Bug 1009017: users are unable to log in if their password needs to be re-encrypted and their password does not match the current complexity rule

author: Byron Jones <glob@mozilla.com> 2014-05-20 07:26:03 +0200
committer: Byron Jones <glob@mozilla.com> 2014-05-20 07:26:03 +0200
commit: 90ceb320d6c17f5038ef79de7d0ee0e71c0cd565 (patch)
tree: bcc161cab84ee01518176d2c057026cc350968b8 /Bugzilla/Auth
parent: 5929fb98320aa73bbd0b01bbe85a3984e5194a87 (diff)
download: bugzilla-90ceb320d6c17f5038ef79de7d0ee0e71c0cd565.tar.gz
bugzilla-90ceb320d6c17f5038ef79de7d0ee0e71c0cd565.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index 783e7490a..2840b4ab8 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -90,7 +90,9 @@ sub check_credentials {
     # whatever hashing system we're using now.
     my $current_algorithm = PASSWORD_DIGEST_ALGORITHM;
     if ($real_password_crypted !~ /{\Q$current_algorithm\E}$/) {
-        $user->set_password($password);
+        # We can't call $user->set_password because we don't want the password
+        # complexity rules to apply here.
+        $user->{cryptpassword} = bz_crypt($password);
         $user->update();
     }
author	Byron Jones <glob@mozilla.com>	2014-05-20 07:26:03 +0200
committer	Byron Jones <glob@mozilla.com>	2014-05-20 07:26:03 +0200
commit	90ceb320d6c17f5038ef79de7d0ee0e71c0cd565 (patch)
tree	bcc161cab84ee01518176d2c057026cc350968b8 /Bugzilla/Auth
parent	5929fb98320aa73bbd0b01bbe85a3984e5194a87 (diff)
download	bugzilla-90ceb320d6c17f5038ef79de7d0ee0e71c0cd565.tar.gz bugzilla-90ceb320d6c17f5038ef79de7d0ee0e71c0cd565.tar.xz