Change devise configuration

This change don't let the user know if the email address exists when asking to resend confirmation or password reset instructions.

config/initializers/devise.rb

@@ -76,7 +76,7 @@ Devise.setup do |config|
   # It will change confirmation, password recovery and other workflows
   # to behave the same regardless if the e-mail provided was right or wrong.
   # Does not affect registerable.
-  # config.paranoid = true
+  config.paranoid = true
 
   # By default Devise will store the user in session. You can skip storage for
   # particular strategies by setting this option.

spec/features/users_auth_spec.rb

@@ -340,9 +340,11 @@ feature "Users" do
     fill_in "user_email", with: "manuela@consul.dev"
     click_button "Send instructions"
 
-    expect(page).to have_content "In a few minutes, you will receive an email containing instructions on resetting your password."
+    expect(page).to have_content "If your email address is in our database, in a few minutes "\
+                                 "you will receive a link to use to reset your password."
 
-    sent_token = /.*reset_password_token=(.*)".*/.match(ActionMailer::Base.deliveries.last.body.to_s)[1]
+    action_mailer = ActionMailer::Base.deliveries.last.body.to_s
+    sent_token = /.*reset_password_token=(.*)".*/.match(action_mailer)[1]
     visit edit_user_password_path(reset_password_token: sent_token)
 
     fill_in "user_password", with: "new password"
@@ -352,6 +354,47 @@ feature "Users" do
     expect(page).to have_content "Your password has been changed successfully."
   end
 
+  scenario "Reset password with unexisting email" do
+    visit "/"
+    click_link "Sign in"
+    click_link "Forgotten your password?"
+
+    fill_in "user_email", with: "fake@mail.dev"
+    click_button "Send instructions"
+
+    expect(page).to have_content "If your email address is in our database, in a few minutes "\
+                                 "you will receive a link to use to reset your password."
+
+  end
+
+  scenario "Re-send confirmation instructions" do
+    create(:user, email: "manuela@consul.dev")
+
+    visit "/"
+    click_link "Sign in"
+    click_link "Haven't received instructions to activate your account?"
+
+    fill_in "user_email", with: "manuela@consul.dev"
+    click_button "Re-send instructions"
+
+    expect(page).to have_content "If your email address is in our database, in a few minutes you "\
+                                 "will receive an email containing instructions on how to reset "\
+                                 "your password."
+  end
+
+  scenario "Re-send confirmation instructions with unexisting email" do
+    visit "/"
+    click_link "Sign in"
+    click_link "Haven't received instructions to activate your account?"
+
+    fill_in "user_email", with: "fake@mail.dev"
+    click_button "Re-send instructions"
+
+    expect(page).to have_content "If your email address is in our database, in a few minutes you "\
+                                 "will receive an email containing instructions on how to reset "\
+                                 "your password."
+  end
+
   scenario "Sign in, admin with password expired" do
     user = create(:user, password_changed_at: Time.current - 1.year)
     admin = create(:administrator, user: user)