Not sure, if this is topic for whole OC or just RainLab.User plugin, but… i think, that is strange, when you wish to “recover password” (Lost password / Forgot password) aka ResetPassword component, that this commponent asks for “current password” …
It doesn’t ask for it if a token is supplied (via Reset Password method).
{% if __SELF__.hasToken %}
<input type="hidden" name="token" value="{{ __SELF__.token }}" />
<input type="hidden" name="email" value="{{ __SELF__.email }}" />
{% else %}
<div class="form-floating my-3">
<input
name="current_password"
type="password"
class="form-control"
id="inputCurrentPassword"
placeholder="Current Password"
/>
<label for="inputPassword">Current password</label>
</div>
{% endif %}