- Created user account but no email sent
- Come back and send the email
RESULT: Welcome email received, login sucessful
- Created user account and email sent
- user used the link in the email
- Come back and send the email again
RESULT: Email was resent. In cases where the user hasn't logged in normally since the email was sent the link to reset password works fine. However Drupal uses a hash of the users password, most recent login time and uid to create the link used in the email. If any of these change (e.g. if the user logs in again) then this link breaks.
- Created user account and email sent
- user didn't used the link in the email
- Come back and send the email again
RESULT: Email is resent. Either link is still valid until the user uses one of them to login. At this point both links become invalid because login (which is used in the hash) is updated.