address copilot comments

sudo87 · sudo87 · commit c7e48b703faf · 2025-12-18T20:15:33.000+05:30
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/LoginCmdResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/LoginCmdResponse.java
@@ -91,7 +91,7 @@ public class LoginCmdResponse extends AuthenticationCmdResponse {
     private String managementServerId;
 
     @SerializedName(value = ApiConstants.PASSWORD_CHANGE_REQUIRED)
-    @Param(description = "Is User required to change password on next login.", since = "4.23.0")
+    @Param(description = "Indicates whether the User is required to change password on next login.", since = "4.23.0")
     private String passwordChangeRequired;
 
     public String getUsername() {
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/UserResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/UserResponse.java
@@ -133,7 +133,7 @@ public class UserResponse extends BaseResponse implements SetResourceIconRespons
     ApiConstants.ApiKeyAccess apiKeyAccess;
 
     @SerializedName(value = ApiConstants.PASSWORD_CHANGE_REQUIRED)
-    @Param(description = "Is User required to change password on next login.", since = "4.23.0")
+    @Param(description = "Indicates whether the User is required to change password on next login.", since = "4.23.0")
     private Boolean passwordChangeRequired;
 
     @Override
@@ -323,7 +323,7 @@ public void setApiKeyAccess(Boolean apiKeyAccess) {
     }
 
     public Boolean isPasswordChangeRequired() {
-        return passwordChangeRequired;
+        return Boolean.TRUE.equals(passwordChangeRequired);
     }
 
     public void setPasswordChangeRequired(Boolean passwordChangeRequired) {
diff --git a/plugins/api/discovery/src/main/java/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java b/plugins/api/discovery/src/main/java/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java
@@ -285,11 +285,10 @@ public ListResponse<? extends BaseResponse> listApis(User user, String name) {
 
             // Limit APIs on first login requiring password change
             UserAccount userAccount = accountService.getUserAccountById(user.getId());
-            if (MapUtils.isNotEmpty(userAccount.getDetails()) &&
-                    userAccount.getDetails().containsKey(UserDetailVO.PasswordChangeRequired)) {
-
-                String needPasswordChange = userAccount.getDetails().get(UserDetailVO.PasswordChangeRequired);
-                if ("true".equalsIgnoreCase(needPasswordChange)) {
+            Map<String, String> userAccDetails = userAccount.getDetails();
+            if (MapUtils.isNotEmpty(userAccDetails)) {
+                String needPwdChangeStr = userAccDetails.get(UserDetailVO.PasswordChangeRequired);
+                if ("true".equalsIgnoreCase(needPwdChangeStr)) {
                     apisAllowed = Arrays.asList("login", "logout", "updateUser", "listUsers", "listApis");
                 }
             } else {
diff --git a/server/src/main/java/com/cloud/api/ApiServer.java b/server/src/main/java/com/cloud/api/ApiServer.java
@@ -1230,7 +1230,7 @@ private ResponseObject createLoginResponse(HttpSession session) {
                 if (ApiConstants.MANAGEMENT_SERVER_ID.equalsIgnoreCase(attrName)) {
                     response.setManagementServerId(attrObj.toString());
                 }
-                if (PASSWORD_CHANGE_REQUIRED.endsWith(attrName)) {
+                if (PASSWORD_CHANGE_REQUIRED.equalsIgnoreCase(attrName)) {
                     response.setPasswordChangeRequired(attrObj.toString());
                 }
             }
@@ -1333,11 +1333,11 @@ public ResponseObject loginUser(final HttpSession session, final String username
             final String sessionKey = Base64.encodeBase64URLSafeString(sessionKeyBytes);
             session.setAttribute(ApiConstants.SESSIONKEY, sessionKey);
 
-            if (!MapUtils.isEmpty(userAcct.getDetails())) {
-                String needPwdChangeStr = userAcct.getDetails().getOrDefault(UserDetailVO.PasswordChangeRequired, null);
-                if (needPwdChangeStr != null) {
-                    boolean needPwdChange = "true".equalsIgnoreCase(needPwdChangeStr);
-                    session.setAttribute(PASSWORD_CHANGE_REQUIRED, needPwdChange);
+            Map<String, String> userAccDetails = userAcct.getDetails();
+            if (MapUtils.isNotEmpty(userAccDetails)) {
+                String needPwdChangeStr = userAccDetails.get(UserDetailVO.PasswordChangeRequired);
+                if ("true".equalsIgnoreCase(needPwdChangeStr)) {
+                    session.setAttribute(PASSWORD_CHANGE_REQUIRED, true);
                 }
             }
             return createLoginResponse(session);
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -1590,7 +1590,7 @@ private void updatePasswordChangeRequired(User caller, UpdateUserCmd updateUserC
         if (StringUtils.isNotBlank(updateUserCmd.getPassword()) && isNormalUser(user.getAccountId())) {
             boolean isPasswordResetRequired = updateUserCmd.isPasswordChangeRequired();
             // Admins only can enforce passwordChangeRequired for user
-            if ((isRootAdmin(caller.getId()) || isDomainAdmin(caller.getAccountId()))) {
+            if ((isRootAdmin(caller.getAccountId()) || isDomainAdmin(caller.getAccountId()))) {
                 if (isPasswordResetRequired) {
                     _userDetailsDao.addDetail(user.getId(), PasswordChangeRequired, "true", false);
                 }
diff --git a/ui/src/views/iam/ChangeUserPassword.vue b/ui/src/views/iam/ChangeUserPassword.vue
@@ -143,7 +143,7 @@ export default {
           params.currentpassword = values.currentpassword
         }
 
-        if (this.isAdminOrDomainAdmin && values.passwordChangeRequired) {
+        if (this.isAdminOrDomainAdmin() && values.passwordChangeRequired) {
           params.passwordchangerequired = values.passwordChangeRequired
         }
         postAPI('updateUser', params).then(json => {
diff --git a/ui/src/views/iam/ForceChangePassword.vue b/ui/src/views/iam/ForceChangePassword.vue
@@ -127,10 +127,10 @@ export default {
   computed: {
     rules () {
       return {
-        currentpassword: [{ required: true, message: this.$t('message.error.current.password') || 'Please enter current password' }],
-        password: [{ required: true, message: this.$t('message.error.new.password') || 'Please enter new password' }],
+        currentpassword: [{ required: true, message: this.$t('message.error.current.password') }],
+        password: [{ required: true, message: this.$t('message.error.new.password') }],
         confirmpassword: [
-          { required: true, message: this.$t('message.error.confirm.password') || 'Please confirm new password' },
+          { required: true, message: this.$t('message.error.confirm.password') },
           { validator: this.validateTwoPassword, trigger: 'change' }
         ]
       }
@@ -250,7 +250,7 @@ export default {
   margin-top: 16px;
 
   a {
-    color: #1890ff; /* Ant Design Link Color */
+    color: #1890ff;
     transition: color 0.3s;
 
     &:hover {

Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ public class UserResponse extends BaseResponse implements SetResourceIconRespons`
`133`	`133`	`ApiConstants.ApiKeyAccess apiKeyAccess;`
`134`	`134`
`135`	`135`	`@SerializedName(value = ApiConstants.PASSWORD_CHANGE_REQUIRED)`
`136`		`- @Param(description = "Is User required to change password on next login.", since = "4.23.0")`
	`136`	`+ @Param(description = "Indicates whether the User is required to change password on next login.", since = "4.23.0")`
`137`	`137`	`private Boolean passwordChangeRequired;`
`138`	`138`
`139`	`139`	`@Override`
`@@ -323,7 +323,7 @@ public void setApiKeyAccess(Boolean apiKeyAccess) {`
`323`	`323`	`}`
`324`	`324`
`325`	`325`	`public Boolean isPasswordChangeRequired() {`
`326`		`- return passwordChangeRequired;`
	`326`	`+ return Boolean.TRUE.equals(passwordChangeRequired);`
`327`	`327`	`}`
`328`	`328`
`329`	`329`	`public void setPasswordChangeRequired(Boolean passwordChangeRequired) {`
Original file line number	Diff line number	Diff line change
`@@ -1230,7 +1230,7 @@ private ResponseObject createLoginResponse(HttpSession session) {`
`1230`	`1230`	`if (ApiConstants.MANAGEMENT_SERVER_ID.equalsIgnoreCase(attrName)) {`
`1231`	`1231`	`response.setManagementServerId(attrObj.toString());`
`1232`	`1232`	`}`
`1233`		`- if (PASSWORD_CHANGE_REQUIRED.endsWith(attrName)) {`
	`1233`	`+ if (PASSWORD_CHANGE_REQUIRED.equalsIgnoreCase(attrName)) {`
`1234`	`1234`	`response.setPasswordChangeRequired(attrObj.toString());`
`1235`	`1235`	`}`
`1236`	`1236`	`}`
`@@ -1333,11 +1333,11 @@ public ResponseObject loginUser(final HttpSession session, final String username`
`1333`	`1333`	`final String sessionKey = Base64.encodeBase64URLSafeString(sessionKeyBytes);`
`1334`	`1334`	`session.setAttribute(ApiConstants.SESSIONKEY, sessionKey);`
`1335`	`1335`
`1336`		`- if (!MapUtils.isEmpty(userAcct.getDetails())) {`
`1337`		`- String needPwdChangeStr = userAcct.getDetails().getOrDefault(UserDetailVO.PasswordChangeRequired, null);`
`1338`		`- if (needPwdChangeStr != null) {`
`1339`		`- boolean needPwdChange = "true".equalsIgnoreCase(needPwdChangeStr);`
`1340`		`- session.setAttribute(PASSWORD_CHANGE_REQUIRED, needPwdChange);`
	`1336`	`+ Map<String, String> userAccDetails = userAcct.getDetails();`
	`1337`	`+ if (MapUtils.isNotEmpty(userAccDetails)) {`
	`1338`	`+ String needPwdChangeStr = userAccDetails.get(UserDetailVO.PasswordChangeRequired);`
	`1339`	`+ if ("true".equalsIgnoreCase(needPwdChangeStr)) {`
	`1340`	`+ session.setAttribute(PASSWORD_CHANGE_REQUIRED, true);`
`1341`	`1341`	`}`
`1342`	`1342`	`}`
`1343`	`1343`	`return createLoginResponse(session);`
Original file line number	Diff line number	Diff line change
`@@ -1590,7 +1590,7 @@ private void updatePasswordChangeRequired(User caller, UpdateUserCmd updateUserC`
`1590`	`1590`	`if (StringUtils.isNotBlank(updateUserCmd.getPassword()) && isNormalUser(user.getAccountId())) {`
`1591`	`1591`	`boolean isPasswordResetRequired = updateUserCmd.isPasswordChangeRequired();`
`1592`	`1592`	`// Admins only can enforce passwordChangeRequired for user`
`1593`		`- if ((isRootAdmin(caller.getId()) \|\| isDomainAdmin(caller.getAccountId()))) {`
	`1593`	`+ if ((isRootAdmin(caller.getAccountId()) \|\| isDomainAdmin(caller.getAccountId()))) {`
`1594`	`1594`	`if (isPasswordResetRequired) {`
`1595`	`1595`	`_userDetailsDao.addDetail(user.getId(), PasswordChangeRequired, "true", false);`
`1596`	`1596`	`}`
Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ export default {`
`143`	`143`	`params.currentpassword = values.currentpassword`
`144`	`144`	`}`
`145`	`145`
`146`		`- if (this.isAdminOrDomainAdmin && values.passwordChangeRequired) {`
	`146`	`+ if (this.isAdminOrDomainAdmin() && values.passwordChangeRequired) {`
`147`	`147`	`params.passwordchangerequired = values.passwordChangeRequired`
`148`	`148`	`}`
`149`	`149`	`postAPI('updateUser', params).then(json => {`