diff options
author | Byron Jones <glob@mozilla.com> | 2015-08-25 07:40:13 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-08-25 07:40:13 +0200 |
commit | e6d45b6d6028527079744af20dc9407a2a3867f2 (patch) | |
tree | 9f229ada0012cac216a73c442c56e8ac6f1cfe2a /Bugzilla.pm | |
parent | 90a618266ecb83f138cd5d0a3ff5bf26012625e9 (diff) | |
download | bugzilla-e6d45b6d6028527079744af20dc9407a2a3867f2.tar.gz bugzilla-e6d45b6d6028527079744af20dc9407a2a3867f2.tar.xz |
Bug 1196134 - add ability for admins to force a user to change their password on next login
Diffstat (limited to 'Bugzilla.pm')
-rw-r--r-- | Bugzilla.pm | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/Bugzilla.pm b/Bugzilla.pm index 8a0ff2fd7..fa95128d1 100644 --- a/Bugzilla.pm +++ b/Bugzilla.pm @@ -367,8 +367,26 @@ sub login { } my $authenticated_user = $authorizer->login($type); - + # At this point, we now know if a real person is logged in. + + # Check if a password reset is required + if ($authenticated_user->password_change_required) { + # We cannot show the password reset UI for API calls, so treat those as + # a disabled account. + if (i_am_webservice()) { + ThrowUserError("account_disabled", { disabled_reason => $authenticated_user->password_change_reason }); + } + + # only allow the reset-password and token pages to handle requests + # (tokens handles the 'forgot password' process) + # otherwise redirect user to the reset-password page. + if ($ENV{SCRIPT_NAME} !~ m#/(?:reset_password|token)\.cgi$#) { + print Bugzilla->cgi->redirect('reset_password.cgi'); + exit; + } + } + # We must now check to see if an sudo session is in progress. # For a session to be in progress, the following must be true: # 1: There must be a logged in user |