diff options
author | Simon Green <sgreen@redhat.com> | 2014-09-11 01:45:23 +0200 |
---|---|---|
committer | Simon Green <sgreen@redhat.com> | 2014-09-11 01:45:23 +0200 |
commit | b8ecdca238744552db04acb5450ce078d9760a4c (patch) | |
tree | 42cd3a41e06fd229d6deeae6b247df724272dd3c /Bugzilla/User.pm | |
parent | ab1b842ba2e2f9ad3774c6c415129a4e196acc57 (diff) | |
download | bugzilla-b8ecdca238744552db04acb5450ce078d9760a4c.tar.gz bugzilla-b8ecdca238744552db04acb5450ce078d9760a4c.tar.xz |
Bug 1009013 - Require a user to change their password if they log in and their current password does not meet the password complexity rules
r=glob, a=sgreen
Diffstat (limited to 'Bugzilla/User.pm')
-rw-r--r-- | Bugzilla/User.pm | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 58565daf9..acedc65f2 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -32,7 +32,7 @@ use URI::QueryParam; use parent qw(Bugzilla::Object Exporter); @Bugzilla::User::EXPORT = qw(is_available_username - login_to_id validate_password + login_to_id validate_password validate_password_check USER_MATCH_MULTIPLE USER_MATCH_FAILED USER_MATCH_SUCCESS MATCH_SKIP_CONFIRM ); @@ -2449,29 +2449,35 @@ sub login_to_id { } sub validate_password { + my $check = validate_password_check(@_); + ThrowUserError($check) if $check; + return 1; +} + +sub validate_password_check { my ($password, $matchpassword) = @_; if (length($password) < USER_PASSWORD_MIN_LENGTH) { - ThrowUserError('password_too_short'); + return 'password_too_short'; } elsif ((defined $matchpassword) && ($password ne $matchpassword)) { - ThrowUserError('passwords_dont_match'); + return 'passwords_dont_match'; } - + my $complexity_level = Bugzilla->params->{password_complexity}; if ($complexity_level eq 'letters_numbers_specialchars') { - ThrowUserError('password_not_complex') + return 'password_not_complex' if ($password !~ /[[:alpha:]]/ || $password !~ /\d/ || $password !~ /[[:punct:]]/); } elsif ($complexity_level eq 'letters_numbers') { - ThrowUserError('password_not_complex') + return 'password_not_complex' if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/ || $password !~ /\d/); } elsif ($complexity_level eq 'mixed_letters') { - ThrowUserError('password_not_complex') + return 'password_not_complex' if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/); } # Having done these checks makes us consider the password untainted. trick_taint($_[0]); - return 1; + return; } @@ -3142,12 +3148,23 @@ if you need more information about the user than just their ID. =item C<validate_password($passwd1, $passwd2)> Returns true if a password is valid (i.e. meets Bugzilla's -requirements for length and content), else returns false. +requirements for length and content), else throws an error. Untaints C<$passwd1> if successful. If a second password is passed in, this function also verifies that the two passwords match. +=item C<validate_password_check($passwd1, $passwd2)> + +This sub routine is similair to C<validate_password>, except that it allows +the calling code to handle its own errors. + +Returns undef and untaints C<$passwd1> if a password is valid (i.e. meets +Bugzilla's requirements for length and content), else returns the error. + +If a second password is passed in, this function also verifies that +the two passwords match. + =item C<match_field($data, $fields, $behavior)> =over |