As a user, i should be able to change my password.
As an admin, i should be able to force user to change their password.
See the discussion at https://talk.openmrs.org/t/unable-to-update-user-password-via-rest/2959
In the admin UI module when creating a new user, the admin sets a password for the user which is technically temporary because a user account can't be created in the API without a password, when the form is submitted and the user had been saved, the code would also set the user property for force password change to true. Upon a user's first successful login attempt, the login controller in the reference application module should check the user property, if it is set to true, it redirects the user to the change my password form. When the user submits the change password form and the operation is successful, the controller should set the user property back to false if the authenticated user is actually that user. Use a global property for an admin to opt out of this behavior.
- When the admin edits a user account and sets force password change to true, the next time the user logs in successfully, they should be redirected to the change password form, after they've changed it successfully, the force password user property should be set back to false
- When a user is sent to the old change form, they should be redirected to the new form
- There should be a global property to allow an admin to opt out of the force password change functionality