system. However, this information is already exposed in the :recoverable module.
I propose that devise returns an alternate failure key when the account database record does not exist, and the end-developer can choose to expose this information by customizing their en.yml file.
Support alternate sign in error message when email record does not exist
By default, the nonexistent error is still identical to the :invalid
message, and must be customized by the developer to implement.
Fix typo on nonexistent error
Sorry - I made a typo in my first commit. I'm not well acquainted on pull request etiquette to get these two commits squashed (if desired). Let me know if I should do anything like open an alternate pull request with the commits squashed.
Thanks for the pull request. There is no need to squash the commits, however there are a couple issues we need to address before we merge it:
Change failure key for missing database resource to :invalid_email
I changed the key to :invalid_email and updated the existing test. Given that the default :invalid_email message is the same as :invalid and that the existing tests match against the post-translated string, I used store_translations in the test to explicitly change the :invalid_email translation.