Every time the password reset form was loaded, the form submit event
listener was attached to a non-disposable DOM node rather than the DOM
node whose life scope was bound to the viewed page. As such, submitting
the form, leaving the page, returning back to it and sending the request
again caused the 'submit' event to fire twice - one time from the
non-disposed event handler and one from the current handler. This
resulted in the request being sent twice, and getting two confirmation
messages on the screen.
Fortunately, since the password reset requests are GET requests, they're
intercepted by the internal cache of the client API facade, so the
client just saw duplicate messages without the requests being actually
sent to the backend - meaning no extra mails were sent.
023ec9a976