Acceptance

• The session of any user logging in via the default form-based login flow as user admin with the default password admin is redirected to the password change gate.

• The password change gate is a full-page interface which prompts the user to perform a password change before being the landing page loads.

• Apart from including the minimal set of UI elements required to do its job, the password change gate looks identical to the form-based login page.

• The password change gate includes a Skip control which defers the requirement until the user’s next login.

• After the user completes the password change, they never see the password change gate again.

• If the user changes the admin password to “admin” again, it gets rejected.

• Documentation is added to capture this functionality.

Exclusions

• If the user logged in via a pre-authenticated mechanism, they never see the password change gate.

  • This exclusion is implied but worth calling out explicitly.

• Users other than admin never see the password change gate.

  • The notion of “user can be marked as required to change password at next login” may become a future epic, but for now it is explicitly excluded.