diff options
| author | Byron Jones <glob@mozilla.com> | 2015-03-26 04:56:02 +0100 |
|---|---|---|
| committer | Byron Jones <glob@mozilla.com> | 2015-03-26 04:56:02 +0100 |
| commit | d4a53a6c7bce28a66ff0dc70def2469692f8444c (patch) | |
| tree | 59e8e8cf8f6c4fee8acee84e4d3f57e404227b7c /Bugzilla/User.pm | |
| parent | 48c23b11f2fc9d7f9a0666e58e77b8a03eb94dbb (diff) | |
| download | bugzilla-d4a53a6c7bce28a66ff0dc70def2469692f8444c.tar.gz bugzilla-d4a53a6c7bce28a66ff0dc70def2469692f8444c.tar.xz | |
Bug 1147550: Minimum password length handler not trusted by password change
Diffstat (limited to 'Bugzilla/User.pm')
| -rw-r--r-- | Bugzilla/User.pm | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 20cc061dd..d9adec4c7 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -63,7 +63,7 @@ use URI::QueryParam; use base qw(Bugzilla::Object Exporter); @Bugzilla::User::EXPORT = qw(is_available_username - login_to_id user_id_to_login validate_password + login_to_id user_id_to_login validate_password validate_password_check USER_MATCH_MULTIPLE USER_MATCH_FAILED USER_MATCH_SUCCESS MATCH_SKIP_CONFIRM ); @@ -2376,29 +2376,35 @@ sub user_id_to_login { } sub validate_password { + my $check = validate_password_check(@_); + ThrowUserError($check) if $check; + return 1; +} + +sub validate_password_check { my ($password, $matchpassword) = @_; if (length($password) < USER_PASSWORD_MIN_LENGTH) { - ThrowUserError('password_too_short'); + return 'password_too_short'; } elsif ((defined $matchpassword) && ($password ne $matchpassword)) { - ThrowUserError('passwords_dont_match'); + return 'passwords_dont_match'; } - + my $complexity_level = Bugzilla->params->{password_complexity}; if ($complexity_level eq 'letters_numbers_specialchars') { - ThrowUserError('password_not_complex') + return 'password_not_complex' if ($password !~ /[[:alpha:]]/ || $password !~ /\d/ || $password !~ /[[:punct:]]/); } elsif ($complexity_level eq 'letters_numbers') { - ThrowUserError('password_not_complex') + return 'password_not_complex' if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/ || $password !~ /\d/); } elsif ($complexity_level eq 'mixed_letters') { - ThrowUserError('password_not_complex') + return 'password_not_complex' if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/); } # Having done these checks makes us consider the password untainted. trick_taint($_[0]); - return 1; + return; } @@ -3023,12 +3029,23 @@ we return an empty string. =item C<validate_password($passwd1, $passwd2)> Returns true if a password is valid (i.e. meets Bugzilla's -requirements for length and content), else returns false. +requirements for length and content), else throws an error. Untaints C<$passwd1> if successful. If a second password is passed in, this function also verifies that the two passwords match. +=item C<validate_password_check($passwd1, $passwd2)> + +This sub routine is similair to C<validate_password>, except that it allows +the calling code to handle its own errors. + +Returns undef and untaints C<$passwd1> if a password is valid (i.e. meets +Bugzilla's requirements for length and content), else returns the error. + +If a second password is passed in, this function also verifies that +the two passwords match. + =item C<match_field($data, $fields, $behavior)> =over |