Bug 1177911 - Determine and implement better password requirements for BMO

2 files changed, 12 insertions, 12 deletions

diff --git a/Bugzilla/Config/Auth.pm b/Bugzilla/Config/Auth.pm
index 36287b107..ac5394f04 100644
--- a/Bugzilla/Config/Auth.pm
+++ b/Bugzilla/Config/Auth.pm
@@ -132,9 +132,8 @@ sub get_param_list {
   {
    name => 'password_complexity',
    type => 's',
-   choices => [ 'no_constraints', 'mixed_letters', 'letters_numbers',
-                'letters_numbers_specialchars' ],
-   default => 'no_constraints',
+   choices => [ 'no_constraints', 'bmo' ],
+   default => 'bmo',
    checker => \&check_multi
   },
 
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index ebd82002f..1a0deed6b 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -2482,15 +2482,16 @@ sub validate_password_check {
     }
 
     my $complexity_level = Bugzilla->params->{password_complexity};
-    if ($complexity_level eq 'letters_numbers_specialchars') {
-        return 'password_not_complex'
-          if ($password !~ /[[:alpha:]]/ || $password !~ /\d/ || $password !~ /[[:punct:]]/);
-    } elsif ($complexity_level eq 'letters_numbers') {
-        return 'password_not_complex'
-          if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/ || $password !~ /\d/);
-    } elsif ($complexity_level eq 'mixed_letters') {
-        return 'password_not_complex'
-          if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/);
+    if ($complexity_level eq 'bmo') {
+        my $features = 0;
+
+        $features++ if $password =~ /[a-z]/;
+        $features++ if $password =~ /[A-Z]/;
+        $features++ if $password =~ /[0-9]/;
+        $features++ if $password =~ /[^A-Za-z0-9]/;
+        $features++ if length($password) > 12;
+
+        return 'password_not_complex' if $features < 3;
     }
 
     # Having done these checks makes us consider the password untainted.