Encryption module: If default mode, warning about data loss in password reset is unncessary

[CySlider]

Steps to reproduce

Install NC13.0.1
Enable default encryption module
Create account using no password send mail option.
Follow link in mail and set password
Log in
Upload file
Log out
Click "Forgot password" and specify username
Follow link in mail and Reset password
Ignore warning about data loss and Reset password again
Uploaded file is still there and accessible

Expected behaviour

Either no warning or uploaded file should not be accessible

Nextcloud version:
13.0.1

Updated from an older Nextcloud/ownCloud or fresh install:
Fresh install

Additional thoughts

I understand that the admin recovery key now is set by default to the master key and you have to run occ encryption:disable-master-key to disable it. So this could explain the "no data loss" result

But I thought I still would need to log in as admin to start the recovery process and decrypt the master-key? Is the master key accessible to anyone who dumped the file system without needing the Admin password?

[CySlider]

Also the e-mail said that the password was reset by an administrator even though I did reset it as the not logged in user via my e-mail link.

[MorrisJobke]

cc @nextcloud/encryption

[schiessle]

True, since Nextcloud 13 we use a master key instead of per user keys by default. So in this case the warning is void, fix is here: #10645