summaryrefslogtreecommitdiffstats
path: root/reset_password.cgi
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-08-25 07:40:13 +0200
committerByron Jones <glob@mozilla.com>2015-08-25 07:40:13 +0200
commite6d45b6d6028527079744af20dc9407a2a3867f2 (patch)
tree9f229ada0012cac216a73c442c56e8ac6f1cfe2a /reset_password.cgi
parent90a618266ecb83f138cd5d0a3ff5bf26012625e9 (diff)
downloadbugzilla-e6d45b6d6028527079744af20dc9407a2a3867f2.tar.gz
bugzilla-e6d45b6d6028527079744af20dc9407a2a3867f2.tar.xz
Bug 1196134 - add ability for admins to force a user to change their password on next login
Diffstat (limited to 'reset_password.cgi')
-rwxr-xr-xreset_password.cgi72
1 files changed, 72 insertions, 0 deletions
diff --git a/reset_password.cgi b/reset_password.cgi
new file mode 100755
index 000000000..f784afb81
--- /dev/null
+++ b/reset_password.cgi
@@ -0,0 +1,72 @@
+#!/usr/bin/perl -wT
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# This Source Code Form is "Incompatible With Secondary Licenses", as
+# defined by the Mozilla Public License, v. 2.0.
+
+use strict;
+
+use lib qw(. lib);
+
+use Bugzilla;
+use Bugzilla::Constants;
+use Bugzilla::Error;
+use Bugzilla::Token;
+use Bugzilla::User qw( validate_password );
+use Bugzilla::Util qw( bz_crypt );
+
+my $cgi = Bugzilla->cgi;
+my $user = Bugzilla->login(LOGIN_REQUIRED);
+my $template = Bugzilla->template;
+my $dbh = Bugzilla->dbh;
+
+if ($cgi->param('do_save')) {
+ my $token = $cgi->param('token');
+ check_token_data($token, 'reset_password');
+
+ my $old_password = $cgi->param('old_password') // '';
+ my $password_1 = $cgi->param('new_password1') // '';
+ my $password_2 = $cgi->param('new_password2') // '';
+
+ # make sure passwords never show up in the UI
+ foreach my $field (qw( old_password new_password1 new_password2 )) {
+ $cgi->delete($field);
+ }
+
+ # validation
+ my $old_crypt_password = $user->cryptpassword;
+ if (bz_crypt($old_password, $old_crypt_password) ne $old_crypt_password) {
+ ThrowUserError('old_password_incorrect');
+ }
+ if ($password_1 eq '' || $password_2 eq '') {
+ ThrowUserError('new_password_missing');
+ }
+ if ($old_password eq $password_1) {
+ ThrowUserError('new_password_same');
+ }
+ validate_password($password_1, $password_2);
+
+ # update
+ $dbh->bz_start_transaction;
+ $user->set_password($password_1);
+ $user->update({ keep_session => 1, keep_tokens => 1 });
+ Bugzilla->logout(LOGOUT_KEEP_CURRENT);
+ delete_token($token);
+ $dbh->bz_commit_transaction;
+
+ # done
+ print $cgi->header();
+ $template->process('index.html.tmpl', { message => 'password_changed' })
+ || ThrowTemplateError($template->error());
+}
+
+else {
+ my $token = issue_session_token('reset_password');
+
+ print $cgi->header();
+ $template->process('account/reset-password.html.tmpl', { token => $token })
+ || ThrowTemplateError($template->error());
+}