In case the user is already logged in, on the login pages, forgotten password and registration, it is redirected to the profile page
This makes the profile routes mandatory, but as explained here: https://symfony.com/doc/master/bundles/FOSUserBundle/routing.html, some installations may not expose them.
this is a no-go, because it breaks when Symfony asks a remembered user to login again to achieve full authentication
This is a BC break (we did it in the past, and several people complained because they rely on being able to access the registration while being logged in).
thus, it might make sense to access the password resetting while being authenticated by remember_me if you don't remember your password when being asked to enter it again somewhere.
I have change IS_AUTHENTICATED_REMEMBERED for IS_AUTHENTICATED_FULLY in login and password resetting pages, it's good ?
for the resetting, even FULLY could break things IMO.
And I don't like the hard dependency on the profile page. Projects may not use it (for instance, I don't have such a route in my own project). So I'm rather -1 here.
thus, both RegistrationController::registerAction and ResettingController::sendEmailAction have a way to add this in your own project with an event listener if you want it. So I'd rather not enforce this behavior for all projects.
Ok, so I close my request.