Add default credential reset safeguards

packages/server/src/controllers/auth.ts

@@ -1,6 +1,7 @@
 import type { Context } from 'koa'
 import { checkPassword, recordPasswordFailure, recordPasswordSuccess, extractIp, getLockedIps, unlockIp, unlockAll } from '../services/login-limiter'
 import {
+  DEFAULT_PASSWORD,
   DEFAULT_USERNAME,
   bootstrapDefaultSuperAdmin,
   countActiveSuperAdmins,
@@ -55,6 +56,7 @@ export async function currentUser(ctx: Context) {
       created_at: user.created_at,
       updated_at: user.updated_at,
       last_login_at: user.last_login_at,
+      requiresCredentialChange: user.username === DEFAULT_USERNAME || verifyPassword(DEFAULT_PASSWORD, user.password_hash),
     },
   }
 }