prefill email on"forgot password" page

It definitely should, but only if the email has been already registered.

Conversely, if the user enters an unregistered, valid email and chooses "New account", the field should be pre-populated as well.

We can append the email as a GET param to the forgot password page after a login form submission (when we build the page). We won't do it live with JS as we don't want to introduce a JS lib to the main login page at this time for performance reasons. We should not check for the existence of the email when appending it as this could be used to expose known emails. Whatever value entered into the email login field should just be passed to the forgot password page to pre-fill the field. This should not actually submit the forgot password form automatically.

You only get the email address added if you have the "wrong password" warning flagged. If you type in your email address and realise you have forgotten your password and select the forgotten password link the email address is not auto filled.

Is this behaviour correct?

This is expected behavior. From my earlier comment: "We won't do it live with JS as we don't want to introduce a JS lib to the main login page at this time for performance reasons". The intention is to handle cases where you've entered your email and it reports 'wrong password'. Clicking the link then prefills your email to save you typing it again after the original submission.

Cool in that case that is the correct behaviour and I can pass it and move on :)

passes on ec2

This works as described above on staging.

This is working on production