+ $firstUser = $users[0] ?? null;
+ $requireEmail = $this->config->get( 'AllowRequiringEmailForResets' )
+ && $method === 'username'
+ && $firstUser
+ && $firstUser->getBoolOption( 'requireemail' );
+ if ( $requireEmail ) {
+ if ( $email === '' ) {
+ return StatusValue::newFatal( 'passwordreset-username-email-required' );
+ }
+
+ if ( !Sanitizer::validateEmail( $email ) ) {
+ return StatusValue::newFatal( 'passwordreset-invalidemail' );
+ }
+ }
+
+ // Check against the rate limiter
+ if ( $performingUser->pingLimiter( 'mailpassword' ) ) {
+ return StatusValue::newFatal( 'actionthrottledtext' );
+ }
+