diff options
author | Byron Jones <glob@mozilla.com> | 2015-08-25 07:40:13 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-08-25 07:40:13 +0200 |
commit | e6d45b6d6028527079744af20dc9407a2a3867f2 (patch) | |
tree | 9f229ada0012cac216a73c442c56e8ac6f1cfe2a /reset_password.cgi | |
parent | 90a618266ecb83f138cd5d0a3ff5bf26012625e9 (diff) | |
download | bugzilla-e6d45b6d6028527079744af20dc9407a2a3867f2.tar.gz bugzilla-e6d45b6d6028527079744af20dc9407a2a3867f2.tar.xz |
Bug 1196134 - add ability for admins to force a user to change their password on next login
Diffstat (limited to 'reset_password.cgi')
-rwxr-xr-x | reset_password.cgi | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/reset_password.cgi b/reset_password.cgi new file mode 100755 index 000000000..f784afb81 --- /dev/null +++ b/reset_password.cgi @@ -0,0 +1,72 @@ +#!/usr/bin/perl -wT + +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# This Source Code Form is "Incompatible With Secondary Licenses", as +# defined by the Mozilla Public License, v. 2.0. + +use strict; + +use lib qw(. lib); + +use Bugzilla; +use Bugzilla::Constants; +use Bugzilla::Error; +use Bugzilla::Token; +use Bugzilla::User qw( validate_password ); +use Bugzilla::Util qw( bz_crypt ); + +my $cgi = Bugzilla->cgi; +my $user = Bugzilla->login(LOGIN_REQUIRED); +my $template = Bugzilla->template; +my $dbh = Bugzilla->dbh; + +if ($cgi->param('do_save')) { + my $token = $cgi->param('token'); + check_token_data($token, 'reset_password'); + + my $old_password = $cgi->param('old_password') // ''; + my $password_1 = $cgi->param('new_password1') // ''; + my $password_2 = $cgi->param('new_password2') // ''; + + # make sure passwords never show up in the UI + foreach my $field (qw( old_password new_password1 new_password2 )) { + $cgi->delete($field); + } + + # validation + my $old_crypt_password = $user->cryptpassword; + if (bz_crypt($old_password, $old_crypt_password) ne $old_crypt_password) { + ThrowUserError('old_password_incorrect'); + } + if ($password_1 eq '' || $password_2 eq '') { + ThrowUserError('new_password_missing'); + } + if ($old_password eq $password_1) { + ThrowUserError('new_password_same'); + } + validate_password($password_1, $password_2); + + # update + $dbh->bz_start_transaction; + $user->set_password($password_1); + $user->update({ keep_session => 1, keep_tokens => 1 }); + Bugzilla->logout(LOGOUT_KEEP_CURRENT); + delete_token($token); + $dbh->bz_commit_transaction; + + # done + print $cgi->header(); + $template->process('index.html.tmpl', { message => 'password_changed' }) + || ThrowTemplateError($template->error()); +} + +else { + my $token = issue_session_token('reset_password'); + + print $cgi->header(); + $template->process('account/reset-password.html.tmpl', { token => $token }) + || ThrowTemplateError($template->error()); +} |