I did some digging by myself and found this:
which leads to this:
And that is the point, were at least the previously set password is worthless. May be this helps a little bit.
Eventhough it would be nice to configure the behaviour in general.
And here is my patch, which solves at least my problem.
request_schemas.py:
@@ -1285,6 +1285,25 @@
enum=["de", "en", "ro"],
)
+ enforce_pw_change = fields.Bool(
+ required=False,
+ description="Enforce the password change on next login. This has no effect if you remove "
+ "the authentication option",
+ example=False,
+ )
+
+ icons_per_item = fields.String(
+ required=False,
+ description="",
+ example="entry",
+ )
+
+ ui_sidebar_position = fields.String(
+ required=False,
+ description="",
+ example="left",
+ )
+
class UpdateUser(BaseSchema):
fullname = fields.String(
@@ -1307,7 +1326,7 @@
},
missing=dict,
)
- enforce_password_change = fields.Bool(
+ enforce_pw_change = fields.Bool(
required=False,
description="Enforce the password change on next login. This has no effect if you remove "
"the authentication option",
user_config.py:
@@ -339,8 +339,12 @@
internal_attrs.pop("automation_secret", None)
internal_attrs.pop("password", None)
else:
+ changepw=new_user
+ if auth_options["password"] != "":
+ changepw=False
+
internal_auth_attrs = _auth_options_to_internal_format(auth_options,
- enforce_pw_change=new_user)
+ enforce_pw_change=changepw)
if internal_auth_attrs:
if "automation_secret" not in internal_auth_attrs: # new password
internal_attrs.pop("automation_secret", None)