Added ability to use the email address when doing a reset password reque...

[sardbaba]

This changes can be useful to let the user enter his/her email address when requesting a password reset. In our scenario, for example, the user name is dynamically generated (with an hashed and unique code) and for that reason the user only needs to enter her/his email address.
Hope this can be safely integrated.

[LostKobrakai]

It would be nice if you could make this optional. It's not a good idea to have this just added as is as people, who update to this, maybe don't want this behavior.

[sardbaba]

You are right @LostKobrakai thanks
I've pushed also this https://github.com/sardbaba/ProcessWire/commit/0291df27073222728d2587e204e7d814fb02b33e to optionally add this feature.

[teppokoivula]

Whether it's a problem depends on the case, but it should be noted that email addresses for users are not unique, i.e. it's possible to have multiple users with identical email addresses at the same time.

I like this feature a lot (I myself tend to forget both passwords and usernames..) but this could be an issue, especially if ever combined with (for an example) automated registration system that doesn't properly force unique emails.

One relatively easy solution would be failing (silently) if more than one user matches given email. I think that this would make more sense than picking first user matching given email based on default sort setting.

[sardbaba]

@teppokoivula in fact what you say is a sticking point, thanks for looking into this.
In our case we are blocking a second registration with the same email (https://bitbucket.org/mauro_mascia/processwire-social-login/src/03bd0852611d683a1642ad50339930fdf2a76784/classes/SocialLoginProcessRegistration.php?at=master#cl-135) and for that there is no way to register the same email (or maybe yes, when logging with a social login).
So, your solution to fail silently should be good.