That is the new code: b53a844

Thanks for the effort. Not sure if I'm missing something, but does this only submit the form with JS? The process is exactly the same besides that? If so, while I see it's a small improvement it doesn't really solve the problem. The user still gets two emails and their password is still sent via email.

As mentioned on the Q2A site the best solution would be when they click the link in the first email, they're shown a form to put in a new password themselves, rather than be sent a second email.

Also just a few notes on the code itself:

• For some reason this has been mixed up with other PRs/commits, maybe check the Github docs in case there's something you did wrong.
• The PR has been sent against the master branch, but for new features it should be against the 1.8 branch. See the contributing guide for details.
• The coding style seems to be messed up. For example, here the curly brace is on the next line. Maybe this was done automatically by your text editor/IDE? If so, see if you can configure it to follow our style (see the contributing file) or turn off automatic formatting.

Hope that helps for future PRs :)

I am very short on time recently and cannot spent extra hours to tidy up the details, esp. Github (I missed to sync beforehand). Sorry for that.

And yes, the process is improved. We tested it already.

You can leave it open until someone else finds it again and reports back.

I started to use brackets on the new line. I am not sure, saw this at Gideon or someone else.

Greetings.

Very bad idea never send any passwords via email.

1. User gets the 2nd email that contains his new password, frontend shows: "password was sent to you", and the input fields, cursor in password field blinking

Solved by #457