I noticed that on create-account and verify-account they use the following setting to work with password generators:
@password_field_autocomplete_value = 'new-password'
But this isn't used on reset-password. So by default, the reset-password page has the password field with auto-complete set to 'current-password', but then the confirm password field is set to 'new-password'.
Just wanted to check first if this was intentionally done this way or if it was an oversight.
The only reason I can think of for why it was intentionally done this was is if disallow-password-reuse is turned off so that the user can reset their password to their current-password. Doesn't seem to me that that is a very compelling reason, but if that was the reasoning, I'd be happy to submit a PR that makes this dynamically dependent on if disallow-password-reuse is turned on or off, or at least use configurable