diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2010-10-14 02:39:28 +0200 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2010-10-14 02:39:28 +0200 |
| commit | 73ea75885de78077c9528428617fa8403935d7a5 (patch) | |
| tree | ce66faf4a7420814c392eea1837a56e33f88c144 /Bugzilla | |
| parent | 3e06a51f060f168034ada88e40d9b60d51f8a244 (diff) | |
| download | bugzilla-73ea75885de78077c9528428617fa8403935d7a5.tar.gz bugzilla-73ea75885de78077c9528428617fa8403935d7a5.tar.xz | |
Bug 575947: Users with passwords length less than 6 characters can't login after migration from 3.4.x or older to 3.6 or newer
r/a=mkanat
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/Auth.pm | 7 | ||||
| -rw-r--r-- | Bugzilla/Auth/Verify/DB.pm | 6 | ||||
| -rw-r--r-- | Bugzilla/WebService/Constants.pm | 1 | ||||
| -rw-r--r-- | Bugzilla/WebService/User.pm | 5 |
4 files changed, 18 insertions, 1 deletions
diff --git a/Bugzilla/Auth.pm b/Bugzilla/Auth.pm index b1da319a4..f289a4ba1 100644 --- a/Bugzilla/Auth.pm +++ b/Bugzilla/Auth.pm @@ -151,7 +151,12 @@ sub _handle_login_result { } } elsif ($fail_code == AUTH_ERROR) { - ThrowCodeError($result->{error}, $result->{details}); + if ($result->{user_error}) { + ThrowUserError($result->{error}, $result->{details}); + } + else { + ThrowCodeError($result->{error}, $result->{details}); + } } elsif ($fail_code == AUTH_NODATA) { $self->{_info_getter}->fail_nodata($self) diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm index d8794472e..c562d1353 100644 --- a/Bugzilla/Auth/Verify/DB.pm +++ b/Bugzilla/Auth/Verify/DB.pm @@ -74,6 +74,12 @@ sub check_credentials { }; } + # Force the user to type a longer password if it's too short. + if (length($password) < USER_PASSWORD_MIN_LENGTH) { + return { failure => AUTH_ERROR, error => 'password_current_too_short', + user_error => 1, details => { locked_user => $user } }; + } + # The user's credentials are okay, so delete any outstanding # password tokens or login failures they may have generated. Bugzilla::Token::DeletePasswordTokens($user->id, "user_logged_in"); diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index f77c54c85..788f8bcc4 100644 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -103,6 +103,7 @@ use constant WS_ERROR_CODE => { auth_invalid_email => 302, extern_id_conflict => -303, auth_failure => 304, + password_current_too_short => 305, # Except, historically, AUTH_NODATA, which is 410. login_required => 410, diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index e13921ea6..1471da8aa 100644 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -331,6 +331,11 @@ The username does not exist, or the password is wrong. The account has been disabled. A reason may be specified with the error. +=item 305 (New Password Required) + +The current password is correct, but the user is asked to change +his password. + =item 50 (Param Required) A login or password parameter was not provided. |