user register with duplicate email, you can add a specific message

[vnt]

Hi, if you try make a registration with an email already used, you receive the generic message (the user could not be saved). Is it posibile add a specific message for this exception? Ex: this email is already associated with another user.

Thanks a lot D.

[llincoln]

My thoughts: This would confirm to a potential hacker that the email address does exist which is generally frowned upon.

https://www.owasp.org/index.php/Authentication_Cheat_Sheet#Authentication_and_Error_Messages

Maybe its possible to provide a token that can be overridden if this is the desired behaviour?

[vnt]

I think usability comes first. If the user does not understand the reason for the error it could be a problem.

[llincoln]

This is perhaps an opportunity to get the best of both, a configurable setting that controls the verbosity of feedback messages would be a really nice feature. The tokenized strings containing the sort of feedback you are looking for is already in the exceptions thrown by the validate method of RegisterBehaviour.

I think usability comes first

In an ideal world I would agree, usability is king :) but where I work though my head would be on a stick for suggesting that :)