feat(#9547): require password reset on first time login and admin password update

[Benmuiruri]

Description

Video showing password reset in action

Screen.Recording.2025-01-10.at.10.29.17.mov

Video showing permission enabling skipping password reset

Screen.Recording.2025-01-10.at.10.32.14.mov

Video showing api supports setting password_change_required: false for specific user

Screen.Recording.2025-01-10.at.10.44.23.mov

Video showing password change hint in admin app

Screen.Recording.2025-01-15.at.15.01.17.mov

Closes #9547

Code review checklist

• UI/UX backwards compatible: Test it works for the new design (enabled by default). And test it works in the old design, enable can_view_old_navigation permission to see the old design.
• Readable: Concise, well named, follows the style guide, documented if necessary.
• Documented: Configuration and user documentation on cht-docs
• Tested: Unit and/or e2e where appropriate
• Internationalised: All user facing text
• Backwards compatible: Works with existing data and configuration or includes a migration. Any breaking changes documented in the release notes.

Compose URLs

If Build CI hasn't passed, these may 404:

• Core
• CouchDB Single
• CouchDB Cluster

License

The software is provided under AGPL-3.0. Contributions to this project are accepted under the same license.

[Benmuiruri]

Hi @jkuester I resolved the feedback you gave me and this implementation is leaner than the previous one. It is now ready for review.

[jkuester]

This is coming together nicely! Couple additional comments/suggestions here.

I think my only remaining workflow-level question is if you think we need some kind of message in the admin app when changing a user's password that will alert the admin that the user will be prompted to change their password again? I am just concernd that we will still catch folks off guard with this functionality change... 🤔

[Benmuiruri]

Hi @jkuester Good point about adding a sort of warning. I came up with this

update.password.help = User will be prompted to reset password after login unless can_skip_password_change permission is enabled for the user role.

[jkuester]

@Benmuiruri Yes, that was exactly what I was thinking. Would it be possible to just hide it for users that have the can_skip_password_change permission? I would rather not mention the permission at all in the message and it seems it would be most helpful to just see it in the case where we know a password reset will be necessary. But, I am not sure if we have everything we need in context here to know which permissions the user is going to have...

[jkuester]

Fantastic! I had one minor suggestion about the update user code, but otherwise this is good to go!