Allow admin toggle forcing a password change for newly created users (#4563)

modules/auth/admin.go

@@ -12,12 +12,13 @@ import (
 
 // AdminCreateUserForm form for admin to create user
 type AdminCreateUserForm struct {
-	LoginType  string `binding:"Required"`
+	LoginType          string `binding:"Required"`
-	LoginName  string
+	LoginName          string
-	UserName   string `binding:"Required;AlphaDashDot;MaxSize(35)"`
+	UserName           string `binding:"Required;AlphaDashDot;MaxSize(35)"`
-	Email      string `binding:"Required;Email;MaxSize(254)"`
+	Email              string `binding:"Required;Email;MaxSize(254)"`
-	Password   string `binding:"MaxSize(255)"`
+	Password           string `binding:"MaxSize(255)"`
-	SendNotify bool
+	SendNotify         bool
+	MustChangePassword bool
 }
 
 // Validate validates form fields

options/locale/locale_en-US.ini

@@ -206,6 +206,7 @@ sign_up_now = Need an account? Register now.
 sign_up_successful = Account was successfully created.
 confirmation_mail_sent_prompt = A new confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the registration process.
 must_change_password = Update your password
+allow_password_change = Require user to change password (recommended)
 reset_password_mail_sent_prompt = A confirmation email has been sent to <b>%s</b>. Please check your inbox within the next %s to complete the password reset process.
 active_your_account = Activate Your Account
 account_activated = Account has been activated

routers/admin/users.go

@@ -82,7 +82,7 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) {
 		Passwd:             form.Password,
 		IsActive:           true,
 		LoginType:          models.LoginPlain,
-		MustChangePassword: true,
+		MustChangePassword: form.MustChangePassword,
 	}
 
 	if len(form.LoginType) > 0 {

routers/admin/users_test.go

@@ -29,12 +29,13 @@ func TestNewUserPost_MustChangePassword(t *testing.T) {
 	email := "gitea@gitea.io"
 
 	form := auth.AdminCreateUserForm{
-		LoginType:  "local",
+		LoginType:          "local",
-		LoginName:  "local",
+		LoginName:          "local",
-		UserName:   username,
+		UserName:           username,
-		Email:      email,
+		Email:              email,
-		Password:   "xxxxxxxx",
+		Password:           "xxxxxxxx",
-		SendNotify: false,
+		SendNotify:         false,
+		MustChangePassword: true,
 	}
 
 	NewUserPost(ctx, form)
@@ -48,3 +49,40 @@ func TestNewUserPost_MustChangePassword(t *testing.T) {
 	assert.Equal(t, email, u.Email)
 	assert.True(t, u.MustChangePassword)
 }
+
+func TestNewUserPost_MustChangePasswordFalse(t *testing.T) {
+
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "admin/users/new")
+
+	u := models.AssertExistsAndLoadBean(t, &models.User{
+		IsAdmin: true,
+		ID:      2,
+	}).(*models.User)
+
+	ctx.User = u
+
+	username := "gitea"
+	email := "gitea@gitea.io"
+
+	form := auth.AdminCreateUserForm{
+		LoginType:          "local",
+		LoginName:          "local",
+		UserName:           username,
+		Email:              email,
+		Password:           "xxxxxxxx",
+		SendNotify:         false,
+		MustChangePassword: false,
+	}
+
+	NewUserPost(ctx, form)
+
+	assert.NotEmpty(t, ctx.Flash.SuccessMsg)
+
+	u, err := models.GetUserByName(username)
+
+	assert.NoError(t, err)
+	assert.Equal(t, username, u.Name)
+	assert.Equal(t, email, u.Email)
+	assert.False(t, u.MustChangePassword)
+}

templates/admin/user/new.tmpl

@@ -42,6 +42,13 @@
 					<input id="password" name="password" type="password" value="{{.password}}" {{if eq .login_type "0-0"}}required{{end}}>
 				</div>
 
+				<div class="inline field">
+					<div class="ui checkbox">
+						<label><strong>{{.i18n.Tr "auth.allow_password_change" }}</strong></label>
+						<input name="must_change_password" type="checkbox" checked>
+					</div>
+				</div>
+
 				<!-- Send register notify e-mail -->
 				{{if .CanSendEmail}}
 					<div class="inline field">