Feature that user must change password at next login

[Billtec]

Feature Request

Problem to be solved

For internal users, administrator should tell the users their password in plain text. If the user doesn't change his/her password, then it may become a security issue.

The better way is that, administrator create a user with default password, and the user's state can be set to "wait for a password change" (other than active / inactive). Users in this state should login in WebUI and the system will urge him/her to change password, before the password is changed, the user cannot access any of the resources.

Proposed solution

1. Add a user state like "wait for a password change" (other than active / inactive).
2. On the user creation page, add a checkbox "User must change password on next login", and it's default checked. If it's checked, then the state "wait for a password change" is ON for this user.
3. When the "wait for a password change" state is ON, then the user cannot access any resource except the password change page.
4. When the user's password is changed, the "wait for a password change" state is automatically changed to OFF.