cleanup ispasswordchangerequired from user_view

Author: sudo87

api/src/main/java/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java

@@ -203,8 +203,4 @@ public ApiCommandResourceType getApiResourceType() {
     public Boolean isPasswordChangeRequired() {
         return BooleanUtils.isTrue(passwordChangeRequired);
     }
-
-    public void setPasswordChangeRequired(Boolean passwordChangeRequired) {
-        this.passwordChangeRequired = passwordChangeRequired;
-    }
 }

api/src/main/java/org/apache/cloudstack/api/response/UserResponse.java

@@ -132,10 +132,6 @@ public class UserResponse extends BaseResponse implements SetResourceIconRespons
     @Param(description = "whether api key access is Enabled, Disabled or set to Inherit (it inherits the value from the parent)", since = "4.20.1.0")
     ApiConstants.ApiKeyAccess apiKeyAccess;
 
-    @SerializedName(value = ApiConstants.PASSWORD_CHANGE_REQUIRED)
-    @Param(description = "Indicates whether the User is required to change password on next login.", since = "4.23.0")
-    private Boolean passwordChangeRequired;
-
     @Override
     public String getObjectId() {
         return this.getId();
@@ -321,12 +317,4 @@ public void set2FAmandated(Boolean is2FAmandated) {
     public void setApiKeyAccess(Boolean apiKeyAccess) {
         this.apiKeyAccess = ApiConstants.ApiKeyAccess.fromBoolean(apiKeyAccess);
     }
-
-    public Boolean isPasswordChangeRequired() {
-        return Boolean.TRUE.equals(passwordChangeRequired);
-    }
-
-    public void setPasswordChangeRequired(Boolean passwordChangeRequired) {
-        this.passwordChangeRequired = passwordChangeRequired;
-    }
 }

engine/schema/src/main/resources/META-INF/db/views/cloud.user_view.sql

@@ -53,8 +53,7 @@ select
     async_job.uuid job_uuid,
     async_job.job_status job_status,
     async_job.account_id job_account_id,
-    user.is_user_2fa_enabled is_user_2fa_enabled,
-   `user_details`.`value` AS `password_change_required`
+    user.is_user_2fa_enabled is_user_2fa_enabled
 from
     `cloud`.`user`
         inner join
@@ -64,7 +63,4 @@ from
         left join
     `cloud`.`async_job` ON async_job.instance_id = user.id
         and async_job.instance_type = 'User'
-        and async_job.job_status = 0
-        left join
-    `cloud`.`user_details` AS `user_details` ON `user_details`.`user_id` = `user`.`id`
-        and `user_details`.`name` = 'PasswordChangeRequired';
+        and async_job.job_status = 0;

plugins/api/discovery/src/main/java/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java

@@ -69,7 +69,7 @@ public class ApiDiscoveryServiceImpl extends ComponentLifecycleBase implements A
     List<APIChecker> _apiAccessCheckers = null;
     List<PluggableService> _services = null;
     protected static Map<String, ApiDiscoveryResponse> s_apiNameDiscoveryResponseMap = null;
-    public static final List<String> APIS_ALLOWED_FOR_PASSWORD_CHANGE = Arrays.asList("login", "logout", "updateUser", "listUsers", "listApis");
+    public static final List<String> APIS_ALLOWED_FOR_PASSWORD_CHANGE = Arrays.asList("login", "logout", "updateUser", "listApis");
 
     @Inject
     AccountService accountService;

plugins/api/discovery/src/test/java/org/apache/cloudstack/discovery/ApiDiscoveryTest.java

@@ -167,6 +167,6 @@ public void listApisForUserEnforcedPwdChange() throws PermissionDeniedException
         Mockito.when(roleServiceMock.findRole(Mockito.anyLong())).thenReturn(userRoleVO);
         Mockito.when(apiNameDiscoveryResponseMapMock.get(Mockito.anyString())).thenReturn(Mockito.mock(ApiDiscoveryResponse.class));
         ListResponse<ApiDiscoveryResponse> response = (ListResponse<ApiDiscoveryResponse>) discoveryServiceSpy.listApis(getTestUser(), null);
-        Assert.assertEquals(5, response.getResponses().size());
+        Assert.assertEquals(4, response.getResponses().size());
     }
 }

server/src/main/java/com/cloud/api/query/dao/UserAccountJoinDaoImpl.java

@@ -73,7 +73,6 @@ public UserResponse newUserResponse(ResponseView view, UserAccountJoinVO usr) {
         userResponse.setSecretKey(usr.getSecretKey());
         userResponse.setIsDefault(usr.isDefault());
         userResponse.set2FAenabled(usr.isUser2faEnabled());
-        userResponse.setPasswordChangeRequired(usr.isPasswordChangeRequired());
         long domainId = usr.getDomainId();
         boolean is2FAmandated = Boolean.TRUE.equals(AccountManagerImpl.enableUserTwoFactorAuthentication.valueIn(domainId)) && Boolean.TRUE.equals(AccountManagerImpl.mandateUserTwoFactorAuthentication.valueIn(domainId));
         userResponse.set2FAmandated(is2FAmandated);

server/src/main/java/com/cloud/api/query/vo/UserAccountJoinVO.java

@@ -136,9 +136,6 @@ public class UserAccountJoinVO extends BaseViewVO implements InternalIdentity, I
     @Column(name = "api_key_access")
     Boolean apiKeyAccess;
 
-    @Column(name = "password_change_required")
-    Boolean passwordChangeRequired;
-
     public UserAccountJoinVO() {
     }
 
@@ -291,8 +288,4 @@ public boolean isUser2faEnabled() {
     public Boolean getApiKeyAccess() {
         return apiKeyAccess;
     }
-
-    public Boolean isPasswordChangeRequired() {
-        return passwordChangeRequired;
-    }
 }

ui/src/store/modules/user.js

@@ -345,15 +345,7 @@ const user = {
         const isPwdChangeRequired = vueProps.$localStorage.get(PASSWORD_CHANGE_REQUIRED)
         commit('SET_PASSWORD_CHANGE_REQUIRED', isPwdChangeRequired)
         if (isPwdChangeRequired) {
-          getAPI('listUsers', { id: Cookies.get('userid') }).then(response => {
-            const result = response.listusersresponse.user[0]
-            commit('SET_INFO', result)
-            commit('SET_NAME', result.firstname + ' ' + result.lastname)
-            if (result.icon?.base64image) commit('SET_AVATAR', result.icon.base64image)
-            resolve({})
-          }).catch(error => {
-            reject(error)
-          })
+          resolve()
           return
         }
 

ui/src/views/iam/ForceChangePassword.vue

@@ -41,7 +41,7 @@
               type="primary"
               size="large"
               block
-              @click="handleLogout"
+              @click="redirectToLogin()"
               style="margin-top: 20px;"
             >
               {{ $t('label.login') }}
@@ -95,7 +95,7 @@
             </a-form-item>
 
             <div class="actions">
-              <a @click="handleLogout">{{ $t('label.logout') }}</a>
+              <a @click="logoutAndRedirectToLogin()">{{ $t('label.logout') }}</a>
             </div>
           </a-form>
           </a-spin>
@@ -167,7 +167,8 @@ export default {
           currentpassword: values.currentpassword
         }
         postAPI('updateUser', params).then(() => {
-          this.$message.success(this.$t('message.please.login.new.password'))
+          this.$localStorage.remove(PASSWORD_CHANGE_REQUIRED)
+          this.handleLogout()
           this.isSubmitted = true
         }).catch(error => {
           console.error(error)
@@ -187,30 +188,19 @@ export default {
       } finally {
         Cookies.remove('userid')
         Cookies.remove('token')
-        this.$localStorage.remove(PASSWORD_CHANGE_REQUIRED)
-        this.$router.replace({ path: '/user/login' })
       }
     },
-    async isPasswordChangeRequired () {
-      try {
-        this.loading = true
-        const user = await this.getUserInfo()
-        if (user && !user.passwordchangerequired) {
-          this.isSubmitted = true
-        }
-      } catch (e) {
-        console.error('Failed to resolve user info:', e)
-      } finally {
-        this.loading = false
-      }
+    redirectToLogin () {
+      this.$router.replace('/user/login')
     },
-    async getUserInfo () {
-      const userInfo = this.$store.getters.userInfo
-      if (userInfo && userInfo.id) {
-        return userInfo
-      }
-      await this.$store.dispatch('GetInfo')
-      return this.$store.getters.userInfo
+    logoutAndRedirectToLogin () {
+      this.handleLogout().then(() => {
+        this.redirectToLogin()
+      })
+    },
+    async isPasswordChangeRequired () {
+      const passwordChangeRequired = this.$localStorage.get(PASSWORD_CHANGE_REQUIRED)
+      this.isSubmitted = !passwordChangeRequired
     }
   }
 }