Force user to change password (#4489)

* redirect to login page after successfully activating account

* force users to change password if account was created by an admin

* force users to change password if account was created by an admin

* fixed build

* fixed build

* fix pending issues with translation and wrong routes

* make sure path check is safe

* remove unneccessary newline

* make sure users that don't have to view the form get redirected

* move route to use /settings prefix so as to make sure unauthenticated users can't view the page

* update as per @lafriks review

* add necessary comment

* remove unrelated changes

* support redirecting to location the user actually want to go to before being forced to change his/her password

* run make fmt

* added tests

* improve assertions

* add assertion

* fix copyright year

Signed-off-by: Lanre Adelowo <yo@lanre.wtf>

1 files changed, 6 insertions, 5 deletions

diff --git a/routers/admin/users.go b/routers/admin/users.go
index 9aa78db103..ae8882ac12 100644
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@@ -77,11 +77,12 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) {
 	}
 
 	u := &models.User{
-		Name:      form.UserName,
-		Email:     form.Email,
-		Passwd:    form.Password,
-		IsActive:  true,
-		LoginType: models.LoginPlain,
+		Name:               form.UserName,
+		Email:              form.Email,
+		Passwd:             form.Password,
+		IsActive:           true,
+		LoginType:          models.LoginPlain,
+		MustChangePassword: true,
 	}
 
 	if len(form.LoginType) > 0 {