Not sure, if this is topic for whole OC or just RainLab.User plugin, but… i think, that is strange, when you wish to “recover password” (Lost password / Forgot password) aka ResetPassword component, that this commponent asks for “current password” …
It doesn’t ask for it if a token is supplied (via Reset Password method).
{% if __SELF__.hasToken %}
<input type="hidden" name="token" value="{{ __SELF__.token }}" />
<input type="hidden" name="email" value="{{ __SELF__.email }}" />
{% else %}
<div class="form-floating my-3">
<input
name="current_password"
type="password"
class="form-control"
id="inputCurrentPassword"
placeholder="Current Password"
/>
<label for="inputPassword">Current password</label>
</div>
{% endif %}
i created separate page /lost-password, included component {% component 'resetPassword' %} and probably default link for that /lost-password is missing some kind of hidden onResetPassword action or something, that will redirect to /lost-password with token and email, right?
then, when you use “simple page” with resetPassword component, it never gets __SELF__.token