[WEB-5890]chore: User table migrations

[vamsikrishnamathala]

Description

This update adds a new key is_password_reset_required to the User table.
This is key is to be used when user needs to be forced to change the password after login.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• Feature (non-breaking change which adds functionality)
• Improvement (change that would cause existing functionality to not work as expected)
• Code refactoring
• Performance improvements
• Documentation update

Screenshots and Media (if applicable)

Test Scenarios

References

Summary by CodeRabbit

• New Features
  • Added ability to require users to reset their passwords.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

A new BooleanField is_password_reset_required is added to the User model through a Django migration. The field defaults to False and tracks whether users require a password reset.

Changes

Cohort / File(s)	Summary
User Password Reset Tracking apps/api/plane/db/migrations/0116_user_is_password_reset_required.py, apps/api/plane/db/models/user.py	Introduces migration 0116 and model field addition to persist password reset requirement status on User entities. Field initialized with False default.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A password reset flag hops into place,
Marking users who need a fresh embrace,
Boolean whispers in the database deep,
Keeping track of secrets users keep!
✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding a new database migration for the User table with the is_password_reset_required field.
Description check	✅ Passed	The PR description covers the main purpose and type of change, but is missing test scenarios and references sections that should be completed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[makeplane]

Linked to Plane Work Item(s)

• [WEB-5890] User Table migration

This comment was auto-generated by Plane

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/api/plane/db/models/user.py (1)

87-87: LGTM! Field placement and definition are appropriate.

The new is_password_reset_required field is correctly positioned with other boolean flags and follows existing naming conventions. The default of False is sensible for a new security feature.

📝 Optional: Consider adding help_text for better documentation

-    is_password_reset_required = models.BooleanField(default=False)
+    is_password_reset_required = models.BooleanField(
+        default=False,
+        help_text="Indicates if the user must reset their password on next login"
+    )

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b83d460 and f627297.

📒 Files selected for processing (2)

• apps/api/plane/db/migrations/0116_user_is_password_reset_required.py
• apps/api/plane/db/models/user.py

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: dheeru0198
Repo: makeplane/plane PR: 8339
File: apps/api/plane/db/migrations/0113_webhook_version.py:7-14
Timestamp: 2025-12-29T08:58:46.563Z
Learning: In the Plane codebase, when adding product tour or onboarding fields via migrations, it's intentional to set existing records to `True` (completed) while having the model default to `False` for new records. This ensures existing users don't see tours they don't need.

📚 Learning: 2025-12-29T08:58:46.563Z

Learnt from: dheeru0198
Repo: makeplane/plane PR: 8339
File: apps/api/plane/db/migrations/0113_webhook_version.py:7-14
Timestamp: 2025-12-29T08:58:46.563Z
Learning: In the Plane codebase, when adding product tour or onboarding fields via migrations, it's intentional to set existing records to `True` (completed) while having the model default to `False` for new records. This ensures existing users don't see tours they don't need.

Applied to files:

• apps/api/plane/db/migrations/0116_user_is_password_reset_required.py

📚 Learning: 2025-12-23T14:18:32.899Z

Learnt from: dheeru0198
Repo: makeplane/plane PR: 8339
File: apps/api/plane/db/models/api.py:35-35
Timestamp: 2025-12-23T14:18:32.899Z
Learning: Django REST Framework rate limit strings are flexible: only the first character of the time unit matters. Acceptable formats include: "60/s", "60/sec", "60/second" (all equivalent), "60/m", "60/min", "60/minute" (all equivalent), "60/h", "60/hr", "60/hour" (all equivalent), and "60/d", "60/day" (all equivalent). Abbreviations like "min" are valid and do not need to be changed to "minute". Apply this guidance to any Python files in the project that configure DRF throttling rules.

Applied to files:

• apps/api/plane/db/migrations/0116_user_is_password_reset_required.py
• apps/api/plane/db/models/user.py

🧬 Code graph analysis (2)

apps/api/plane/db/migrations/0116_user_is_password_reset_required.py (1)

apps/api/plane/utils/exporters/schemas/base.py (1)

• BooleanField (97-105)

apps/api/plane/db/models/user.py (1)

apps/api/plane/utils/exporters/schemas/base.py (1)

• BooleanField (97-105)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: check:types
• GitHub Check: check:lint
• GitHub Check: Analyze (javascript)

🔇 Additional comments (2)

apps/api/plane/db/migrations/0116_user_is_password_reset_required.py (1)

12-17: LGTM! Migration structure is correct.

The migration properly adds the is_password_reset_required field with a sensible default of False, ensuring existing users won't be immediately forced to reset passwords.

apps/api/plane/db/models/user.py (1)

87-87: Enforcement logic for password reset flag is missing.

The is_password_reset_required field is added to the User model but has no corresponding implementation to enforce password resets. A similar field is_password_autoset is actively checked during authentication (apps/api/plane/authentication/views/common.py); the new field should follow the same pattern in login/authentication views or middleware to block access until a password reset is completed.