NOTE: This work status is pending, depending upon the outcome of Security decisions.
As a product manager, I want to remove any notifications associated with incorrect or incomplete information on Special:PasswordReset, so that we can provide a more secure and private experience for users.
Background: We have decided to update some of the behavior associated with password resets to enhance security. We have outlined our proposal in T237755. This is one of the outcomes of the proposal.
* If any user submits any information on Special:PasswordReset (i.e., data for username or email address), they should be redirected to the message screen
* This applies regardless of whether PRU is enabled, and regardless of whether the information entered is valid or invalid in the system
* One exception: If the user submits an email address without the @ symbol, then they should be prevented from completing the form