Enable setting password change requirements in user templates

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>

internal/httpd/httpd_test.go

@@ -22389,8 +22389,30 @@ func TestUserSaveFromTemplateMock(t *testing.T) {
 
 	u1, _, err := httpdtest.GetUserByUsername(user1, http.StatusOK)
 	assert.NoError(t, err)
+	assert.False(t, u1.Filters.RequirePasswordChange)
 	u2, _, err := httpdtest.GetUserByUsername(user2, http.StatusOK)
 	assert.NoError(t, err)
+	assert.False(t, u2.Filters.RequirePasswordChange)
+
+	_, err = httpdtest.RemoveUser(u1, http.StatusOK)
+	assert.NoError(t, err)
+	_, err = httpdtest.RemoveUser(u2, http.StatusOK)
+	assert.NoError(t, err)
+
+	form.Add("tpl_require_password_change", "checked")
+	b, contentType, _ = getMultipartFormData(form, "", "")
+	req, _ = http.NewRequest(http.MethodPost, webTemplateUser, &b)
+	setJWTCookieForReq(req, token)
+	req.Header.Set("Content-Type", contentType)
+	rr = executeRequest(req)
+	checkResponseCode(t, http.StatusSeeOther, rr)
+
+	u1, _, err = httpdtest.GetUserByUsername(user1, http.StatusOK)
+	assert.NoError(t, err)
+	assert.True(t, u1.Filters.RequirePasswordChange)
+	u2, _, err = httpdtest.GetUserByUsername(user2, http.StatusOK)
+	assert.NoError(t, err)
+	assert.True(t, u2.Filters.RequirePasswordChange)
 
 	_, err = httpdtest.RemoveUser(u1, http.StatusOK)
 	assert.NoError(t, err)

internal/httpd/webadmin.go

@@ -351,6 +351,7 @@ type userTemplateFields struct {
 	Username         string
 	Password         string
 	PublicKeys       []string
+	RequirePwdChange bool
 }
 
 func loadAdminTemplates(templatesPath string) {
@@ -1228,6 +1229,7 @@ func getUsersForTemplate(r *http.Request) []userTemplateFields {
 			Username:         username,
 			Password:         password,
 			PublicKeys:       []string{publicKey},
+			RequirePwdChange: r.Form.Get("tpl_require_password_change") != "",
 		})
 	}
 
@@ -1910,6 +1912,7 @@ func getUserFromTemplate(user dataprovider.User, template userTemplateFields) da
 	user.Username = template.Username
 	user.Password = template.Password
 	user.PublicKeys = template.PublicKeys
+	user.Filters.RequirePasswordChange = template.RequirePwdChange
 	replacements := make(map[string]string)
 	replacements["%username%"] = user.Username
 	if user.Password != "" && !user.IsPasswordHashed() {
@@ -3464,6 +3467,7 @@ func (s *httpdServer) handleWebAddUserPost(w http.ResponseWriter, r *http.Reques
 		Username:         user.Username,
 		Password:         user.Password,
 		PublicKeys:       user.PublicKeys,
+		RequirePwdChange: user.Filters.RequirePasswordChange,
 	})
 	if claims.Role != "" {
 		user.Role = claims.Role
@@ -3521,6 +3525,7 @@ func (s *httpdServer) handleWebUpdateUserPost(w http.ResponseWriter, r *http.Req
 		Username:         updatedUser.Username,
 		Password:         updatedUser.Password,
 		PublicKeys:       updatedUser.PublicKeys,
+		RequirePwdChange: updatedUser.Filters.RequirePasswordChange,
 	})
 	if claims.Role != "" {
 		updatedUser.Role = claims.Role

templates/webadmin/user.html

@@ -91,6 +91,16 @@ explicit grant from the SFTPGo Team (support@sftpgo.com).
                                 <span data-i18n="general.add">Add</span>
                             </a>
                         </div>
+
+                        <div class="form-group row align-items-center mt-10">
+                            <label data-i18n="user.require_pwd_change" class="col-md-3 col-form-label" for="idTmplRequirePasswordChange">Require password change</label>
+                            <div class="col-md-9">
+                                <div class="form-check form-switch form-check-custom form-check-solid">
+                                    <input class="form-check-input" type="checkbox" id="idTmplRequirePasswordChange" name="tpl_require_password_change"/>
+                                </div>
+                            </div>
+                        </div>
+
                     </div>
                 </div>
             </div>