Security issue induced by German translation

[lgavillet]

A security issue has been induced by a German translation: https://www.localeapp.com/projects/377/translations/2034179?in_locale=1648

Source of the problem:

devise.failure.invalid:  %{authentication_keys} oder Passwort ungültig.
devise.failure.not_found_in_database: %{authentication_keys}-Adresse oder Passwort ungültig. 

As those two translations are not exactly the same, it is possible to differentiate if, during login failure, an user exists in the database or not. This is actually a security treat, as if no locking mechanism has been setup, it is possible to check the existence of an user and then guess the password.

Translation updated in: https://www.localeapp.com/projects/377/translations/2034179?in_locale=1648

[JasonBarnabe]

See heartcombo/devise#4763.

[JasonBarnabe]

I don't think it should be looking up different keys so I filed the issue above, but the values should not be different anyway, based on what devise provides. It looks like I made a mistake in 768785a#diff-eb19846118a4d36584de4bccd93b7a04 and this difference was propagated to some translations.

[JasonBarnabe]

I have updated all strings to be the same for these two keys.