password resets: fix exception when given user does not exist.

app/controllers/password_resets_controller.rb

@@ -4,7 +4,10 @@ class PasswordResetsController < ApplicationController
   def create
     @user = User.find_by_name(params.dig(:user, :name))
 
-    if @user.can_receive_email?(require_verification: false)
+    if @user.blank?
+      flash[:notice] = "That account does not exist"
+      redirect_to password_reset_path
+    elsif @user.can_receive_email?(require_verification: false)
       UserMailer.password_reset(@user).deliver_later
       flash[:notice] = "Password reset email sent. Check your email"
       respond_with(@user, location: new_session_path)

test/functional/password_resets_controller_test.rb

@@ -25,6 +25,12 @@ class PasswordResetsControllerTest < ActionDispatch::IntegrationTest
         assert_redirected_to @user
         assert_no_enqueued_emails
       end
+
+      should "fail if the user does not exist" do
+        post password_reset_path, params: { user: { name: "qoi23oti" } }
+
+        assert_redirected_to password_reset_path
+      end
     end
   end
 end