Relates to #14232

Motivation

A security team may wish to monitor attempts to reset user passwords.

Proposed Solution

We should drop some logs at ERROR or WARN when the following events occur:

• A password reset request is submitted for a user account that does not exist
• An invalid password reset request is submitted for a user account due to the one time code not matching