Forum OpenACS Development: ACS Authentication: Letting any anonymous user reset any system user's password is trouble

I have submitted this bug report with an attached patch:

Could you take a look about the issue and the patch?
Do you think that anonymous password reset should be removed to prevent any inconveniences to OpenACS users?

I have upgraded the attached patch following Rocael's comments.

Could some people that know about acs-authentication review the patch?

I think this is a really good enhancement over the inconvenient reset password.

It would be more perfect if you would actually send to the email address of the user and not to the username. This breaks all sites which actually work with the username that is not the email 😊. Fixed.