From a6355d1d39f9879fac59a4db703b3ebbd764de1f Mon Sep 17 00:00:00 2001
From: Martin Skorupski <martin.skorupski@highstreet-technologies.com>
Date: Sat, 8 Apr 2023 11:52:18 +0200
Subject: [PATCH] Secure all created user accounts

- update for system user account
- this account uses as default the password
  defined in .env

Issue-ID: OAM-328
Change-Id: I029d76c74303db2b87057cd69ca470cdd6b7c5fd
Signed-off-by: Martin Skorupski <martin.skorupski@highstreet-technologies.com>
---
 solution/smo/common/identity/config.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/solution/smo/common/identity/config.py b/solution/smo/common/identity/config.py
index 9db5de1..393d918 100644
--- a/solution/smo/common/identity/config.py
+++ b/solution/smo/common/identity/config.py
@@ -202,9 +202,12 @@ def createUsers(token, realmConfig, authConfig):
             {
                 "type": "password",
                 "value": password,
-                "temporary": False
+                "temporary": True
             }
-        ]
+      ],
+      "requiredActions": [
+        "UPDATE_PASSWORD"
+      ]
     }
     createUser(token, realmConfig, systemUser)
 
@@ -232,7 +235,6 @@ def addUserRole(user: dict, role: dict, options: dict):
 
 # searches for the role of a given user
 
-
 def findRole(username: str, authConfig: dict, realmConfig: dict) -> dict:
     roleName = 'administration'
     for grant in authConfig['grants']:
-- 
2.16.6