Bug 558803: Add a parameter to specify the password complexity for new passwords

r/a=LpSolit

2 files changed, 22 insertions, 0 deletions

diff --git a/Bugzilla/Config/Auth.pm b/Bugzilla/Config/Auth.pm
index c7d921ed5..a61cab5a2 100644
--- a/Bugzilla/Config/Auth.pm
+++ b/Bugzilla/Config/Auth.pm
@@ -121,6 +121,15 @@ sub get_param_list {
    type => 't',
    default => q:.*:,
    checker => \&check_regexp
+  },
+
+  {
+   name => 'password_complexity',
+   type => 's',
+   choices => [ 'no_constraints', 'mixed_letters', 'letters_numbers',
+                'letters_numbers_specialchars' ],
+   default => 'no_constraints',
+   checker => \&check_multi
   } );
   return @param_list;
 }
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index d15113959..eafda6563 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1946,6 +1946,19 @@ sub validate_password {
     } elsif ((defined $matchpassword) && ($password ne $matchpassword)) {
         ThrowUserError('passwords_dont_match');
     }
+    
+    my $complexity_level = Bugzilla->params->{password_complexity};
+    if ($complexity_level eq 'letters_numbers_specialchars') {
+        ThrowUserError('password_not_complex')
+          if ($password !~ /\w/ || $password !~ /\d/ || $password !~ /[[:punct:]]/);
+    } elsif ($complexity_level eq 'letters_numbers') {
+        ThrowUserError('password_not_complex')
+          if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/ || $password !~ /\d/);
+    } elsif ($complexity_level eq 'mixed_letters') {
+        ThrowUserError('password_not_complex')
+          if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/);
+    }
+
     # Having done these checks makes us consider the password untainted.
     trick_taint($_[0]);
     return 1;