password.reset.flow.response.email.sender appears to be installation-specific (mine was "info@skyebelltown.com", for instance), and as such is not profiled here.
The stub page after resetting a password has a "log in" link. Apparently I still haven't added a field to describe this (wasn't there going to be something like password.reset.flow.submit.stub.link at one point?)
Opening the reset link when logged in (#68) directs you to your user home page.
Using a reset link does not invalidate the link. I was thinking this'd be profiled under redflags, but since I'm not sure I even intend to keep redflags (probably just rolling it into caveats where it busts the schema and deriving it from profiles otherwise), I've introduced the expire: unchanged value.
Password reset requires you to enter your email address, which is weird. Apparently. I'll need to add password.reset.flow.submit.reauth as a field.
Some observations not in this profile:
password.reset.flow.response.email.sender
appears to be installation-specific (mine was "info@skyebelltown.com", for instance), and as such is not profiled here.password.reset.flow.submit.stub.link
at one point?)expire: unchanged
value.password.reset.flow.submit.reauth
as a field.