From 9bea276055edc9527e3d6d66df3bbf0d20326f8b Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Sat, 3 Feb 2024 18:53:27 +0100
Subject: [PATCH] Add `must-change-password` cli parameter (#27626)

This PR adds a new `must-change-password` parameter to the
`change-password` cli command.
We already have the `must-change-password` command but it feels natural
to have this integrated into the `change-password` cli command.

---------

Co-authored-by: 6543 <6543@obermui.de>
---
 cmd/admin_user_change_password.go                 | 10 +++++++++-
 docs/content/administration/command-line.en-us.md |  1 +
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/cmd/admin_user_change_password.go b/cmd/admin_user_change_password.go
index eebbfb3b67..22764318fd 100644
--- a/cmd/admin_user_change_password.go
+++ b/cmd/admin_user_change_password.go
@@ -32,6 +32,10 @@ var microcmdUserChangePassword = &cli.Command{
 			Value:   "",
 			Usage:   "New password to set for user",
 		},
+		&cli.BoolFlag{
+			Name:  "must-change-password",
+			Usage: "User must change password",
+		},
 	},
 }
 
@@ -69,7 +73,11 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}
 
-	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+	if c.IsSet("must-change-password") {
+		user.MustChangePassword = c.Bool("must-change-password")
+	}
+
+	if err = user_model.UpdateUserCols(ctx, user, "must_change_password", "passwd", "passwd_hash_algo", "salt"); err != nil {
 		return err
 	}
 
diff --git a/docs/content/administration/command-line.en-us.md b/docs/content/administration/command-line.en-us.md
index a52b93d344..5049df35e0 100644
--- a/docs/content/administration/command-line.en-us.md
+++ b/docs/content/administration/command-line.en-us.md
@@ -95,6 +95,7 @@ Admin operations:
       - Options:
         - `--username value`, `-u value`: Username. Required.
         - `--password value`, `-p value`: New password. Required.
+        - `--must-change-password`: If provided, the user is required to choose a new password after the login. Optional.
       - Examples:
         - `gitea admin user change-password --username myname --password asecurepassword`
     - `must-change-password`: