Allow admin toggle forcing a password change for newly created users (#4563)

diff --git a/modules/auth/admin.go b/modules/auth/admin.go
index 0bb7d355c45fe49c475372672dee8868d152c6c0..fb86a047648c16998b971ce624f28682bfe2a52a 100644 (file)
--- a/modules/auth/admin.go
+++ b/modules/auth/admin.go
@@ -12,12 +12,13 @@ import (
 
 // AdminCreateUserForm form for admin to create user
 type AdminCreateUserForm struct {
-       LoginType  string `binding:"Required"`
-       LoginName  string
-       UserName   string `binding:"Required;AlphaDashDot;MaxSize(35)"`
-       Email      string `binding:"Required;Email;MaxSize(254)"`
-       Password   string `binding:"MaxSize(255)"`
-       SendNotify bool
+       LoginType          string `binding:"Required"`
+       LoginName          string
+       UserName           string `binding:"Required;AlphaDashDot;MaxSize(35)"`
+       Email              string `binding:"Required;Email;MaxSize(254)"`
+       Password           string `binding:"MaxSize(255)"`
+       SendNotify         bool
+       MustChangePassword bool
 }
 
 // Validate validates form fields

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index e163a7e46d1c3558bde61d3836a52f00fbc7bced..bbb8a6c8c438b6945b42d521033ebb9f32d1cde4 100644 (file)
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -206,6 +206,7 @@ sign_up_now = Need an account? Register now.
 sign_up_successful = Account was successfully created.
 confirmation_mail_sent_prompt = A new confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the registration process.
 must_change_password = Update your password
+allow_password_change = Require user to change password (recommended)
 reset_password_mail_sent_prompt = A confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the password reset process.
 active_your_account = Activate Your Account
 account_activated = Account has been activated

diff --git a/routers/admin/users.go b/routers/admin/users.go
index ae8882ac12caa1a0fcab08026c572282b441fb36..8a99de01c207b9ae307dbca52455a945455b8045 100644 (file)
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@@ -82,7 +82,7 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) {
                Passwd:             form.Password,
                IsActive:           true,
                LoginType:          models.LoginPlain,
-               MustChangePassword: true,
+               MustChangePassword: form.MustChangePassword,
        }
 
        if len(form.LoginType) > 0 {

diff --git a/routers/admin/users_test.go b/routers/admin/users_test.go
index 8f6859940d4ced995abd0dd09633c3c3d16690c3..17eadd13361ac441c6385ea5698b37c70e9c4fb4 100644 (file)
--- a/routers/admin/users_test.go
+++ b/routers/admin/users_test.go
@@ -29,12 +29,13 @@ func TestNewUserPost_MustChangePassword(t *testing.T) {
        email := "gitea@gitea.io"
 
        form := auth.AdminCreateUserForm{
-               LoginType:  "local",
-               LoginName:  "local",
-               UserName:   username,
-               Email:      email,
-               Password:   "xxxxxxxx",
-               SendNotify: false,
+               LoginType:          "local",
+               LoginName:          "local",
+               UserName:           username,
+               Email:              email,
+               Password:           "xxxxxxxx",
+               SendNotify:         false,
+               MustChangePassword: true,
        }
 
        NewUserPost(ctx, form)
@@ -48,3 +49,40 @@ func TestNewUserPost_MustChangePassword(t *testing.T) {
        assert.Equal(t, email, u.Email)
        assert.True(t, u.MustChangePassword)
 }
+
+func TestNewUserPost_MustChangePasswordFalse(t *testing.T) {
+
+       models.PrepareTestEnv(t)
+       ctx := test.MockContext(t, "admin/users/new")
+
+       u := models.AssertExistsAndLoadBean(t, &models.User{
+               IsAdmin: true,
+               ID:      2,
+       }).(*models.User)
+
+       ctx.User = u
+
+       username := "gitea"
+       email := "gitea@gitea.io"
+
+       form := auth.AdminCreateUserForm{
+               LoginType:          "local",
+               LoginName:          "local",
+               UserName:           username,
+               Email:              email,
+               Password:           "xxxxxxxx",
+               SendNotify:         false,
+               MustChangePassword: false,
+       }
+
+       NewUserPost(ctx, form)
+
+       assert.NotEmpty(t, ctx.Flash.SuccessMsg)
+
+       u, err := models.GetUserByName(username)
+
+       assert.NoError(t, err)
+       assert.Equal(t, username, u.Name)
+       assert.Equal(t, email, u.Email)
+       assert.False(t, u.MustChangePassword)
+}

diff --git a/templates/admin/user/new.tmpl b/templates/admin/user/new.tmpl
index 14e1d74292385229985916a5de97517dc67e946f..b9e326e73495cbcc2926e7716d30759aa358f089 100644 (file)
--- a/templates/admin/user/new.tmpl
+++ b/templates/admin/user/new.tmpl
@@ -42,6 +42,13 @@
                                        <input id="password" name="password" type="password" value="{{.password}}" {{if eq .login_type "0-0"}}required{{end}}>
                                </div>
 
+                               <div class="inline field">
+                                       <div class="ui checkbox">
+                                               <label><strong>{{.i18n.Tr "auth.allow_password_change" }}</strong></label>
+                                               <input name="must_change_password" type="checkbox" checked>
+                                       </div>
+                               </div>
+
                                <!-- Send register notify e-mail -->
                                {{if .CanSendEmail}}
                                        <div class="inline field">