The problem is: when you click on the password recovery link, the user gets to your personal home page, bypassing the opportunity to create a new password. Yes, there is a tab “edit”, but then again – there to change the password you need to enter the old. I tried to recover from an administrator – all right: two fields, enter the new password and confirm it.
The reference in the letter to the recovery token generated by [user:one-time-login-url]
Help me please.