address review comments

Author: sudo87

plugins/api/discovery/src/main/java/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java

@@ -286,11 +286,8 @@ public ListResponse<? extends BaseResponse> listApis(User user, String name) {
             // Limit APIs on first login requiring password change
             UserAccount userAccount = accountService.getUserAccountById(user.getId());
             Map<String, String> userAccDetails = userAccount.getDetails();
-            if (MapUtils.isNotEmpty(userAccDetails)) {
-                String needPwdChangeStr = userAccDetails.get(UserDetailVO.PasswordChangeRequired);
-                if ("true".equalsIgnoreCase(needPwdChangeStr)) {
-                    apisAllowed = Arrays.asList("login", "logout", "updateUser", "listUsers", "listApis");
-                }
+            if (MapUtils.isNotEmpty(userAccDetails) && "true".equalsIgnoreCase(userAccDetails.get(UserDetailVO.PasswordChangeRequired))) {
+                apisAllowed = Arrays.asList("login", "logout", "updateUser", "listUsers", "listApis");
             } else {
                 if (role.getRoleType() == RoleType.Admin && role.getId() == RoleType.Admin.getId()) {
                     logger.info(String.format("Account [%s] is Root Admin, all APIs are allowed.",

server/src/main/java/com/cloud/user/AccountManagerImpl.java

@@ -1591,7 +1591,7 @@ private void updatePasswordChangeRequired(User caller, UpdateUserCmd updateUserC
             boolean isCallerSameAsUser = user.getId() == caller.getId();
             boolean isPasswordResetRequired = updateUserCmd.isPasswordChangeRequired() && !isCallerSameAsUser;
             // Admins only can enforce passwordChangeRequired for user
-            if ((isRootAdmin(caller.getAccountId()) || isDomainAdmin(caller.getAccountId()))) {
+            if (isRootAdmin(caller.getAccountId()) || isDomainAdmin(caller.getAccountId())) {
                 if (isPasswordResetRequired) {
                     _userDetailsDao.addDetail(user.getId(), PasswordChangeRequired, "true", false);
                 }

ui/src/store/modules/user.js

@@ -315,6 +315,7 @@ const user = {
           const latestVersion = vueProps.$localStorage.get(LATEST_CS_VERSION, { version: '', fetchedTs: 0 })
           commit('SET_LATEST_VERSION', latestVersion)
           notification.destroy()
+
           resolve()
         }).catch(error => {
           reject(error)

ui/src/views/iam/ChangeUserPassword.vue

@@ -109,7 +109,8 @@ export default {
     },
     isCallerNotSameAsUser () {
       const userId = this.$store.getters.userInfo.id
-      return userId !== this.resource.id
+      const resourceId = this.resource?.id ?? null
+      return userId !== resourceId
     },
     isValidValueForKey (obj, key) {
       return key in obj && obj[key] != null
@@ -144,7 +145,7 @@ export default {
           params.currentpassword = values.currentpassword
         }
 
-        if (this.isAdminOrDomainAdmin() && values.passwordChangeRequired) {
+        if (this.isAdminOrDomainAdmin() && values.passwordChangeRequired === true) {
           params.passwordchangerequired = values.passwordChangeRequired
         }
         postAPI('updateUser', params).then(json => {

ui/src/views/iam/ForceChangePassword.vue

@@ -30,7 +30,7 @@
           </template>
           <a-spin :spinning="loading">
           <div v-if="isSubmitted" class="success-state">
-            <div class="success-icon">✓</div>
+            <check-outlined class="success-icon" />
             <div class="success-text">
               {{ $t('message.success.change.password') }}
             </div>
@@ -197,7 +197,6 @@ export default {
         const user = await this.getUserInfo()
         if (user && !user.passwordchangerequired) {
           this.isSubmitted = true
-          this.$router.replace({ path: '/user/login' })
         }
       } catch (e) {
         console.error('Failed to resolve user info:', e)