I'd rather my password reset form not check the db for the existence
of the email and just blindly give an 'an email has been sent' message
regardless of what email address is entered.
In Auth.request_reset_password(), this should require simply making
the second validator conditional upon an option:
table_user.email.requires =
[IS_EMAIL(error_message=self.messages.invalid_email)]
if self.settings.request_reset_password_check_exists:
table_user.email.requires.append(IS_IN_DB(self.db,
table_user.email, error_message=self.messages.invalid_email))
The settings.request_reset_password_check_exists option would default
to True.
