id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
21660	Password reset form return a successful answer when the email doesn't exist in the database	anonymous	nobody	"Hello,

The django.contrib password_reset view doesn't come with any machnism to handle the situation where the email doesn't exist in the database, it just send to a page telling that an email has been sent to the address.

For reference, password_reset https://github.com/django/django/blob/master/django/contrib/auth/views.py#L133-173 the email sending is done in the save of the form line 162. The query to grab the user (or list of user) in the form is here https://github.com/django/django/blob/master/django/contrib/auth/forms.py#L240-243

Also, the behavior to get the user(s) is strange, it can result of sending several time the same email to the same mail address, I really don't get the loop part, is it because of the test on user.has_usable_password()? If yes, then why there isn't a break at the end of the loop to prevent multiple sent emails. Or is it because of the case insensitive query?

Kinds regards,"	Uncategorized	closed	contrib.auth	1.6	Normal	invalid			Unreviewed	0	0	0	0	0	0