feat(server, web): add checkbox to create user screen for shouldChang…

[samholton]

…ePassword

Addresses #7592

Also saw an old discussion in discord around this.

Defaults to true to keep behavior consistent with current flow.

before

after

[samholton]

Could someone rerun the failed check? It appears it was a connection issue with npmjs

[alextran1502]

It should always be required for the sake of the privacy of other users that use your instance.

On second thoughts, the admin can access the file system anyway so that renders my point above invalid

[alextran1502]

Have you tested create new user with this flag disable and the user doesn't have to reenter the password on first login?

[samholton]

Yeah, I agree it should be enabled as well. But an admin could always create a user then login to the instance once and then share the account. I set it enabled by default.

Yes I tested with it both enabled and disabled. I checked the users table as well as logging in. The login bypassed the password change with it disabled.