diff options
| author | Byron Jones <glob@mozilla.com> | 2015-03-26 04:56:02 +0100 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-03-26 04:56:02 +0100 |
| commit | d4a53a6c7bce28a66ff0dc70def2469692f8444c (patch) | |
| tree | 59e8e8cf8f6c4fee8acee84e4d3f57e404227b7c /Bugzilla/Auth | |
| parent | 48c23b11f2fc9d7f9a0666e58e77b8a03eb94dbb (diff) | |
| download | bugzilla-d4a53a6c7bce28a66ff0dc70def2469692f8444c.tar.gz bugzilla-d4a53a6c7bce28a66ff0dc70def2469692f8444c.tar.xz | |
Bug 1147550: Minimum password length handler not trusted by password change
Diffstat (limited to 'Bugzilla/Auth')
| -rw-r--r-- | Bugzilla/Auth/Verify/DB.pm | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm index 2840b4ab8..aaa1b6c87 100644 --- a/Bugzilla/Auth/Verify/DB.pm +++ b/Bugzilla/Auth/Verify/DB.pm @@ -74,10 +74,19 @@ sub check_credentials { }; } - # Force the user to type a longer password if it's too short. - if (length($password) < USER_PASSWORD_MIN_LENGTH) { - return { failure => AUTH_ERROR, user_error => 'password_current_too_short', - details => { locked_user => $user } }; + # Force the user to change their password if it does not meet the current + # criteria. This should usually only happen if the criteria has changed. + if (Bugzilla->usage_mode == USAGE_MODE_BROWSER && + Bugzilla->params->{password_check_on_login}) + { + my $check = validate_password_check($password); + if ($check) { + return { + failure => AUTH_ERROR, + user_error => $check, + details => { locked_user => $user } + } + } } # The user's credentials are okay, so delete any outstanding |