summaryrefslogtreecommitdiffstats
path: root/Bugzilla/Auth/Verify
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-03-26 04:56:02 +0100
committerByron Jones <glob@mozilla.com>2015-03-26 04:56:02 +0100
commitd4a53a6c7bce28a66ff0dc70def2469692f8444c (patch)
tree59e8e8cf8f6c4fee8acee84e4d3f57e404227b7c /Bugzilla/Auth/Verify
parent48c23b11f2fc9d7f9a0666e58e77b8a03eb94dbb (diff)
downloadbugzilla-d4a53a6c7bce28a66ff0dc70def2469692f8444c.tar.gz
bugzilla-d4a53a6c7bce28a66ff0dc70def2469692f8444c.tar.xz
Bug 1147550: Minimum password length handler not trusted by password change
Diffstat (limited to 'Bugzilla/Auth/Verify')
-rw-r--r--Bugzilla/Auth/Verify/DB.pm17
1 files changed, 13 insertions, 4 deletions
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index 2840b4ab8..aaa1b6c87 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -74,10 +74,19 @@ sub check_credentials {
};
}
- # Force the user to type a longer password if it's too short.
- if (length($password) < USER_PASSWORD_MIN_LENGTH) {
- return { failure => AUTH_ERROR, user_error => 'password_current_too_short',
- details => { locked_user => $user } };
+ # Force the user to change their password if it does not meet the current
+ # criteria. This should usually only happen if the criteria has changed.
+ if (Bugzilla->usage_mode == USAGE_MODE_BROWSER &&
+ Bugzilla->params->{password_check_on_login})
+ {
+ my $check = validate_password_check($password);
+ if ($check) {
+ return {
+ failure => AUTH_ERROR,
+ user_error => $check,
+ details => { locked_user => $user }
+ }
+ }
}
# The user's credentials are okay, so delete any outstanding